Ok done:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Red Ninja (administrator) on REDNINJA-PC (17-01-2016 10:58:57)
Running from C:\Users\Red Ninja\Desktop
Loaded Profiles: Red Ninja (Available Profiles: Red Ninja)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\WINDOWS\System32\igfxext.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dropbox, Inc.) C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-16] (AVAST Software)
HKLM-x32\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-12-08] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [Dropbox Update] => C:\Users\Red Ninja\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\RunOnce: [Uninstall C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\...\RunOnce: [Uninstall C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Red Ninja\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-16] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-07-17]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Limited.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-07-17]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Limited.)
Startup: C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Red Ninja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{19c76ff2-eee4-444f-b8a3-4e4ed586daba}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-3517353881-3169882772-1110030527-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.google.co.uk/
SearchScopes: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000 -> DefaultScope Yahoo! URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
SearchScopes: HKU\S-1-5-21-3517353881-3169882772-1110030527-1000 -> Yahoo! URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-16] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-16] (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-10] (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-03] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-04-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-16]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-16]
Chrome:
=======
CHR HomePage: Default -> hxxp://
www.google.com/
CHR StartupUrls: Default -> "hxxp://
www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Users\Red Ninja\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-25]
CHR Extension: (Tumblr Dashboard) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco [2014-03-02]
CHR Extension: (Pinterest ™ ) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldekkfiehnegbjkcmalkfcgfecambndd [2014-04-08]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2013-07-30]
CHR Extension: (Colorblendy) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngmafdcpeeloikhhabijcnddgildokk [2014-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Red Ninja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-04]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-16] (AVAST Software)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [251160 2015-12-08] (Avira Operations GmbH & Co. KG)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-09-12] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2011-07-28] (Sage (UK) Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-16] (AVAST Software)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
U3 TrueSight; C:\WINDOWS\System32\drivers\TrueSight.sys [30848 2016-01-15] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 aspnet_state; no ImagePath
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-17 10:55 - 2016-01-17 10:55 - 00016148 _____ C:\WINDOWS\system32\REDNINJA-PC_Red Ninja_HistoryPrediction.bin
2016-01-16 14:38 - 2016-01-16 14:38 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-01-16 14:37 - 2016-01-16 14:37 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-01-16 14:37 - 2016-01-16 14:37 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-01-16 14:31 - 2016-01-16 14:31 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\CrashDumps
2016-01-16 00:39 - 2016-01-16 00:39 - 00001063 _____ C:\Users\Red Ninja\Desktop\JRT.txt
2016-01-16 00:34 - 2016-01-16 00:34 - 00005035 _____ C:\Users\Red Ninja\Desktop\AdwCleaner[C1].txt
2016-01-16 00:23 - 2016-01-16 00:27 - 00000000 ____D C:\AdwCleaner
2016-01-16 00:20 - 2016-01-16 00:20 - 00002986 _____ C:\Users\Red Ninja\Desktop\rk_1B33.tmp.txt
2016-01-16 00:20 - 2016-01-16 00:20 - 00001040 _____ C:\Users\Red Ninja\Desktop\mal2.txt
2016-01-15 23:51 - 2016-01-15 23:51 - 00001037 _____ C:\mal.txt
2016-01-15 23:12 - 2016-01-15 23:12 - 01600184 _____ (Malwarebytes) C:\Users\Red Ninja\Desktop\JRT.exe
2016-01-15 23:01 - 2016-01-15 23:01 - 01754112 _____ C:\Users\Red Ninja\Desktop\AdwCleaner.exe
2016-01-14 10:24 - 2016-01-14 10:26 - 00057272 _____ C:\Users\Red Ninja\Desktop\Addition.txt
2016-01-14 10:23 - 2016-01-17 10:59 - 00020380 _____ C:\Users\Red Ninja\Desktop\FRST.txt
2016-01-14 10:21 - 2016-01-17 10:58 - 00000000 ____D C:\FRST
2016-01-14 08:42 - 2016-01-14 08:42 - 02370560 _____ (Farbar) C:\Users\Red Ninja\Desktop\FRST64.exe
2016-01-14 08:37 - 2016-01-14 08:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\Red Ninja\Desktop\HijackThis.exe
2016-01-14 08:36 - 2016-01-14 08:36 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Red Ninja\Desktop\rkill.exe
2016-01-14 00:57 - 2015-12-03 15:24 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-01-14 00:57 - 2015-12-03 15:24 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-01-14 00:57 - 2015-12-03 15:24 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-01-14 00:38 - 2016-01-14 00:38 - 00001283 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-01-14 00:37 - 2016-01-14 00:56 - 00000000 ____D C:\ProgramData\Avira
2016-01-14 00:37 - 2016-01-14 00:56 - 00000000 ____D C:\Program Files (x86)\Avira
2016-01-14 00:37 - 2016-01-14 00:37 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-14 00:37 - 2016-01-14 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-01-13 23:43 - 2016-01-13 23:43 - 20844104 _____ C:\Users\Red Ninja\Desktop\RogueKiller.exe
2016-01-13 23:37 - 2016-01-15 23:15 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-13 23:37 - 2016-01-13 23:55 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-13 23:34 - 2016-01-17 10:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-13 23:34 - 2016-01-13 23:34 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-13 23:34 - 2016-01-13 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-13 23:34 - 2016-01-13 23:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-13 23:34 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-13 23:34 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-13 23:34 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-13 23:26 - 2016-01-13 23:36 - 00510298 _____ C:\TDSSKiller.3.1.0.9_13.01.2016_23.26.38_log.txt
2016-01-13 23:21 - 2016-01-14 09:48 - 00110632 _____ C:\Users\Red Ninja\Desktop\Rkill.txt
2016-01-13 21:48 - 2016-01-13 21:48 - 00000000 ___HD C:\$AVG
2016-01-13 21:47 - 2016-01-13 21:47 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-13 20:18 - 2016-01-13 20:18 - 04638208 _____ (Avira Operations GmbH & Co. KG) C:\Users\Red Ninja\Downloads\avira_en_av_56953fb51e5bf__adw.exe
2016-01-10 13:58 - 2016-01-10 14:02 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\MicrosoftEdge
2016-01-06 19:06 - 2016-01-06 19:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-05 00:59 - 2016-01-16 13:14 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E16AB391-B7E5-499E-915B-CFDCBF1065AA}
2016-01-04 23:10 - 2016-01-04 23:12 - 00000000 ___HD C:\$SysReset
2016-01-04 21:20 - 2016-01-04 21:20 - 00262144 _____ C:\WINDOWS\Minidump\010416-38328-01.dmp
2016-01-04 21:20 - 2016-01-04 21:20 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-02 20:20 - 2016-01-02 20:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-29 22:34 - 2015-12-29 22:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-12-24 22:31 - 2015-12-25 21:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-24 22:30 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-24 22:28 - 2015-12-24 22:28 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\PeerDistRepub
2015-12-24 17:18 - 2016-01-14 06:20 - 00000000 ____D C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-17 10:58 - 2015-06-17 19:27 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000UA.job
2016-01-17 10:55 - 2015-11-16 08:56 - 00000000 ____D C:\Users\Red Ninja
2016-01-17 10:55 - 2012-08-21 14:39 - 00000408 _____ C:\WINDOWS\Tasks\AWC AutoSweep.job
2016-01-17 10:55 - 2012-08-21 14:32 - 00000402 _____ C:\WINDOWS\Tasks\AWC Startup.job
2016-01-16 17:10 - 2015-09-13 18:10 - 00000911 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {02CCFCED-D97A-4555-8560-44DA9E5FECC8}.job
2016-01-16 16:55 - 2015-01-12 15:55 - 00000911 _____ C:\WINDOWS\Tasks\EPSON WF-2630 Series Update {2FCF42FB-33C7-494C-B464-D000B053DAB3}.job
2016-01-16 16:36 - 2013-05-28 23:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-16 15:43 - 2015-07-30 22:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-16 15:38 - 2015-07-30 22:40 - 00000000 ____D C:\WINDOWS\INF
2016-01-16 15:38 - 2014-03-26 13:25 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-16 15:34 - 2015-07-30 21:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-16 15:03 - 2013-07-23 23:28 - 00000000 ___RD C:\Users\Red Ninja\Dropbox
2016-01-16 15:02 - 2013-07-23 23:04 - 00000000 ____D C:\Users\Red Ninja\AppData\Roaming\Dropbox
2016-01-16 14:40 - 2015-07-10 09:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2016-01-16 14:38 - 2013-12-12 00:16 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-01-16 14:38 - 2013-12-12 00:16 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2016-01-16 14:37 - 2015-07-26 09:46 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-01-16 14:37 - 2015-07-10 09:47 - 00000000 ____D C:\WINDOWS
2016-01-16 14:37 - 2014-08-15 12:34 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-01-16 14:37 - 2014-02-27 21:08 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-01-16 14:37 - 2013-12-12 00:16 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-01-16 14:37 - 2013-12-12 00:16 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-01-16 14:37 - 2013-12-12 00:16 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-01-16 14:37 - 2013-12-12 00:16 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-01-16 13:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-16 00:29 - 2015-06-17 19:27 - 00000882 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000Core.job
2016-01-14 08:17 - 2015-07-30 22:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-14 06:20 - 2015-11-16 10:17 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\TileDataLayer
2016-01-14 06:20 - 2015-10-04 21:53 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-01-14 06:20 - 2015-09-10 05:21 - 00000000 ____D C:\WINDOWS\ShellNew
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 __RSD C:\WINDOWS\Media
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\system32\spool
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\system32\IME
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\schemas
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\ProgramData\USOPrivate
2016-01-14 06:20 - 2015-07-30 22:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-14 06:20 - 2015-07-26 09:59 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-01-14 06:20 - 2015-07-26 09:59 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-01-14 06:20 - 2015-07-26 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-14 06:20 - 2015-04-22 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-14 06:20 - 2015-04-22 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-01-14 06:20 - 2015-01-12 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2016-01-14 06:20 - 2015-01-12 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-01-14 06:20 - 2014-11-18 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-14 06:20 - 2014-05-28 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BPP Learning Media
2016-01-14 06:20 - 2014-04-07 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
2016-01-14 06:20 - 2014-04-07 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2016-01-14 06:20 - 2014-02-09 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BPP I-Pass
2016-01-14 06:20 - 2014-01-31 07:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-01-14 06:20 - 2013-12-13 21:34 - 00000000 ____D C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2016-01-14 06:20 - 2013-07-17 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2016-01-14 06:20 - 2013-04-30 23:48 - 00000000 ____D C:\WINDOWS\system32\SPReview
2016-01-14 06:20 - 2013-03-20 18:25 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2016-01-14 06:20 - 2012-10-31 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
2016-01-14 06:20 - 2012-08-21 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILE RECOVERY for Windows
2016-01-14 06:20 - 2012-08-21 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
2016-01-14 06:20 - 2012-08-21 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Accounts
2016-01-14 06:20 - 2012-08-21 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-14 06:20 - 2009-07-14 07:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-01-13 22:32 - 2015-10-30 09:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-13 21:48 - 2012-08-21 11:18 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-13 21:47 - 2012-08-21 11:12 - 00000000 ____D C:\ProgramData\MFAData
2016-01-13 21:43 - 2015-09-26 20:07 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\Avg
2016-01-13 21:09 - 2015-11-16 10:03 - 00864464 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-12 18:02 - 2012-10-22 01:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-11 19:01 - 2015-11-04 18:30 - 624742124 _____ C:\WINDOWS\MEMORY.DMP
2016-01-11 07:07 - 2015-11-16 11:08 - 00002379 _____ C:\Users\Red Ninja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-11 07:07 - 2015-11-16 11:08 - 00000000 ___RD C:\Users\Red Ninja\OneDrive
2016-01-11 06:14 - 2015-11-05 14:07 - 00024705 _____ C:\WINDOWS\diagerr.xml
2016-01-11 06:14 - 2015-11-05 14:07 - 00023123 _____ C:\WINDOWS\diagwrn.xml
2016-01-11 06:12 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\Registration
2016-01-11 06:10 - 2015-11-16 10:07 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-01-11 06:10 - 2015-09-13 18:10 - 00003406 _____ C:\WINDOWS\System32\Tasks\EPSON WF-2630 Series Update {02CCFCED-D97A-4555-8560-44DA9E5FECC8}
2016-01-11 06:10 - 2015-07-02 20:44 - 00002978 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-11 06:10 - 2015-06-17 19:27 - 00003550 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000UA
2016-01-11 06:10 - 2015-06-17 19:27 - 00003278 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3517353881-3169882772-1110030527-1000Core
2016-01-11 06:10 - 2015-01-12 15:55 - 00003406 _____ C:\WINDOWS\System32\Tasks\EPSON WF-2630 Series Update {2FCF42FB-33C7-494C-B464-D000B053DAB3}
2016-01-11 06:10 - 2014-01-31 07:02 - 00003088 _____ C:\WINDOWS\System32\Tasks\UALU notificatin
2016-01-11 06:10 - 2013-05-28 23:31 - 00003088 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-11 06:10 - 2013-01-26 20:12 - 00002422 _____ C:\WINDOWS\System32\Tasks\{48727049-A671-4B3C-B80C-D278425DB8B2}
2016-01-11 06:10 - 2012-08-21 14:39 - 00002638 _____ C:\WINDOWS\System32\Tasks\AWC Update
2016-01-11 06:10 - 2012-08-21 14:39 - 00002476 _____ C:\WINDOWS\System32\Tasks\AWC AutoSweep
2016-01-11 06:10 - 2012-08-21 14:32 - 00002470 _____ C:\WINDOWS\System32\Tasks\AWC Startup
2016-01-11 06:10 - 2012-08-21 14:13 - 00002500 _____ C:\WINDOWS\System32\Tasks\{00C6EE64-6438-4131-AD25-9905D8E6E471}
2016-01-11 06:10 - 2012-08-21 13:43 - 00002402 _____ C:\WINDOWS\System32\Tasks\{4D00D516-65A4-44FF-8461-45E69AC84597}
2016-01-11 06:10 - 2012-08-21 13:43 - 00002402 _____ C:\WINDOWS\System32\Tasks\{363E6CD0-632D-4A86-B2E5-75EDD6D833F0}
2016-01-11 06:10 - 2012-08-21 13:42 - 00002400 _____ C:\WINDOWS\System32\Tasks\{0C900D10-A8D2-4900-B934-48DFCA91CAED}
2016-01-11 06:10 - 2012-08-21 11:24 - 00002160 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2016-01-11 04:19 - 2015-11-16 16:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-11 04:12 - 2015-07-10 09:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-05 01:05 - 2015-10-04 21:48 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-05 00:57 - 2015-01-07 00:26 - 00000000 __SHD C:\Users\Red Ninja\AppData\Local\EmieUserList
2016-01-05 00:57 - 2015-01-07 00:26 - 00000000 __SHD C:\Users\Red Ninja\AppData\Local\EmieSiteList
2016-01-05 00:53 - 2013-07-17 13:08 - 00000091 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2016-01-02 20:23 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\rescache
2016-01-02 16:46 - 2012-08-21 13:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-02 13:46 - 2015-11-16 10:17 - 00000000 ____D C:\Users\Red Ninja\AppData\Local\Packages
2015-12-24 17:13 - 2015-07-30 22:42 - 00000000 ____D C:\WINDOWS\appcompat
==================== Files in the root of some directories =======
2014-02-09 17:27 - 2014-05-25 20:18 - 0200846 _____ () C:\Program Files (x86)\RuntimeSetup.exe
2014-02-09 17:27 - 2014-05-25 20:18 - 0001068 _____ () C:\Program Files (x86)\runtimesetup.ini
Some files in TEMP:
====================
C:\Users\Red Ninja\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Red Ninja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmsonxy.dll
C:\Users\Red Ninja\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Red Ninja\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe
[2015-11-16 16:00] - [2015-11-16 16:00] - 0579072 ____A (Microsoft Corporation) C527C9231D39BF69611F5F8C80C36140
C:\WINDOWS\system32\wininit.exe
[2015-09-10 05:08] - [2015-09-10 05:08] - 0290312 ____A (Microsoft Corporation) 7718A2A9B2BFB2C8E2BAEB03310CA3FD
C:\WINDOWS\explorer.exe
[2015-09-10 05:08] - [2015-09-10 05:08] - 4532304 ____A (Microsoft Corporation) F1CBCB7FA6F3B309639AA2D4EF74469C
C:\WINDOWS\SysWOW64\explorer.exe
[2015-09-10 05:08] - [2015-09-10 05:08] - 4048808 ____A (Microsoft Corporation) B3F90790F991A5A21113B58EE50FA696
C:\WINDOWS\system32\svchost.exe
[2015-07-10 03:15] - [2015-07-10 04:40] - 0039856 ____A (Microsoft Corporation) A1AEAFC58DF7803B8AA2B09EA93C722F
C:\WINDOWS\SysWOW64\svchost.exe
[2015-07-10 03:25] - [2015-07-10 04:42] - 0035176 ____A (Microsoft Corporation) A412DEDAC6A1FF7BA06FEB3B6725495E
C:\WINDOWS\system32\services.exe
[2015-07-10 03:13] - [2015-07-10 04:35] - 0446336 ____A (Microsoft Corporation) BB3D8E1C108F7244613FF3993291A922
C:\WINDOWS\system32\User32.dll
[2015-07-10 03:16] - [2015-07-10 04:40] - 1366168 ____A (Microsoft Corporation) 75EBC59EAB1B4484FFC9B81DD5F4BE46
C:\WINDOWS\SysWOW64\User32.dll
[2015-07-10 03:27] - [2015-07-10 05:14] - 1310880 ____A (Microsoft Corporation) 729FE09CBAE7DCCBE43FA83D63A87278
C:\WINDOWS\system32\userinit.exe
[2015-07-10 03:18] - [2015-07-10 03:18] - 0030720 ____A (Microsoft Corporation) 5F6D4F12EA33BFC0F0F8CEEAC332AB2B
C:\WINDOWS\SysWOW64\userinit.exe
[2015-07-10 03:29] - [2015-07-10 03:29] - 0026112 ____A (Microsoft Corporation) A89C18F5E6D8981D5E937B325290915A
C:\WINDOWS\system32\rpcss.dll
[2015-07-10 03:20] - [2015-07-10 03:20] - 0873984 ____A (Microsoft Corporation) 5E57B9FBB4E9C43EE5B69BEE01A1819F
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 03:14] - [2015-07-10 04:35] - 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 03:24] - [2015-07-10 04:39] - 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7
C:\WINDOWS\system32\Drivers\volsnap.sys
[2015-07-10 03:13] - [2015-07-10 04:39] - 0378720 ____A (Microsoft Corporation) 823A237D871CD652C6BFD47BECB6810A
LastRegBack: 2016-01-10 16:26
==================== End of FRST.txt ============================