Solved I'm infected

N

Ninny

Posts: 36   +0
Hi Guys, been reading various tips for trying to get rid of whatever I have and it's been to no avail.

BACK STORY several months ago I turned my laptop on having not used it for a few months and found that Google Chrome wouldn't open and it was very laggy, I asked my ex to take a look at it as he was supposed to be good with computers, he kept it for 2 months before returning it to me saying it now worked and it had been upgraded from Win 7 to Win 10. I used my laptop for a few weeks and found it to be very laggy, I assumed it was because I wasn't compatible with Win 10, and decided to try and delete my old files etc and clear up some space and see how it went. On the day I decided to do that, Google Chrome and IE went back to their old tricks of not opening, the only browser I can use is Opera (all hail Opera) but it's very slow and frequently crashes. I am also now in a position where many of my programs don't open e.g. multiple anti virus, sage accounts etc - I was going to open my programs, get my product key and wipe, but I can't open them to get this.

So I have managed to run Avast antivirus software, it comes back and tells me some files couldn't be scanned. 0 infections but when I checked quarantine, there are 2 win32 evo-gen files in there from 2 hours ago?
In addition to running that and Farbar recovery, (based on other Google searches I made before coming here) I have .txt files from RKILL, Hijackthis and RogueKiller. Roguekiller and Malwarebytes both tell me they have found things and fixed them but when I restart the items are back again.

Also I can't seem to start in Safe Mode and I keep getting a Microsoft critical error pop up relating to Cortina and the Start Menu but I can ignore that and continue using the laptop (for now)

ADDITION and FRST pasted in comments as too many characters
 
FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Red Ninja (administrator) on REDNINJA-PC (14-01-2016 10:23:48)
Running from C:\Users\Red Ninja\Desktop
Loaded Profiles: Red Ninja (Available Profiles: Red Ninja)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Intel Corporation) C:\WINDOWS\System32\igfxext.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_YATIMDE.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dropbox, Inc.) C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\WINDOWS\System32\Taskmgr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
() C:\Users\Red Ninja\Desktop\RogueKiller.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-11] (AVAST Software)
HKLM-x32\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [Dropbox Update] => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\RunOnce: [Uninstall C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\RunOnce: [Uninstall C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-26] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-07-17]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-07-17]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Limited.)
Startup: C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{19c76ff2-eee4-444f-b8a3-4e4ed586daba}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000 -> DefaultScope Yahoo! URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
SearchScopes: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000 -> Yahoo! URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-26] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-26] (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-10] (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-03] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-04-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-24]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-12] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN35706755081256014&ctid=CT3272810&SearchSource=48","hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-25]
CHR Extension: (Pin It Button) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-10-04]
CHR Extension: (Tumblr Dashboard) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco [2014-03-02]
CHR Extension: (Pinterest ™ ) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldekkfiehnegbjkcmalkfcgfecambndd [2014-04-08]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2013-07-30]
CHR Extension: (Colorblendy) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngmafdcpeeloikhhabijcnddgildokk [2014-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-26] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-26] (Avast Software)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-08] (Avira Operations GmbH & Co. KG)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-12] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2011-07-28] (Sage (UK) Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-26] (AVAST Software)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-26] (AVAST Software)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [30848 2016-01-14] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-26] (Avast Software)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 aspnet_state; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 10:23 - 2016-01-14 10:24 - 00021130 _____ C:\Users\Red Ninja\Desktop\FRST.txt
2016-01-14 10:21 - 2016-01-14 10:23 - 00000000 ____D C:\FRST
2016-01-14 09:17 - 2016-01-14 09:17 - 00016148 _____ C:\WINDOWS\system32\REDNINJA-PC_Red Ninja_HistoryPrediction.bin
2016-01-14 08:42 - 2016-01-14 08:42 - 02370560 _____ (Farbar) C:\Users\Red Ninja\Desktop\FRST64.exe
2016-01-14 08:37 - 2016-01-14 08:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\Red Ninja\Desktop\HijackThis.exe
2016-01-14 08:36 - 2016-01-14 08:36 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Red Ninja\Desktop\rkill.exe
2016-01-14 00:57 - 2015-12-03 15:24 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-01-14 00:57 - 2015-12-03 15:24 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-01-14 00:57 - 2015-12-03 15:24 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-01-14 00:38 - 2016-01-14 00:38 - 00001283 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-01-14 00:37 - 2016-01-14 00:56 - 00000000 ____D C:\ProgramData\Avira
2016-01-14 00:37 - 2016-01-14 00:56 - 00000000 ____D C:\Program Files (x86)\Avira
2016-01-14 00:37 - 2016-01-14 00:37 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-14 00:37 - 2016-01-14 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-13 23:43 - 2016-01-13 23:43 - 20844104 _____ C:\Users\Red Ninja\Desktop\RogueKiller.exe
2016-01-13 23:37 - 2016-01-14 09:52 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-13 23:37 - 2016-01-13 23:55 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-13 23:34 - 2016-01-14 08:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-13 23:34 - 2016-01-13 23:34 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-13 23:34 - 2016-01-13 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-13 23:34 - 2016-01-13 23:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-13 23:34 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-13 23:34 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-13 23:34 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-13 23:26 - 2016-01-13 23:36 - 00510298 _____ C:\TDSSKiller.3.1.0.9_13.01.2016_23.26.38_log.txt
2016-01-13 23:21 - 2016-01-14 09:48 - 00110632 _____ C:\Users\Red Ninja\Desktop\Rkill.txt
2016-01-13 21:48 - 2016-01-13 21:48 - 00000000 ___HD C:\$AVG
2016-01-13 21:47 - 2016-01-13 21:47 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-13 20:18 - 2016-01-13 20:18 - 04638208 _____ (Avira Operations GmbH & Co. KG) C:\Users\Red Ninja\Downloads\avira_en_av_56953fb51e5bf__adw.exe
2016-01-10 13:58 - 2016-01-10 14:02 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\MicrosoftEdge
2016-01-06 19:06 - 2016-01-06 19:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-05 00:59 - 2016-01-14 07:46 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E16AB391-B7E5-499E-915B-CFDCBF1065AA}
2016-01-04 23:10 - 2016-01-04 23:12 - 00000000 ___HD C:\$SysReset
2016-01-04 21:20 - 2016-01-04 21:20 - 00262144 _____ C:\WINDOWS\Minidump\010416-38328-01.dmp
2016-01-04 21:20 - 2016-01-04 21:20 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-02 20:20 - 2016-01-02 20:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-29 22:34 - 2015-12-29 22:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-12-24 22:31 - 2015-12-25 21:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-24 22:30 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-24 22:28 - 2015-12-24 22:28 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\PeerDistRepub
2015-12-24 17:18 - 2016-01-14 06:20 - 00000000 ____D C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 10:21 - 2015-07-10 09:47 - 00000000 ____D C:\WINDOWS
2016-01-14 10:10 - 2015-09-13 18:10 - 00000911 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {02CCFCED-D97A-4555-8560-44DA9E5FECC8}.job
2016-01-14 09:58 - 2015-06-17 19:27 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000UA.job
2016-01-14 09:55 - 2015-01-12 15:55 - 00000911 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {2FCF42FB-33C7-494C-B464-D000B053DAB3}.job
2016-01-14 09:36 - 2013-05-28 23:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-14 08:17 - 2015-07-30 22:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-14 08:17 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-14 08:14 - 2013-07-23 23:28 - 00000000 ___RD C:\Users\Red Ninja\Dropbox
2016-01-14 08:14 - 2013-07-23 23:04 - 00000000 ____D C:\Users\Red Ninja\AppData\Roaming\Dropbox
2016-01-14 08:09 - 2015-07-30 22:40 - 00000000 ____D C:\WINDOWS\INF
2016-01-14 08:08 - 2013-06-10 18:43 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-01-14 08:08 - 2013-06-03 17:18 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-01-14 08:08 - 2012-08-21 14:39 - 00000408 _____ C:\WINDOWS\Tasks\AWC AutoSweep.job
2016-01-14 08:08 - 2012-08-21 14:32 - 00000402 _____ C:\WINDOWS\Tasks\AWC Startup.job
2016-01-14 08:06 - 2015-07-30 21:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-14 07:39 - 2015-11-16 08:56 - 00000000 ____D C:\Users\Red Ninja
2016-01-14 06:20 - 2015-11-16 10:17 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\TileDataLayer
2016-01-14 06:20 - 2015-10-04 21:53 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-01-14 06:20 - 2015-09-10 05:21 - 00000000 ____D C:\WINDOWS\ShellNew
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 __RSD C:\WINDOWS\Media
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\system32\spool
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\system32\IME
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\schemas
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\ProgramData\USOPrivate
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-14 06:20 - 2015-07-26 09:59 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-01-14 06:20 - 2015-07-26 09:59 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-01-14 06:20 - 2015-07-26 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-14 06:20 - 2015-04-22 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-14 06:20 - 2015-04-22 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-01-14 06:20 - 2015-01-12 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2016-01-14 06:20 - 2015-01-12 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-01-14 06:20 - 2014-11-18 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-14 06:20 - 2014-05-28 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BPP Learning Media
2016-01-14 06:20 - 2014-04-07 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2016-01-14 06:20 - 2014-04-07 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2016-01-14 06:20 - 2014-02-09 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BPP I-Pass
2016-01-14 06:20 - 2014-01-31 07:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-01-14 06:20 - 2013-12-13 21:34 - 00000000 ____D C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2016-01-14 06:20 - 2013-07-17 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2016-01-14 06:20 - 2013-04-30 23:48 - 00000000 ____D C:\WINDOWS\system32\SPReview
2016-01-14 06:20 - 2013-03-20 18:25 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2016-01-14 06:20 - 2012-10-31 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
2016-01-14 06:20 - 2012-08-21 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILE RECOVERY for Windows
2016-01-14 06:20 - 2012-08-21 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
2016-01-14 06:20 - 2012-08-21 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Accounts
2016-01-14 06:20 - 2012-08-21 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-14 06:20 - 2009-07-14 07:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-01-14 00:37 - 2014-03-26 13:25 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-14 00:27 - 2015-07-10 09:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2016-01-14 00:27 - 2015-06-17 19:27 - 00000882 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000Core.job
2016-01-13 22:32 - 2015-10-30 09:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-13 21:48 - 2012-08-21 11:18 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-13 21:47 - 2012-08-21 11:12 - 00000000 ____D C:\ProgramData\MFAData
2016-01-13 21:43 - 2015-09-26 20:07 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\Avg
2016-01-13 21:09 - 2015-11-16 10:03 - 00864464 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-12 18:02 - 2012-10-22 01:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-11 19:01 - 2015-11-04 18:30 - 624742124 _____ C:\WINDOWS\MEMORY.DMP
2016-01-11 07:07 - 2015-11-16 11:08 - 00002379 _____ C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-11 07:07 - 2015-11-16 11:08 - 00000000 ___RD C:\Users\Red Ninja\OneDrive
2016-01-11 06:14 - 2015-11-05 14:07 - 00024705 _____ C:\WINDOWS\diagerr.xml
2016-01-11 06:14 - 2015-11-05 14:07 - 00023123 _____ C:\WINDOWS\diagwrn.xml
2016-01-11 06:12 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\Registration
2016-01-11 06:10 - 2015-11-16 10:07 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-01-11 06:10 - 2015-09-13 18:10 - 00003406 _____ C:\WINDOWS\System32\Tasks\EPSON WF-2630 Series Update {02CCFCED-D97A-4555-8560-44DA9E5FECC8}
2016-01-11 06:10 - 2015-07-26 09:46 - 00003160 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-11 06:10 - 2015-07-02 20:44 - 00002978 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-11 06:10 - 2015-06-17 19:27 - 00003550 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000UA
2016-01-11 06:10 - 2015-06-17 19:27 - 00003278 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000Core
2016-01-11 06:10 - 2015-01-12 15:55 - 00003406 _____ C:\WINDOWS\System32\Tasks\EPSON WF-2630 Series Update {2FCF42FB-33C7-494C-B464-D000B053DAB3}
2016-01-11 06:10 - 2014-01-31 07:02 - 00003088 _____ C:\WINDOWS\System32\Tasks\UALU notificatin
2016-01-11 06:10 - 2013-06-10 18:43 - 00002306 _____ C:\WINDOWS\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv
2016-01-11 06:10 - 2013-06-03 17:18 - 00002306 _____ C:\WINDOWS\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv
2016-01-11 06:10 - 2013-05-28 23:31 - 00003088 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-11 06:10 - 2013-01-26 20:12 - 00002422 _____ C:\WINDOWS\System32\Tasks\{48727049-A671-4B3C-B80C-D278425DB8B2}
2016-01-11 06:10 - 2012-08-21 14:39 - 00002638 _____ C:\WINDOWS\System32\Tasks\AWC Update
2016-01-11 06:10 - 2012-08-21 14:39 - 00002476 _____ C:\WINDOWS\System32\Tasks\AWC AutoSweep
2016-01-11 06:10 - 2012-08-21 14:32 - 00002470 _____ C:\WINDOWS\System32\Tasks\AWC Startup
2016-01-11 06:10 - 2012-08-21 14:13 - 00002500 _____ C:\WINDOWS\System32\Tasks\{00C6EE64-6438-4131-AD25-9905D8E6E471}
2016-01-11 06:10 - 2012-08-21 13:43 - 00002402 _____ C:\WINDOWS\System32\Tasks\{4D00D516-65A4-44FF-8461-45E69AC84597}
2016-01-11 06:10 - 2012-08-21 13:43 - 00002402 _____ C:\WINDOWS\System32\Tasks\{363E6CD0-632D-4A86-B2E5-75EDD6D833F0}
2016-01-11 06:10 - 2012-08-21 13:42 - 00002400 _____ C:\WINDOWS\System32\Tasks\{0C900D10-A8D2-4900-B934-48DFCA91CAED}
2016-01-11 06:10 - 2012-08-21 11:24 - 00002160 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2016-01-11 04:19 - 2015-11-16 16:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-11 04:12 - 2015-07-10 09:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-10 15:04 - 2015-07-30 22:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-05 01:05 - 2015-10-04 21:48 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-05 00:57 - 2015-01-07 00:26 - 00000000 __SHD C:\Users\Red Ninja\AppData\Local\EmieUserList
2016-01-05 00:57 - 2015-01-07 00:26 - 00000000 __SHD C:\Users\Red Ninja\AppData\Local\EmieSiteList
2016-01-05 00:53 - 2013-07-17 13:08 - 00000091 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2016-01-02 20:23 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\rescache
2016-01-02 16:46 - 2012-08-21 13:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-02 13:46 - 2015-11-16 10:17 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\Packages
2015-12-24 17:13 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\appcompat

==================== Files in the root of some directories =======

2014-02-09 17:27 - 2014-05-25 20:18 - 0200846 _____ () C:\Program Files (x86)\RuntimeSetup.exe
2014-02-09 17:27 - 2014-05-25 20:18 - 0001068 _____ () C:\Program Files (x86)\runtimesetup.ini

Some files in TEMP:
====================
C:\Users\Red Ninja\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Red Ninja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmsonxy.dll
C:\Users\Red Ninja\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe
[2015-11-16 16:00] - [2015-11-16 16:00] - 0579072 ____A (Microsoft Corporation) C527C9231D39BF69611F5F8C80C36140

C:\WINDOWS\system32\wininit.exe
[2015-09-10 05:08] - [2015-09-10 05:08] - 0290312 ____A (Microsoft Corporation) 7718A2A9B2BFB2C8E2BAEB03310CA3FD

C:\WINDOWS\explorer.exe
[2015-09-10 05:08] - [2015-09-10 05:08] - 4532304 ____A (Microsoft Corporation) F1CBCB7FA6F3B309639AA2D4EF74469C

C:\WINDOWS\SysWOW64\explorer.exe
[2015-09-10 05:08] - [2015-09-10 05:08] - 4048808 ____A (Microsoft Corporation) B3F90790F991A5A21113B58EE50FA696

C:\WINDOWS\system32\svchost.exe
[2015-07-10 03:15] - [2015-07-10 04:40] - 0039856 ____A (Microsoft Corporation) A1AEAFC58DF7803B8AA2B09EA93C722F

C:\WINDOWS\SysWOW64\svchost.exe
[2015-07-10 03:25] - [2015-07-10 04:42] - 0035176 ____A (Microsoft Corporation) A412DEDAC6A1FF7BA06FEB3B6725495E

C:\WINDOWS\system32\services.exe
[2015-07-10 03:13] - [2015-07-10 04:35] - 0446336 ____A (Microsoft Corporation) BB3D8E1C108F7244613FF3993291A922

C:\WINDOWS\system32\User32.dll
[2015-07-10 03:16] - [2015-07-10 04:40] - 1366168 ____A (Microsoft Corporation) 75EBC59EAB1B4484FFC9B81DD5F4BE46

C:\WINDOWS\SysWOW64\User32.dll
[2015-07-10 03:27] - [2015-07-10 05:14] - 1310880 ____A (Microsoft Corporation) 729FE09CBAE7DCCBE43FA83D63A87278

C:\WINDOWS\system32\userinit.exe
[2015-07-10 03:18] - [2015-07-10 03:18] - 0030720 ____A (Microsoft Corporation) 5F6D4F12EA33BFC0F0F8CEEAC332AB2B

C:\WINDOWS\SysWOW64\userinit.exe
[2015-07-10 03:29] - [2015-07-10 03:29] - 0026112 ____A (Microsoft Corporation) A89C18F5E6D8981D5E937B325290915A

C:\WINDOWS\system32\rpcss.dll
[2015-07-10 03:20] - [2015-07-10 03:20] - 0873984 ____A (Microsoft Corporation) 5E57B9FBB4E9C43EE5B69BEE01A1819F

C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 03:14] - [2015-07-10 04:35] - 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477

C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 03:24] - [2015-07-10 04:39] - 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7

C:\WINDOWS\system32\Drivers\volsnap.sys
[2015-07-10 03:13] - [2015-07-10 04:39] - 0378720 ____A (Microsoft Corporation) 823A237D871CD652C6BFD47BECB6810A



LastRegBack: 2016-01-10 16:26

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Red Ninja (2016-01-14 10:24:50)
Running from C:\Users\Red Ninja\Desktop
Windows 10 Pro (X64) (2015-11-16 10:15:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3517353881-3169882772-1110030527-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3517353881-3169882772-1110030527-503 - Limited - Disabled)
Guest (S-1-5-21-3517353881-3169882772-1110030527-501 - Limited - Disabled)
Red Ninja (S-1-5-21-3517353881-3169882772-1110030527-1000 - Administrator - Enabled) => C:\Users\Red Ninja

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACCA F4E iPass (v1 protected) (HKLM-x32\...\{604AC861-07CC-4853-ABA4-D06F8346341E}_is1) (Version: - BPP Learning Media)
ACCA F5 Performance Management (v3.0 Protected) (HKLM-x32\...\{B8914F6F-5917-4D9B-B7F9-5F474EEA606C}_is1) (Version: - BPP Learning Media)
ACCA F9 Financial Management (v3.0 Protected) (HKLM-x32\...\{1BEC7839-3370-4062-A126-F10F9B4F3715}_is1) (Version: - BPP Learning Media)
ACCA F9 Financial Management (v3.0 Protected) (HKLM-x32\...\{1EF5A20D-3C5C-49DC-B761-66D244C6E280}_is1) (Version: - BPP Learning Media)
Accounts (x32 Version: 18.0.10.208 - Sage (UK) Ltd) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced SystemCare 3 (HKLM-x32\...\Advanced SystemCare 3_is1) (Version: 3.2.0 - IObit)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPP I-Pass ACCA Paper F5 (HKLM-x32\...\BPP I-Pass ACCA Paper F5) (Version: - )
BPP I-Pass ACCA Paper F9 (HKLM-x32\...\BPP I-Pass ACCA Paper F9) (Version: - )
BPP I-Pass FIA Paper FFA (HKLM-x32\...\BPP I-Pass FIA Paper FFA) (Version: - )
BPP I-Pass FIA Paper FMA (HKLM-x32\...\BPP I-Pass FIA Paper FMA) (Version: - )
Dropbox (HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.70.0000 - EPSON)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.201 - Seagate)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Opera 12.13 (HKLM-x32\...\Opera 12.13.1734) (Version: 12.13.1734 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Limited) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Limited)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Sage 50 Accounts 2012 (HKLM-x32\...\InstallShield_{EFC6C877-6E77-4E3B-B350-DF4F35D66B51}) (Version: 18.0.10.208 - Sage (UK) Ltd)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - )
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wondershare MobileTrans ( Version 3.5.1 ) (HKLM-x32\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 3.5.1 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {058DC27B-D0CA-4DF3-8EEC-D3ADFBE734E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0772A5EC-702D-4C61-9794-CE6596C42F97} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-26] (AVAST Software)
Task: {07C8825B-8C72-4475-8CC2-2240A60FBD3C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {14E98FB6-2CE9-4E8B-9FB3-A044080E2CE7} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1660B893-0069-47F5-A7DF-6ECE7D24301A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1BA9ACBF-0452-4725-9868-39F88AAE6637} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000Core => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {1DC58E76-DA50-4AB2-A301-1E50FC02B61E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {2134AE9C-A69F-4C2A-AA85-2BF953956D7A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {21A078C8-F852-42F0-BB2F-2924A0B3900A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {27C4E936-D43F-46CC-8E32-212260C38874} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {28690B98-00A7-4ACD-84D6-579624F181C2} - System32\Tasks\{363E6CD0-632D-4A86-B2E5-75EDD6D833F0} => pcalua.exe -a "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 7\setupx.exe" -d "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 7"
Task: {38545662-02B8-4E14-A800-F12AEDF449C8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {3D57A3DE-62D8-44A5-B4CB-5F7DADCF1D0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3EDBB5B7-BBA9-4C2B-BB72-0D6AF423009B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3F1F1EF8-BD54-4640-89C4-3B98C0891620} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {41229C21-6C08-4F82-B96C-44B5A2272A5B} - System32\Tasks\AWC Startup => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2009-02-22] (IObit)
Task: {438113FC-8B6A-4F36-8AB5-D02923873045} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {43AC8AF5-3901-42F4-A528-EA5A5D83B29C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {49F48614-0441-44A6-9955-381553629DE5} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {4BA75E2C-1AD0-48A5-8999-1BD828AAC35D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {522652DE-81E7-4207-93E9-832FCE5B9609} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {52F59C8C-BED3-42D4-B12D-50A8B919AD11} - System32\Tasks\{48727049-A671-4B3C-B80C-D278425DB8B2} => pcalua.exe -a "C:\Users\Red Ninja\Desktop\Virtual DJ Pro 7.0 (djneon)\virtualdj_pro_v7.0.exe" -d "C:\Users\Red Ninja\Desktop\Virtual DJ Pro 7.0 (djneon)"
Task: {566B9FE3-9898-4397-91A5-15B7AF09A09E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5EBDF310-CFA3-44B2-8DBA-64ABE762C7F0} - System32\Tasks\EPSON WF-2630 Series Update {02CCFCED-D97A-4555-8560-44DA9E5FECC8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {612E7DD7-C157-4D7B-99A1-15EEF5CF7714} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {62DEEE68-9F1A-4AA2-8E7E-F48D2D2E460D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {63B33B74-C7AA-4D83-9328-D0CD814F2CCA} - System32\Tasks\{4D00D516-65A4-44FF-8461-45E69AC84597} => pcalua.exe -a "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 6\setupx.exe" -d "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 6"
Task: {68580546-7C27-42CC-A037-6DCDF1EC2A52} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6AA5306B-6F98-4063-93B1-E6FFEA953192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)
Task: {6DAADAE1-91ED-4158-A367-63842CDB4158} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000UA => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {6FCDA20D-0060-4E2A-ADDA-D33971827A50} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {779D6709-95F1-4B42-80A1-B82BD81BEF5B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7B0723AB-B356-497B-A770-0B8E7DA8F8C4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7B6C8F03-DB20-47DF-A962-35A8650F032C} - System32\Tasks\AWC AutoSweep => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe
Task: {7F61345D-8C55-4C31-9053-B55F41C429B8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {87EF2DB0-AC53-4149-8B8A-401FB9F9FD11} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {97895798-85F7-40F5-8280-40C5126A51A1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {A0385A11-AF76-4D87-ADD7-0327E35EFDC4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A29038C6-AE8F-41F8-A124-C4F27E167D6E} - System32\Tasks\{00C6EE64-6438-4131-AD25-9905D8E6E471} => pcalua.exe -a "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Advanced.System.Care.Pro.2010\asc-setup.exe" -d "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Advanced.System.Care.Pro.2010"
Task: {A754AE49-5C59-46C6-9460-F2F3A08B2752} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {A837D0D4-ED4A-475C-A86D-4A1CCF9C001E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-23] (Microsoft Corporation)
Task: {AA376AC6-0B87-4A37-B6DE-4515B2DF1085} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {AD0A0418-600E-4841-B810-D82DC2F47669} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {B08414BF-6F4B-4A74-9EE4-E7E0D2F81269} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{FABE4D38-A5F8-4BBE-AFFB-DD3383C29FE4}.exe
Task: {B3F6FD79-98BE-46B9-BE22-159C02FEE56E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {B9D8F95C-157C-444F-988F-34AF752066A8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {BD9A4656-826C-4D06-BFB3-A4F06883FF15} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {BF7C2612-B489-444F-BF3C-9D28293D835C} - System32\Tasks\{0C900D10-A8D2-4900-B934-48DFCA91CAED} => pcalua.exe -a "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 7\setup.exe" -d "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 7"
Task: {C4F14524-1CF1-4676-9662-EE6859C36F1D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C616E8F0-40EA-4D63-A479-6335081BD9A8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D83291D8-1AE7-4DDA-9C73-2A7FEA823E2F} - System32\Tasks\AWC Update => C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-02-23] (IObit)
Task: {DDB8781E-9FE0-4784-84C5-7DD16551585D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {E1DC6927-086F-42E6-8EF3-B7758604C721} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {ED6D38B1-BFE3-4019-B916-04BEA2BC23E2} - System32\Tasks\EPSON WF-2630 Series Update {2FCF42FB-33C7-494C-B464-D000B053DAB3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {F83B0E02-9804-4B5E-BECC-6862BA6237BC} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{108E73B9-DC0F-4F7F-A1B8-A0733694ADD7}.exe
Task: {FACBEAB3-29F7-4D41-AAE9-DCD0B544DC28} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{FABE4D38-A5F8-4BBE-AFFB-DD3383C29FE4}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{108E73B9-DC0F-4F7F-A1B8-A0733694ADD7}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AWC AutoSweep.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe
Task: C:\WINDOWS\Tasks\AWC Startup.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
Task: C:\WINDOWS\Tasks\AWC Update.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000Core.job => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000UA.job => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {02CCFCED-D97A-4555-8560-44DA9E5FECC8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{02CCFCED-D97A-4555-8560-44DA9E5FECC8} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {2FCF42FB-33C7-494C-B464-D000B053DAB3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{2FCF42FB-33C7-494C-B464-D000B053DAB3} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-10 05:08 - 2015-09-10 05:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-10 05:08 - 2015-09-10 05:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 03:13 - 2015-07-10 03:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-13 23:43 - 2016-01-13 23:43 - 20844104 _____ () C:\Users\Red Ninja\Desktop\RogueKiller.exe
2015-07-26 09:11 - 2015-07-26 09:11 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-26 09:11 - 2015-07-26 09:11 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-13 21:04 - 2016-01-13 21:04 - 02822144 _____ () C:\Program Files\AVAST Software\Avast\defs\16011301\algo.dll
2014-01-07 02:29 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-26 09:11 - 2015-07-26 09:12 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-05-20 14:02 - 2009-05-20 14:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2012-08-21 12:22 - 2013-02-04 22:17 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Red Ninja\Pictures\sins\Seven Deadly Sins Wallpaper Set\PC\Wrath_pc.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B84A176A-F57D-4FC6-8B29-49D6DB62D5B9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{CB45BEF5-68AB-4139-9728-623CF7C2DE1B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{C7F73F64-146D-428B-A33A-28BFC494298A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{017ED033-855D-4531-9509-5F810CE2CB47}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{159C27B7-B09E-4808-8901-46AD9B267AA0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{000B5B32-DC30-4FB5-A98E-C8B615D4100D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{94C08162-16B5-4C2C-B452-0E3A702DBAE2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CE6D0C06-6781-4133-ABB6-5170FCEEC8E2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0F84176C-B55B-473B-8B49-53A7BA2D6FE4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2F4FC4A4-458B-4A06-9326-A89C0EAC9CF1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E19C8A27-ACA1-4ECE-A4AF-8EBB65E95FBC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{4629F32D-4F0D-4C85-B3F9-0D50225253B9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{61C3D12C-43C8-4545-A22C-F5CD0328B587}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EEA5C9CD-8EC8-44A6-B9D9-1DEE8F24A58E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{6DD1487E-325F-40AE-98C8-FBAB2EE8A621}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{24718AAE-D6D4-4854-884D-59757F0B1D50}] => (Allow) C:\Users\Red Ninja\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{7CB38587-B97E-4292-92B8-175ECD1B0B44}] => (Allow) C:\Users\Red Ninja\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [UDP Query User{60DE3C61-D23A-4DC9-83B0-712E3B630E5A}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [TCP Query User{1A89D7CF-5C9E-422F-A697-C0CE26921170}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [{9A241B1C-2EDB-45B3-B535-91F099742EA9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{CEE4D559-1412-4D62-91B6-FD97ED88BAC2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{E77812C8-5E63-4BF5-960B-784EFF33F94D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{7319827C-5FA1-46EB-9661-A3023C3EE6B3}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [UDP Query User{8F95920A-2F8F-43DB-A413-F17E974A7EB9}C:\users\red ninja\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\red ninja\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{4AFD3F7F-4A87-43E6-B8E9-B41592E21E99}C:\users\red ninja\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\red ninja\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B81C36E3-2CA1-479E-AF37-95971F4816AB}] => (Allow) C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2657ACD6-E560-4243-9CD1-C5CBD829385D}] => (Allow) C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5D078EF5-93EF-4E44-987F-FEAC10201C96}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E6516210-7B66-49ED-903C-065F4FA5A8F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{273C45A3-5EE2-4CD5-AC23-578A40A446F1}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{1F48731E-E869-4FE2-BD7C-9F9D1431F1CA}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [UDP Query User{8CAEBED8-5222-4714-A5FF-6BB011C80BF2}C:\users\red ninja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\red ninja\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{385130AD-B31D-48D2-8981-656AE7B2FC0C}C:\users\red ninja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\red ninja\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8FE81E9A-357D-41EC-8796-F78AFB2231E8}C:\users\red ninja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\red ninja\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C0E9283F-B2C4-4172-9B4C-BC46F71447E3}C:\users\red ninja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\red ninja\appdata\roaming\spotify\spotify.exe
FirewallRules: [{074CF73D-20DC-47FC-B9B3-3FCBC6285DE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{883FBBF7-96BA-428A-8B4E-C7AD433106F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC973248-8EF9-46CB-A5B3-F14AD0A7AD63}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3730D328-171A-4507-9445-07B0F7957F82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A33EDFE7-023A-4799-A008-7BF66658D352}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{3F1FC168-8CB9-4B79-B425-640382920B57}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{B8AB63D7-B668-4476-9761-A1FFF03DE8DD}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{038F0CD1-21E8-40FC-B20F-0FE685DF8AEB}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{624AC624-63A6-4960-81FE-896BE3161210}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{42B752B9-2D1E-4FC7-8FF5-7A914F870817}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{2835CD27-8B52-461F-B849-8A8D3E0525E8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{3B01D5BF-6930-4AB3-80A5-23B26EE54E5F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{F0D5CFAF-DED8-4B8F-8A14-94BE36C9A50D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{9062565B-06E1-4CBC-8447-358A5227C4E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{A5E070B5-6FEA-41EC-AB82-DBF683CE2562}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{57D60C18-FB54-4D39-BB30-315E42F9505C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2016 10:20:56 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/14/2016 10:20:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CryptSvc, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: bcryptPrimitives.dll, version: 10.0.10240.16384, time stamp: 0x559f399b
Exception code: 0xc0000006
Fault offset: 0x000000000001cd30
Faulting process id: 0x1978
Faulting application start time: 0xsvchost.exe_CryptSvc0
Faulting application path: svchost.exe_CryptSvc1
Faulting module path: svchost.exe_CryptSvc2
Report Id: svchost.exe_CryptSvc3
Faulting package full name: svchost.exe_CryptSvc4
Faulting package-relative application ID: svchost.exe_CryptSvc5

Error: (01/14/2016 09:49:34 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/14/2016 09:49:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CryptSvc, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: bcryptPrimitives.dll, version: 10.0.10240.16384, time stamp: 0x559f399b
Exception code: 0xc0000006
Fault offset: 0x000000000001cd30
Faulting process id: 0x1a7c
Faulting application start time: 0xsvchost.exe_CryptSvc0
Faulting application path: svchost.exe_CryptSvc1
Faulting module path: svchost.exe_CryptSvc2
Report Id: svchost.exe_CryptSvc3
Faulting package full name: svchost.exe_CryptSvc4
Faulting package-relative application ID: svchost.exe_CryptSvc5

Error: (01/14/2016 09:39:26 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/14/2016 09:39:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CryptSvc, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: bcryptPrimitives.dll, version: 10.0.10240.16384, time stamp: 0x559f399b
Exception code: 0xc0000006
Fault offset: 0x000000000001cd30
Faulting process id: 0x1930
Faulting application start time: 0xsvchost.exe_CryptSvc0
Faulting application path: svchost.exe_CryptSvc1
Faulting module path: svchost.exe_CryptSvc2
Report Id: svchost.exe_CryptSvc3
Faulting package full name: svchost.exe_CryptSvc4
Faulting package-relative application ID: svchost.exe_CryptSvc5

Error: (01/14/2016 09:28:50 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/14/2016 09:28:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CryptSvc, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: bcryptPrimitives.dll, version: 10.0.10240.16384, time stamp: 0x559f399b
Exception code: 0xc0000006
Fault offset: 0x000000000001cd30
Faulting process id: 0x10a8
Faulting application start time: 0xsvchost.exe_CryptSvc0
Faulting application path: svchost.exe_CryptSvc1
Faulting module path: svchost.exe_CryptSvc2
Report Id: svchost.exe_CryptSvc3
Faulting package full name: svchost.exe_CryptSvc4
Faulting package-relative application ID: svchost.exe_CryptSvc5

Error: (01/14/2016 09:28:21 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/14/2016 09:28:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CryptSvc, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: bcryptPrimitives.dll, version: 10.0.10240.16384, time stamp: 0x559f399b
Exception code: 0xc0000006
Fault offset: 0x000000000001cd30
Faulting process id: 0x1bd4
Faulting application start time: 0xsvchost.exe_CryptSvc0
Faulting application path: svchost.exe_CryptSvc1
Faulting module path: svchost.exe_CryptSvc2
Report Id: svchost.exe_CryptSvc3
Faulting package full name: svchost.exe_CryptSvc4
Faulting package-relative application ID: svchost.exe_CryptSvc5


System errors:
=============
Error: (01/14/2016 10:21:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 14 time(s).

Error: (01/14/2016 10:21:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cryptographic Services service terminated unexpectedly. It has done this 14 time(s).

Error: (01/14/2016 10:21:06 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/14/2016 10:21:04 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/14/2016 10:21:01 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/14/2016 10:20:58 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/14/2016 10:20:55 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/14/2016 10:20:52 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/14/2016 10:20:50 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/14/2016 10:20:47 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
Date: 2016-01-02 18:27:04.922
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:26:14.577
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:25:11.342
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:24:05.096
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:23:04.651
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:22:00.950
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:20:54.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:19:59.593
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-25 22:56:29.510
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-25 22:55:24.951
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 47%
Total physical RAM: 5814.75 MB
Available physical RAM: 3072.52 MB
Total Virtual: 11702.75 MB
Available Virtual: 9303.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.1 GB) (Free:638.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A2A70F14)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
  • Like
Reactions: Ninny
Howdy! thank you so much for looking at my thread and your assistance.

Roguekiller - should point out that I have previously run this and deleted whatever it found but I didn't save the txt file (I thought I had)

RogueKiller V11.0.7.0 [Jan 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Red Ninja [Administrator]
Started from : C:\Users\Red Ninja\Desktop\RogueKiller.exe
Mode : Delete -- Date : 01/15/2016 23:49:20

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-00HXZT3 ATA Device +++++
--- User ---
[MBR] 3efbca3b06519d1c4488565f88b836d1
[BSP] 520f37c9d30f39d40dc4880390bd30ae : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 714852 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1464223744 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
Malwarebytes - I should point out that I did previously run this and it put items in quarantine, I have that text file also if you would like?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/15/2016
Scan Time: 11:51 PM
Logfile: mal2.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.14.02
Rootkit Database: v2016.01.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Red Ninja

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377695
Time Elapsed: 27 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
Adware cleaner - first time I ran this
# AdwCleaner v5.029 - Logfile created 16/01/2016 at 00:27:41
# Updated 11/01/2016 by Xplode
# Database : 2016-01-11.2 [Local]
# Operating system : Windows 10 Pro (x64)
# Username : Red Ninja - REDNINJA-PC
# Running from : C:\Users\Red Ninja\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\Users\Red Ninja\AppData\Local\SwvUpdater
[-] Folder Deleted : C:\Users\Red Ninja\AppData\LocalLow\Browse2Save
[-] Folder Deleted : C:\Users\Red Ninja\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Red Ninja\AppData\Roaming\SendSpace

***** [ Files ] *****

[-] File Deleted : C:\END

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKCU\Software\IGearSettings
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\SP Global
[-] Key Deleted : HKLM\SOFTWARE\Webexp Enhanced
[-] Key Deleted : HKLM\SOFTWARE\Better Surf Plus
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

***** [ Web browsers ] *****

[-] [C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.conduit.com/?CUI=UN35706755081256014&ctid=CT3272810&SearchSource=48
[-] [C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dedmngkbaffkenlfdcbganndoghblmap
[-] [C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mmifolfpllfdhilecpdpmemhelmanajl
[-] [C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ocoombckbcnabpaghmokhaapnbngahck
[-] [C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : poheodfamflhhhdcmjfeggbgigeefaco

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4944 bytes] ##########
 
JRT - Also the first time I ran this.


thanks once again for your assistance.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Pro x64
Ran by Red Ninja (Administrator) on Sat 01/16/2016 at 0:37:35.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Red Ninja\AppData\Local\cre (Folder)
Successfully deleted: C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic (Folder)
Successfully deleted: C:\Users\Red Ninja\AppData\Roaming\pdfforge (Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/16/2016 at 0:39:55.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Ok done:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Red Ninja (administrator) on REDNINJA-PC (17-01-2016 10:58:57)
Running from C:\Users\Red Ninja\Desktop
Loaded Profiles: Red Ninja (Available Profiles: Red Ninja)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\WINDOWS\System32\igfxext.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dropbox, Inc.) C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-16] (AVAST Software)
HKLM-x32\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [Dropbox Update] => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\RunOnce: [Uninstall C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\RunOnce: [Uninstall C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-16] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-07-17]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-07-17]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Limited.)
Startup: C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{19c76ff2-eee4-444f-b8a3-4e4ed586daba}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
SearchScopes: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000 -> DefaultScope Yahoo! URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
SearchScopes: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000 -> Yahoo! URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-16] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-16] (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-10] (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-03] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-04-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-16]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-25]
CHR Extension: (Tumblr Dashboard) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco [2014-03-02]
CHR Extension: (Pinterest ™ ) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldekkfiehnegbjkcmalkfcgfecambndd [2014-04-08]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2013-07-30]
CHR Extension: (Colorblendy) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngmafdcpeeloikhhabijcnddgildokk [2014-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-16] (AVAST Software)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-08] (Avira Operations GmbH & Co. KG)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-12] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2011-07-28] (Sage (UK) Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-16] (AVAST Software)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [30848 2016-01-15] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 aspnet_state; no ImagePath
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-17 10:55 - 2016-01-17 10:55 - 00016148 _____ C:\WINDOWS\system32\REDNINJA-PC_Red Ninja_HistoryPrediction.bin
2016-01-16 14:38 - 2016-01-16 14:38 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-01-16 14:37 - 2016-01-16 14:37 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-01-16 14:37 - 2016-01-16 14:37 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-01-16 14:31 - 2016-01-16 14:31 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\CrashDumps
2016-01-16 00:39 - 2016-01-16 00:39 - 00001063 _____ C:\Users\Red Ninja\Desktop\JRT.txt
2016-01-16 00:34 - 2016-01-16 00:34 - 00005035 _____ C:\Users\Red Ninja\Desktop\AdwCleaner[C1].txt
2016-01-16 00:23 - 2016-01-16 00:27 - 00000000 ____D C:\AdwCleaner
2016-01-16 00:20 - 2016-01-16 00:20 - 00002986 _____ C:\Users\Red Ninja\Desktop\rk_1B33.tmp.txt
2016-01-16 00:20 - 2016-01-16 00:20 - 00001040 _____ C:\Users\Red Ninja\Desktop\mal2.txt
2016-01-15 23:51 - 2016-01-15 23:51 - 00001037 _____ C:\mal.txt
2016-01-15 23:12 - 2016-01-15 23:12 - 01600184 _____ (Malwarebytes) C:\Users\Red Ninja\Desktop\JRT.exe
2016-01-15 23:01 - 2016-01-15 23:01 - 01754112 _____ C:\Users\Red Ninja\Desktop\AdwCleaner.exe
2016-01-14 10:24 - 2016-01-14 10:26 - 00057272 _____ C:\Users\Red Ninja\Desktop\Addition.txt
2016-01-14 10:23 - 2016-01-17 10:59 - 00020380 _____ C:\Users\Red Ninja\Desktop\FRST.txt
2016-01-14 10:21 - 2016-01-17 10:58 - 00000000 ____D C:\FRST
2016-01-14 08:42 - 2016-01-14 08:42 - 02370560 _____ (Farbar) C:\Users\Red Ninja\Desktop\FRST64.exe
2016-01-14 08:37 - 2016-01-14 08:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\Red Ninja\Desktop\HijackThis.exe
2016-01-14 08:36 - 2016-01-14 08:36 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Red Ninja\Desktop\rkill.exe
2016-01-14 00:57 - 2015-12-03 15:24 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-01-14 00:57 - 2015-12-03 15:24 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-01-14 00:57 - 2015-12-03 15:24 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-01-14 00:38 - 2016-01-14 00:38 - 00001283 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-01-14 00:37 - 2016-01-14 00:56 - 00000000 ____D C:\ProgramData\Avira
2016-01-14 00:37 - 2016-01-14 00:56 - 00000000 ____D C:\Program Files (x86)\Avira
2016-01-14 00:37 - 2016-01-14 00:37 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-14 00:37 - 2016-01-14 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-13 23:43 - 2016-01-13 23:43 - 20844104 _____ C:\Users\Red Ninja\Desktop\RogueKiller.exe
2016-01-13 23:37 - 2016-01-15 23:15 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-13 23:37 - 2016-01-13 23:55 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-13 23:34 - 2016-01-17 10:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-13 23:34 - 2016-01-13 23:34 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-13 23:34 - 2016-01-13 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-13 23:34 - 2016-01-13 23:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-13 23:34 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-13 23:34 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-13 23:34 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-13 23:26 - 2016-01-13 23:36 - 00510298 _____ C:\TDSSKiller.3.1.0.9_13.01.2016_23.26.38_log.txt
2016-01-13 23:21 - 2016-01-14 09:48 - 00110632 _____ C:\Users\Red Ninja\Desktop\Rkill.txt
2016-01-13 21:48 - 2016-01-13 21:48 - 00000000 ___HD C:\$AVG
2016-01-13 21:47 - 2016-01-13 21:47 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-13 20:18 - 2016-01-13 20:18 - 04638208 _____ (Avira Operations GmbH & Co. KG) C:\Users\Red Ninja\Downloads\avira_en_av_56953fb51e5bf__adw.exe
2016-01-10 13:58 - 2016-01-10 14:02 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\MicrosoftEdge
2016-01-06 19:06 - 2016-01-06 19:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-05 00:59 - 2016-01-16 13:14 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E16AB391-B7E5-499E-915B-CFDCBF1065AA}
2016-01-04 23:10 - 2016-01-04 23:12 - 00000000 ___HD C:\$SysReset
2016-01-04 21:20 - 2016-01-04 21:20 - 00262144 _____ C:\WINDOWS\Minidump\010416-38328-01.dmp
2016-01-04 21:20 - 2016-01-04 21:20 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-02 20:20 - 2016-01-02 20:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-29 22:34 - 2015-12-29 22:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-12-24 22:31 - 2015-12-25 21:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-24 22:30 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-24 22:28 - 2015-12-24 22:28 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\PeerDistRepub
2015-12-24 17:18 - 2016-01-14 06:20 - 00000000 ____D C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-17 10:58 - 2015-06-17 19:27 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000UA.job
2016-01-17 10:55 - 2015-11-16 08:56 - 00000000 ____D C:\Users\Red Ninja
2016-01-17 10:55 - 2012-08-21 14:39 - 00000408 _____ C:\WINDOWS\Tasks\AWC AutoSweep.job
2016-01-17 10:55 - 2012-08-21 14:32 - 00000402 _____ C:\WINDOWS\Tasks\AWC Startup.job
2016-01-16 17:10 - 2015-09-13 18:10 - 00000911 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {02CCFCED-D97A-4555-8560-44DA9E5FECC8}.job
2016-01-16 16:55 - 2015-01-12 15:55 - 00000911 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {2FCF42FB-33C7-494C-B464-D000B053DAB3}.job
2016-01-16 16:36 - 2013-05-28 23:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-16 15:43 - 2015-07-30 22:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-16 15:38 - 2015-07-30 22:40 - 00000000 ____D C:\WINDOWS\INF
2016-01-16 15:38 - 2014-03-26 13:25 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-16 15:34 - 2015-07-30 21:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-16 15:03 - 2013-07-23 23:28 - 00000000 ___RD C:\Users\Red Ninja\Dropbox
2016-01-16 15:02 - 2013-07-23 23:04 - 00000000 ____D C:\Users\Red Ninja\AppData\Roaming\Dropbox
2016-01-16 14:40 - 2015-07-10 09:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2016-01-16 14:38 - 2013-12-12 00:16 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-01-16 14:38 - 2013-12-12 00:16 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2016-01-16 14:37 - 2015-07-26 09:46 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-16 14:37 - 2015-07-10 09:47 - 00000000 ____D C:\WINDOWS
2016-01-16 14:37 - 2014-08-15 12:34 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-01-16 14:37 - 2014-02-27 21:08 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-01-16 14:37 - 2013-12-12 00:16 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-01-16 14:37 - 2013-12-12 00:16 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-01-16 14:37 - 2013-12-12 00:16 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-01-16 14:37 - 2013-12-12 00:16 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-01-16 13:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-16 00:29 - 2015-06-17 19:27 - 00000882 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000Core.job
2016-01-14 08:17 - 2015-07-30 22:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-14 06:20 - 2015-11-16 10:17 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\TileDataLayer
2016-01-14 06:20 - 2015-10-04 21:53 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-01-14 06:20 - 2015-09-10 05:21 - 00000000 ____D C:\WINDOWS\ShellNew
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 __RSD C:\WINDOWS\Media
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\system32\spool
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\system32\IME
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\schemas
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\ProgramData\USOPrivate
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-14 06:20 - 2015-07-26 09:59 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-01-14 06:20 - 2015-07-26 09:59 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-01-14 06:20 - 2015-07-26 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-14 06:20 - 2015-04-22 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-14 06:20 - 2015-04-22 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-01-14 06:20 - 2015-01-12 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2016-01-14 06:20 - 2015-01-12 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-01-14 06:20 - 2014-11-18 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-14 06:20 - 2014-05-28 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BPP Learning Media
2016-01-14 06:20 - 2014-04-07 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2016-01-14 06:20 - 2014-04-07 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2016-01-14 06:20 - 2014-02-09 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BPP I-Pass
2016-01-14 06:20 - 2014-01-31 07:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-01-14 06:20 - 2013-12-13 21:34 - 00000000 ____D C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2016-01-14 06:20 - 2013-07-17 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2016-01-14 06:20 - 2013-04-30 23:48 - 00000000 ____D C:\WINDOWS\system32\SPReview
2016-01-14 06:20 - 2013-03-20 18:25 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2016-01-14 06:20 - 2012-10-31 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
2016-01-14 06:20 - 2012-08-21 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILE RECOVERY for Windows
2016-01-14 06:20 - 2012-08-21 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
2016-01-14 06:20 - 2012-08-21 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Accounts
2016-01-14 06:20 - 2012-08-21 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-14 06:20 - 2009-07-14 07:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-01-13 22:32 - 2015-10-30 09:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-13 21:48 - 2012-08-21 11:18 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-13 21:47 - 2012-08-21 11:12 - 00000000 ____D C:\ProgramData\MFAData
2016-01-13 21:43 - 2015-09-26 20:07 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\Avg
2016-01-13 21:09 - 2015-11-16 10:03 - 00864464 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-12 18:02 - 2012-10-22 01:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-11 19:01 - 2015-11-04 18:30 - 624742124 _____ C:\WINDOWS\MEMORY.DMP
2016-01-11 07:07 - 2015-11-16 11:08 - 00002379 _____ C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-11 07:07 - 2015-11-16 11:08 - 00000000 ___RD C:\Users\Red Ninja\OneDrive
2016-01-11 06:14 - 2015-11-05 14:07 - 00024705 _____ C:\WINDOWS\diagerr.xml
2016-01-11 06:14 - 2015-11-05 14:07 - 00023123 _____ C:\WINDOWS\diagwrn.xml
2016-01-11 06:12 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\Registration
2016-01-11 06:10 - 2015-11-16 10:07 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-01-11 06:10 - 2015-09-13 18:10 - 00003406 _____ C:\WINDOWS\System32\Tasks\EPSON WF-2630 Series Update {02CCFCED-D97A-4555-8560-44DA9E5FECC8}
2016-01-11 06:10 - 2015-07-02 20:44 - 00002978 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-11 06:10 - 2015-06-17 19:27 - 00003550 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000UA
2016-01-11 06:10 - 2015-06-17 19:27 - 00003278 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000Core
2016-01-11 06:10 - 2015-01-12 15:55 - 00003406 _____ C:\WINDOWS\System32\Tasks\EPSON WF-2630 Series Update {2FCF42FB-33C7-494C-B464-D000B053DAB3}
2016-01-11 06:10 - 2014-01-31 07:02 - 00003088 _____ C:\WINDOWS\System32\Tasks\UALU notificatin
2016-01-11 06:10 - 2013-05-28 23:31 - 00003088 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-11 06:10 - 2013-01-26 20:12 - 00002422 _____ C:\WINDOWS\System32\Tasks\{48727049-A671-4B3C-B80C-D278425DB8B2}
2016-01-11 06:10 - 2012-08-21 14:39 - 00002638 _____ C:\WINDOWS\System32\Tasks\AWC Update
2016-01-11 06:10 - 2012-08-21 14:39 - 00002476 _____ C:\WINDOWS\System32\Tasks\AWC AutoSweep
2016-01-11 06:10 - 2012-08-21 14:32 - 00002470 _____ C:\WINDOWS\System32\Tasks\AWC Startup
2016-01-11 06:10 - 2012-08-21 14:13 - 00002500 _____ C:\WINDOWS\System32\Tasks\{00C6EE64-6438-4131-AD25-9905D8E6E471}
2016-01-11 06:10 - 2012-08-21 13:43 - 00002402 _____ C:\WINDOWS\System32\Tasks\{4D00D516-65A4-44FF-8461-45E69AC84597}
2016-01-11 06:10 - 2012-08-21 13:43 - 00002402 _____ C:\WINDOWS\System32\Tasks\{363E6CD0-632D-4A86-B2E5-75EDD6D833F0}
2016-01-11 06:10 - 2012-08-21 13:42 - 00002400 _____ C:\WINDOWS\System32\Tasks\{0C900D10-A8D2-4900-B934-48DFCA91CAED}
2016-01-11 06:10 - 2012-08-21 11:24 - 00002160 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2016-01-11 04:19 - 2015-11-16 16:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-11 04:12 - 2015-07-10 09:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-05 01:05 - 2015-10-04 21:48 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-05 00:57 - 2015-01-07 00:26 - 00000000 __SHD C:\Users\Red Ninja\AppData\Local\EmieUserList
2016-01-05 00:57 - 2015-01-07 00:26 - 00000000 __SHD C:\Users\Red Ninja\AppData\Local\EmieSiteList
2016-01-05 00:53 - 2013-07-17 13:08 - 00000091 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2016-01-02 20:23 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\rescache
2016-01-02 16:46 - 2012-08-21 13:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-02 13:46 - 2015-11-16 10:17 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\Packages
2015-12-24 17:13 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\appcompat

==================== Files in the root of some directories =======

2014-02-09 17:27 - 2014-05-25 20:18 - 0200846 _____ () C:\Program Files (x86)\RuntimeSetup.exe
2014-02-09 17:27 - 2014-05-25 20:18 - 0001068 _____ () C:\Program Files (x86)\runtimesetup.ini

Some files in TEMP:
====================
C:\Users\Red Ninja\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Red Ninja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmsonxy.dll
C:\Users\Red Ninja\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Red Ninja\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe
[2015-11-16 16:00] - [2015-11-16 16:00] - 0579072 ____A (Microsoft Corporation) C527C9231D39BF69611F5F8C80C36140

C:\WINDOWS\system32\wininit.exe
[2015-09-10 05:08] - [2015-09-10 05:08] - 0290312 ____A (Microsoft Corporation) 7718A2A9B2BFB2C8E2BAEB03310CA3FD

C:\WINDOWS\explorer.exe
[2015-09-10 05:08] - [2015-09-10 05:08] - 4532304 ____A (Microsoft Corporation) F1CBCB7FA6F3B309639AA2D4EF74469C

C:\WINDOWS\SysWOW64\explorer.exe
[2015-09-10 05:08] - [2015-09-10 05:08] - 4048808 ____A (Microsoft Corporation) B3F90790F991A5A21113B58EE50FA696

C:\WINDOWS\system32\svchost.exe
[2015-07-10 03:15] - [2015-07-10 04:40] - 0039856 ____A (Microsoft Corporation) A1AEAFC58DF7803B8AA2B09EA93C722F

C:\WINDOWS\SysWOW64\svchost.exe
[2015-07-10 03:25] - [2015-07-10 04:42] - 0035176 ____A (Microsoft Corporation) A412DEDAC6A1FF7BA06FEB3B6725495E

C:\WINDOWS\system32\services.exe
[2015-07-10 03:13] - [2015-07-10 04:35] - 0446336 ____A (Microsoft Corporation) BB3D8E1C108F7244613FF3993291A922

C:\WINDOWS\system32\User32.dll
[2015-07-10 03:16] - [2015-07-10 04:40] - 1366168 ____A (Microsoft Corporation) 75EBC59EAB1B4484FFC9B81DD5F4BE46

C:\WINDOWS\SysWOW64\User32.dll
[2015-07-10 03:27] - [2015-07-10 05:14] - 1310880 ____A (Microsoft Corporation) 729FE09CBAE7DCCBE43FA83D63A87278

C:\WINDOWS\system32\userinit.exe
[2015-07-10 03:18] - [2015-07-10 03:18] - 0030720 ____A (Microsoft Corporation) 5F6D4F12EA33BFC0F0F8CEEAC332AB2B

C:\WINDOWS\SysWOW64\userinit.exe
[2015-07-10 03:29] - [2015-07-10 03:29] - 0026112 ____A (Microsoft Corporation) A89C18F5E6D8981D5E937B325290915A

C:\WINDOWS\system32\rpcss.dll
[2015-07-10 03:20] - [2015-07-10 03:20] - 0873984 ____A (Microsoft Corporation) 5E57B9FBB4E9C43EE5B69BEE01A1819F

C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 03:14] - [2015-07-10 04:35] - 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477

C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 03:24] - [2015-07-10 04:39] - 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7

C:\WINDOWS\system32\Drivers\volsnap.sys
[2015-07-10 03:13] - [2015-07-10 04:39] - 0378720 ____A (Microsoft Corporation) 823A237D871CD652C6BFD47BECB6810A



LastRegBack: 2016-01-10 16:26

==================== End of FRST.txt ============================
 
Thanks again for your assistance - apologies for any delay in getting back to you, I'm in the uk so there is a timing difference.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Red Ninja (2016-01-17 11:00:02)
Running from C:\Users\Red Ninja\Desktop
Windows 10 Pro (X64) (2015-11-16 10:15:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3517353881-3169882772-1110030527-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3517353881-3169882772-1110030527-503 - Limited - Disabled)
Guest (S-1-5-21-3517353881-3169882772-1110030527-501 - Limited - Disabled)
Red Ninja (S-1-5-21-3517353881-3169882772-1110030527-1000 - Administrator - Enabled) => C:\Users\Red Ninja

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACCA F4E iPass (v1 protected) (HKLM-x32\...\{604AC861-07CC-4853-ABA4-D06F8346341E}_is1) (Version: - BPP Learning Media)
ACCA F5 Performance Management (v3.0 Protected) (HKLM-x32\...\{B8914F6F-5917-4D9B-B7F9-5F474EEA606C}_is1) (Version: - BPP Learning Media)
ACCA F9 Financial Management (v3.0 Protected) (HKLM-x32\...\{1BEC7839-3370-4062-A126-F10F9B4F3715}_is1) (Version: - BPP Learning Media)
ACCA F9 Financial Management (v3.0 Protected) (HKLM-x32\...\{1EF5A20D-3C5C-49DC-B761-66D244C6E280}_is1) (Version: - BPP Learning Media)
Accounts (x32 Version: 18.0.10.208 - Sage (UK) Ltd) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced SystemCare 3 (HKLM-x32\...\Advanced SystemCare 3_is1) (Version: 3.2.0 - IObit)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPP I-Pass ACCA Paper F5 (HKLM-x32\...\BPP I-Pass ACCA Paper F5) (Version: - )
BPP I-Pass ACCA Paper F9 (HKLM-x32\...\BPP I-Pass ACCA Paper F9) (Version: - )
BPP I-Pass FIA Paper FFA (HKLM-x32\...\BPP I-Pass FIA Paper FFA) (Version: - )
BPP I-Pass FIA Paper FMA (HKLM-x32\...\BPP I-Pass FIA Paper FMA) (Version: - )
Dropbox (HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.70.0000 - EPSON)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.201 - Seagate)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Opera 12.13 (HKLM-x32\...\Opera 12.13.1734) (Version: 12.13.1734 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Qualcomm Atheros Fast Reconnect (HKLM-x32\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros)
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Limited) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Limited)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Sage 50 Accounts 2012 (HKLM-x32\...\InstallShield_{EFC6C877-6E77-4E3B-B350-DF4F35D66B51}) (Version: 18.0.10.208 - Sage (UK) Ltd)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - )
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wondershare MobileTrans ( Version 3.5.1 ) (HKLM-x32\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 3.5.1 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {058DC27B-D0CA-4DF3-8EEC-D3ADFBE734E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {07C8825B-8C72-4475-8CC2-2240A60FBD3C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {14E98FB6-2CE9-4E8B-9FB3-A044080E2CE7} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1660B893-0069-47F5-A7DF-6ECE7D24301A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1BA9ACBF-0452-4725-9868-39F88AAE6637} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000Core => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {1DC58E76-DA50-4AB2-A301-1E50FC02B61E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {2134AE9C-A69F-4C2A-AA85-2BF953956D7A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {21A078C8-F852-42F0-BB2F-2924A0B3900A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {27C4E936-D43F-46CC-8E32-212260C38874} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {28690B98-00A7-4ACD-84D6-579624F181C2} - System32\Tasks\{363E6CD0-632D-4A86-B2E5-75EDD6D833F0} => pcalua.exe -a "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 7\setupx.exe" -d "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 7"
Task: {38545662-02B8-4E14-A800-F12AEDF449C8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {3D57A3DE-62D8-44A5-B4CB-5F7DADCF1D0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3EDBB5B7-BBA9-4C2B-BB72-0D6AF423009B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3F1F1EF8-BD54-4640-89C4-3B98C0891620} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {41229C21-6C08-4F82-B96C-44B5A2272A5B} - System32\Tasks\AWC Startup => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2009-02-22] (IObit)
Task: {438113FC-8B6A-4F36-8AB5-D02923873045} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {43AC8AF5-3901-42F4-A528-EA5A5D83B29C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {49F48614-0441-44A6-9955-381553629DE5} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {4BA75E2C-1AD0-48A5-8999-1BD828AAC35D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {522652DE-81E7-4207-93E9-832FCE5B9609} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {52F59C8C-BED3-42D4-B12D-50A8B919AD11} - System32\Tasks\{48727049-A671-4B3C-B80C-D278425DB8B2} => pcalua.exe -a "C:\Users\Red Ninja\Desktop\Virtual DJ Pro 7.0 (djneon)\virtualdj_pro_v7.0.exe" -d "C:\Users\Red Ninja\Desktop\Virtual DJ Pro 7.0 (djneon)"
Task: {566B9FE3-9898-4397-91A5-15B7AF09A09E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5EBDF310-CFA3-44B2-8DBA-64ABE762C7F0} - System32\Tasks\EPSON WF-2630 Series Update {02CCFCED-D97A-4555-8560-44DA9E5FECC8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {612E7DD7-C157-4D7B-99A1-15EEF5CF7714} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {62DEEE68-9F1A-4AA2-8E7E-F48D2D2E460D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {63B33B74-C7AA-4D83-9328-D0CD814F2CCA} - System32\Tasks\{4D00D516-65A4-44FF-8461-45E69AC84597} => pcalua.exe -a "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 6\setupx.exe" -d "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 6"
Task: {68580546-7C27-42CC-A037-6DCDF1EC2A52} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6AA5306B-6F98-4063-93B1-E6FFEA953192} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)
Task: {6DAADAE1-91ED-4158-A367-63842CDB4158} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000UA => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {6FCDA20D-0060-4E2A-ADDA-D33971827A50} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {779D6709-95F1-4B42-80A1-B82BD81BEF5B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7B0723AB-B356-497B-A770-0B8E7DA8F8C4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7B6C8F03-DB20-47DF-A962-35A8650F032C} - System32\Tasks\AWC AutoSweep => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe
Task: {7F61345D-8C55-4C31-9053-B55F41C429B8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {87EF2DB0-AC53-4149-8B8A-401FB9F9FD11} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {97895798-85F7-40F5-8280-40C5126A51A1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {A0385A11-AF76-4D87-ADD7-0327E35EFDC4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A29038C6-AE8F-41F8-A124-C4F27E167D6E} - System32\Tasks\{00C6EE64-6438-4131-AD25-9905D8E6E471} => pcalua.exe -a "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Advanced.System.Care.Pro.2010\asc-setup.exe" -d "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Advanced.System.Care.Pro.2010"
Task: {A754AE49-5C59-46C6-9460-F2F3A08B2752} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {A837D0D4-ED4A-475C-A86D-4A1CCF9C001E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-23] (Microsoft Corporation)
Task: {AA376AC6-0B87-4A37-B6DE-4515B2DF1085} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {AD0A0418-600E-4841-B810-D82DC2F47669} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {B3F6FD79-98BE-46B9-BE22-159C02FEE56E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {B9D8F95C-157C-444F-988F-34AF752066A8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {BD9A4656-826C-4D06-BFB3-A4F06883FF15} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {BF7C2612-B489-444F-BF3C-9D28293D835C} - System32\Tasks\{0C900D10-A8D2-4900-B934-48DFCA91CAED} => pcalua.exe -a "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 7\setup.exe" -d "F:\RE-BOOT Program Folder\New Boot Disc 05-01-10\Nero 7"
Task: {C4F14524-1CF1-4676-9662-EE6859C36F1D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C616E8F0-40EA-4D63-A479-6335081BD9A8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D83291D8-1AE7-4DDA-9C73-2A7FEA823E2F} - System32\Tasks\AWC Update => C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-02-23] (IObit)
Task: {DB849B75-A8D3-49C4-8472-0EA900E2AE9E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-16] (AVAST Software)
Task: {DDB8781E-9FE0-4784-84C5-7DD16551585D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {E1DC6927-086F-42E6-8EF3-B7758604C721} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {ED6D38B1-BFE3-4019-B916-04BEA2BC23E2} - System32\Tasks\EPSON WF-2630 Series Update {2FCF42FB-33C7-494C-B464-D000B053DAB3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {FACBEAB3-29F7-4D41-AAE9-DCD0B544DC28} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AWC AutoSweep.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe
Task: C:\WINDOWS\Tasks\AWC Startup.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
Task: C:\WINDOWS\Tasks\AWC Update.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000Core.job => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000UA.job => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {02CCFCED-D97A-4555-8560-44DA9E5FECC8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{02CCFCED-D97A-4555-8560-44DA9E5FECC8} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {2FCF42FB-33C7-494C-B464-D000B053DAB3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{2FCF42FB-33C7-494C-B464-D000B053DAB3} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-10 05:08 - 2015-09-10 05:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-10 05:08 - 2015-09-10 05:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-11-16 16:00 - 2015-11-16 16:00 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2015-07-10 03:16 - 2015-07-10 04:39 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2016-01-16 14:37 - 2016-01-16 14:37 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-16 14:37 - 2016-01-16 14:37 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-16 14:37 - 2016-01-16 14:37 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011601\algo.dll
2016-01-16 14:37 - 2016-01-16 14:37 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-16 14:37 - 2016-01-16 14:37 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2014-01-07 02:29 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-24 17:18 - 2015-10-31 00:59 - 00034768 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-24 17:17 - 2015-10-31 01:00 - 00019408 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00022848 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00023352 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00042296 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-24 17:17 - 2015-10-31 00:59 - 00116688 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-24 17:18 - 2015-10-31 00:59 - 00093640 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-24 17:18 - 2015-10-31 00:59 - 00018376 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-24 17:18 - 2015-12-08 21:36 - 00019760 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00105928 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-24 17:17 - 2015-10-31 00:59 - 00392144 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-24 17:18 - 2015-12-08 21:36 - 00381752 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-24 17:18 - 2015-10-31 00:59 - 00692688 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00020816 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00109520 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 01737032 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00020808 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-24 17:18 - 2015-12-08 21:36 - 00020800 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-24 17:18 - 2015-12-08 21:36 - 00021840 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00038696 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00024528 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-24 17:17 - 2015-10-31 01:00 - 00020936 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00114640 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-24 17:18 - 2015-12-08 21:36 - 00021320 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00124880 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00030160 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00043472 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00175560 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00028616 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00024016 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00048592 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00024392 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-24 17:17 - 2015-10-31 01:00 - 00036296 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-24 17:18 - 2015-10-31 01:00 - 00024016 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00117056 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00031568 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2015-10-23 18:48 - 2015-11-05 00:04 - 00293392 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2015-12-24 17:18 - 2015-12-08 21:36 - 00023376 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-24 17:18 - 2015-10-31 00:59 - 00134608 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-24 17:17 - 2015-10-31 00:59 - 00134088 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-24 17:17 - 2015-10-31 01:00 - 00240584 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00020280 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00052024 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00021304 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00350152 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00084792 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-24 17:17 - 2015-12-08 21:36 - 01826608 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-24 17:18 - 2015-10-31 01:00 - 00083912 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 03891504 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 01950000 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00519984 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00133936 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00225080 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-24 17:17 - 2015-12-08 21:36 - 00207672 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-24 17:18 - 2015-12-08 21:36 - 00024904 _____ () C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-01-16 14:37 - 2016-01-16 14:37 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-05-20 14:02 - 2009-05-20 14:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Red Ninja\Pictures\sins\Seven Deadly Sins Wallpaper Set\PC\Wrath_pc.png
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B84A176A-F57D-4FC6-8B29-49D6DB62D5B9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{CB45BEF5-68AB-4139-9728-623CF7C2DE1B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{C7F73F64-146D-428B-A33A-28BFC494298A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{017ED033-855D-4531-9509-5F810CE2CB47}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{159C27B7-B09E-4808-8901-46AD9B267AA0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{000B5B32-DC30-4FB5-A98E-C8B615D4100D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0F84176C-B55B-473B-8B49-53A7BA2D6FE4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2F4FC4A4-458B-4A06-9326-A89C0EAC9CF1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E19C8A27-ACA1-4ECE-A4AF-8EBB65E95FBC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{4629F32D-4F0D-4C85-B3F9-0D50225253B9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{61C3D12C-43C8-4545-A22C-F5CD0328B587}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{EEA5C9CD-8EC8-44A6-B9D9-1DEE8F24A58E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{6DD1487E-325F-40AE-98C8-FBAB2EE8A621}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{24718AAE-D6D4-4854-884D-59757F0B1D50}] => (Allow) C:\Users\Red Ninja\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{7CB38587-B97E-4292-92B8-175ECD1B0B44}] => (Allow) C:\Users\Red Ninja\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [UDP Query User{60DE3C61-D23A-4DC9-83B0-712E3B630E5A}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [TCP Query User{1A89D7CF-5C9E-422F-A697-C0CE26921170}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [{9A241B1C-2EDB-45B3-B535-91F099742EA9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{CEE4D559-1412-4D62-91B6-FD97ED88BAC2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{E77812C8-5E63-4BF5-960B-784EFF33F94D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{7319827C-5FA1-46EB-9661-A3023C3EE6B3}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [UDP Query User{8F95920A-2F8F-43DB-A413-F17E974A7EB9}C:\users\red ninja\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\red ninja\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{4AFD3F7F-4A87-43E6-B8E9-B41592E21E99}C:\users\red ninja\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\red ninja\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B81C36E3-2CA1-479E-AF37-95971F4816AB}] => (Allow) C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2657ACD6-E560-4243-9CD1-C5CBD829385D}] => (Allow) C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5D078EF5-93EF-4E44-987F-FEAC10201C96}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E6516210-7B66-49ED-903C-065F4FA5A8F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{273C45A3-5EE2-4CD5-AC23-578A40A446F1}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{1F48731E-E869-4FE2-BD7C-9F9D1431F1CA}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [UDP Query User{8CAEBED8-5222-4714-A5FF-6BB011C80BF2}C:\users\red ninja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\red ninja\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{385130AD-B31D-48D2-8981-656AE7B2FC0C}C:\users\red ninja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\red ninja\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8FE81E9A-357D-41EC-8796-F78AFB2231E8}C:\users\red ninja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\red ninja\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C0E9283F-B2C4-4172-9B4C-BC46F71447E3}C:\users\red ninja\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\red ninja\appdata\roaming\spotify\spotify.exe
FirewallRules: [{074CF73D-20DC-47FC-B9B3-3FCBC6285DE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{883FBBF7-96BA-428A-8B4E-C7AD433106F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC973248-8EF9-46CB-A5B3-F14AD0A7AD63}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3730D328-171A-4507-9445-07B0F7957F82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A33EDFE7-023A-4799-A008-7BF66658D352}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{3F1FC168-8CB9-4B79-B425-640382920B57}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{B8AB63D7-B668-4476-9761-A1FFF03DE8DD}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{038F0CD1-21E8-40FC-B20F-0FE685DF8AEB}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{624AC624-63A6-4960-81FE-896BE3161210}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{42B752B9-2D1E-4FC7-8FF5-7A914F870817}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{2835CD27-8B52-461F-B849-8A8D3E0525E8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{3B01D5BF-6930-4AB3-80A5-23B26EE54E5F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{F0D5CFAF-DED8-4B8F-8A14-94BE36C9A50D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{9062565B-06E1-4CBC-8447-358A5227C4E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{A5E070B5-6FEA-41EC-AB82-DBF683CE2562}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{57D60C18-FB54-4D39-BB30-315E42F9505C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
 
==================== Restore Points =========================

16-01-2016 00:37:35 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2016 10:57:38 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/17/2016 10:57:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CryptSvc, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: bcryptPrimitives.dll, version: 10.0.10240.16384, time stamp: 0x559f399b
Exception code: 0xc0000006
Fault offset: 0x000000000001cd30
Faulting process id: 0x1264
Faulting application start time: 0xsvchost.exe_CryptSvc0
Faulting application path: svchost.exe_CryptSvc1
Faulting module path: svchost.exe_CryptSvc2
Report Id: svchost.exe_CryptSvc3
Faulting package full name: svchost.exe_CryptSvc4
Faulting package-relative application ID: svchost.exe_CryptSvc5

Error: (01/17/2016 10:56:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/17/2016 10:56:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/17/2016 10:55:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63873188

Error: (01/17/2016 10:55:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63873188

Error: (01/17/2016 10:55:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/16/2016 04:55:23 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB3088195~31bf3856ad364e35~amd64~~6.1.1.3.cat

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/16/2016 04:55:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CryptSvc, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: bcryptPrimitives.dll, version: 10.0.10240.16384, time stamp: 0x559f399b
Exception code: 0xc0000006
Fault offset: 0x000000000001cd30
Faulting process id: 0x17a4
Faulting application start time: 0xsvchost.exe_CryptSvc0
Faulting application path: svchost.exe_CryptSvc1
Faulting module path: svchost.exe_CryptSvc2
Report Id: svchost.exe_CryptSvc3
Faulting package full name: svchost.exe_CryptSvc4
Faulting package-relative application ID: svchost.exe_CryptSvc5

Error: (01/16/2016 04:21:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RedNinja-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (01/17/2016 10:57:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 5 time(s).

Error: (01/17/2016 10:57:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cryptographic Services service terminated unexpectedly. It has done this 5 time(s).

Error: (01/17/2016 10:57:48 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/17/2016 10:57:45 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/17/2016 10:57:43 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/17/2016 10:57:40 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/17/2016 10:57:36 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/17/2016 10:57:33 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/17/2016 10:57:30 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/17/2016 10:57:28 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
Date: 2016-01-02 18:27:04.922
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:26:14.577
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:25:11.342
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:24:05.096
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:23:04.651
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:22:00.950
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:20:54.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2016-01-02 18:19:59.593
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-25 22:56:29.510
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2015-12-25 22:55:24.951
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 27%
Total physical RAM: 5814.75 MB
Available physical RAM: 4198.52 MB
Total Virtual: 11702.75 MB
Available Virtual: 10066.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.1 GB) (Free:636.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A2A70F14)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
 
redtarget.gif
FRST reports:
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
Click to expand...
Did you stop the service for whatever reason?

redtarget.gif

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.9 KB · Views: 2
Hey, no I didn't stop the scan.

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Red Ninja (2016-01-18 18:53:43) Run:1
Running from C:\Users\Red Ninja\Desktop
Loaded Profiles: Red Ninja (Available Profiles: Red Ninja)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
U3 aspnet_state; no ImagePath
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2014-02-09 17:27 - 2014-05-25 20:18 - 0200846 _____ () C:\Program Files (x86)\RuntimeSetup.exe
2014-02-09 17:27 - 2014-05-25 20:18 - 0001068 _____ () C:\Program Files (x86)\runtimesetup.ini
C:\Users\Red Ninja\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Red Ninja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmsonxy.dll
C:\Users\Red Ninja\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Red Ninja\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {058DC27B-D0CA-4DF3-8EEC-D3ADFBE734E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2134AE9C-A69F-4C2A-AA85-2BF953956D7A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {21A078C8-F852-42F0-BB2F-2924A0B3900A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {522652DE-81E7-4207-93E9-832FCE5B9609} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {612E7DD7-C157-4D7B-99A1-15EEF5CF7714} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {62DEEE68-9F1A-4AA2-8E7E-F48D2D2E460D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6FCDA20D-0060-4E2A-ADDA-D33971827A50} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7F61345D-8C55-4C31-9053-B55F41C429B8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {87EF2DB0-AC53-4149-8B8A-401FB9F9FD11} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A0385A11-AF76-4D87-ADD7-0327E35EFDC4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C616E8F0-40EA-4D63-A479-6335081BD9A8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

*****************

"HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully
C:\Users\Red Ninja\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll => not found.
C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
AvastVBoxSvc => service could not remove
aspnet_state => service removed successfully
VBoxAswDrv => service could not remove
wfpcapture => service removed successfully
wpcsvc => service removed successfully
C:\Program Files (x86)\RuntimeSetup.exe => moved successfully
C:\Program Files (x86)\runtimesetup.ini => moved successfully
C:\Users\Red Ninja\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Red Ninja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmsonxy.dll => moved successfully
C:\Users\Red Ninja\AppData\Local\Temp\SpotifyUninstall.exe => moved successfully
C:\Users\Red Ninja\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-3517353881-3169882772-1110030527-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{058DC27B-D0CA-4DF3-8EEC-D3ADFBE734E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{058DC27B-D0CA-4DF3-8EEC-D3ADFBE734E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2134AE9C-A69F-4C2A-AA85-2BF953956D7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2134AE9C-A69F-4C2A-AA85-2BF953956D7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21A078C8-F852-42F0-BB2F-2924A0B3900A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21A078C8-F852-42F0-BB2F-2924A0B3900A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{522652DE-81E7-4207-93E9-832FCE5B9609}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{522652DE-81E7-4207-93E9-832FCE5B9609}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{612E7DD7-C157-4D7B-99A1-15EEF5CF7714}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{612E7DD7-C157-4D7B-99A1-15EEF5CF7714}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62DEEE68-9F1A-4AA2-8E7E-F48D2D2E460D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62DEEE68-9F1A-4AA2-8E7E-F48D2D2E460D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FCDA20D-0060-4E2A-ADDA-D33971827A50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FCDA20D-0060-4E2A-ADDA-D33971827A50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F61345D-8C55-4C31-9053-B55F41C429B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F61345D-8C55-4C31-9053-B55F41C429B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87EF2DB0-AC53-4149-8B8A-401FB9F9FD11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87EF2DB0-AC53-4149-8B8A-401FB9F9FD11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0385A11-AF76-4D87-ADD7-0327E35EFDC4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0385A11-AF76-4D87-ADD7-0327E35EFDC4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C616E8F0-40EA-4D63-A479-6335081BD9A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C616E8F0-40EA-4D63-A479-6335081BD9A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully

==== End of Fixlog 18:53:46 ====
 
Right click on Start button, click "Run".
Type:
services.msc
Click OK.

Services window will open.
Find Cryptographic Services, right click on it, click "Properties" and under "Startup type" select "Automatic" from drop down menu.
Click OK.

Then...

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Hey dropping a quick reply off my phone. I have done everything in order as you said. Cryptographic services was already on automatic. I'm currently running Sophos - it's been running an hour so far and I can't do anything else while it's running so I'll post those text files as soon as it stops and I can get them. Thanks so much for your help again, it's really appreciated
 
Results of screen317's Security Check version 1.009
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 20.0.0.267
Adobe Reader XI
Google Chrome (47.0.2526.106)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 03-01-2016
Ran by Red Ninja (administrator) on 19-01-2016 at 21:59:51
Running from "C:\Users\Red Ninja\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc: "%SystemRoot%\system32\cryptsvc.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll
[2015-07-10 03:14] - [2015-07-10 03:14] - 0029184 ____A (Microsoft Corporation) 0AF4872D3D6FD3A030E836DAC2B3EF2D

C:\Windows\System32\drivers\nsiproxy.sys
[2015-07-10 03:14] - [2015-07-10 03:14] - 0040448 ____A (Microsoft Corporation) 66A98C407085B8920DF1E6D722F1ADB8

C:\Windows\System32\drivers\afd.sys
[2015-07-10 03:14] - [2015-07-10 05:09] - 0577888 ____A (Microsoft Corporation) 6C12C7E01A4F64E0AA9C88AF66955CC9

C:\Windows\System32\drivers\tdx.sys
[2015-07-10 03:14] - [2015-07-10 04:32] - 0116576 ____A (Microsoft Corporation) 28E1E63A1AC65E17B3194238FA2CF3BF

C:\Windows\System32\Drivers\tcpip.sys
[2015-11-16 16:00] - [2015-11-16 16:00] - 2432336 ____A (Microsoft Corporation) 7EBD20284AC9BF9F0A020B86769BB074

C:\Windows\System32\dnsrslvr.dll
[2015-07-10 03:14] - [2015-07-10 03:14] - 0276992 ____A (Microsoft Corporation) 592E41B3C11CA12203D3708AD8FC3D37

C:\Windows\System32\mpssvc.dll
[2015-11-16 16:00] - [2015-11-16 16:00] - 0856576 ____A (Microsoft Corporation) A0DBB9386BEA8DA1A159C2A2E07081A3

C:\Windows\System32\bfe.dll
[2015-07-10 03:14] - [2015-07-10 03:14] - 0794112 ____A (Microsoft Corporation) 7FAFFFC4C59F5010D6E7CEA152076B92

C:\Windows\System32\drivers\mpsdrv.sys
[2015-07-10 03:23] - [2015-07-10 03:23] - 0076288 ____A (Microsoft Corporation) 989A1BBD9C49B107B4A47D06E6827A69

C:\Windows\System32\SDRSVC.dll
[2015-07-10 03:28] - [2015-07-10 03:28] - 0150528 ____A (Microsoft Corporation) A906C527B838A4922611C63EBD250F91

C:\Windows\System32\vssvc.exe
[2015-07-10 03:16] - [2015-07-10 03:16] - 1370112 ____A (Microsoft Corporation) 16419CBDB04DB9FF298169AA93413822

C:\Windows\System32\wscsvc.dll
[2015-07-10 03:18] - [2015-07-10 03:18] - 0179200 ____A (Microsoft Corporation) EBA916109A176714E6A7BD152387F13C

C:\Windows\System32\wbem\WMIsvc.dll
[2015-07-10 03:18] - [2015-07-10 03:18] - 0226304 ____A (Microsoft Corporation) 73B5230F03DC7002A70F11EA1B0BAA37

C:\Windows\System32\wuaueng.dll
[2015-11-16 16:00] - [2015-11-16 16:00] - 2236416 ____A (Microsoft Corporation) B70FF53144AC4B3C7D98BFB7D7C239BD

C:\Windows\System32\qmgr.dll
[2015-07-10 03:17] - [2015-07-10 03:17] - 1168896 ____A (Microsoft Corporation) BD60F5633F6BD617D9ECCA3FFDC0D37E

C:\Windows\System32\es.dll
[2015-07-10 03:20] - [2015-07-10 03:20] - 0472576 ____A (Microsoft Corporation) 2093F65AA84478E28C8E9D05BC413845

C:\Windows\System32\cryptsvc.dll
[2015-07-10 03:18] - [2015-07-10 03:18] - 0077312 ____A (Microsoft Corporation) 35DB06AACD8AD5999161DA71FF0E16F0

C:\Program Files\Windows Defender\MpSvc.dll
[2015-07-10 03:20] - [2015-07-10 03:20] - 1791488 ____A (Microsoft Corporation) 6EDEFA2B0F7B6487FCC224EE866FE1F5

C:\Windows\System32\ipnathlp.dll
[2015-07-10 03:26] - [2015-07-10 03:26] - 0452608 ____A (Microsoft Corporation) F10E5536E1C753E01CF19FA4F466CE90

C:\Windows\System32\iphlpsvc.dll
[2015-07-10 03:22] - [2015-07-10 03:22] - 0954880 ____A (Microsoft Corporation) 8FBA61B7CB44F136226BE3B346FC6D19

C:\Windows\System32\svchost.exe
[2015-07-10 03:15] - [2015-07-10 04:40] - 0039856 ____A (Microsoft Corporation) A1AEAFC58DF7803B8AA2B09EA93C722F

C:\Windows\System32\rpcss.dll
[2015-07-10 03:20] - [2015-07-10 03:20] - 0873984 ____A (Microsoft Corporation) 5E57B9FBB4E9C43EE5B69BEE01A1819F



**** End of log ****
 
So Sophos ran all night (I fell asleep and the machine went into standby). I thought it had gotten stuck near the start of the scan, but it didn't it just took ages to scan the first area. I left it running today and the scan has just completed - no threats found.
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Hello thanks again for all your help. I'm going away for the weekend but I will do all that on Monday when I return and let u know how I get on. Thanks again! You rock!
 
You must log in or register to reply here.

Similar threads

learninmypc
Help with FB messenger, NOT THE APP
Replies
4
Views
108
learninmypc
learninmypc
Squid Surprise
Threadripper 7980x Build - occasional black screen?
Replies
5
Views
187
Squid Surprise
Squid Surprise
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
474
eriksnyman1
E

Latest posts

Back