Solved Search Hijacker

Azadai · Sep 10, 2016

Hi there,
So every time I run a search this extra search bar appears at the top of the webpage and stays fixed there. If I try to do another search from the normal search bar it instead puts what I type into this other bar. It only seems to do it when I do a google or bing search: I tried a yahoo search and it didn't show up.

I've tried running an antivirus scan with Trend Micro but it didn't turn up anything. Likewise, both SpyHunter and MalwareBytes cam up clean. I also couldn't find any extra extensions or plugins in either Chrome, Firefox or IE. I couldn't see any extra programs in Control Panel that shouldn't be there. If I click on the close arrow it gets rid of it, but it just comes back if I close and reopen the browser. Basically I'm at a loss on how to get rid of this thing.

EDIT: I've just realised that it also puts ad overlays, onto any webpage I open, so the first time I click on the page it opens an ad. Usually AdGuard and Ghostery stop this sort of thing which is why I haven't noticed it until just now.

I've attached a picture to show you what I mean

Azadai · Sep 10, 2016

FRST.txt Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016

Ran by Cody (administrator) on MAH-DESKTOP (10-09-2016 20:03:01)

Running from C:\Users\Cody\Downloads

Loaded Profiles: Cody (Available Profiles: Cody & Administrator)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Riot Games\LolScreenSaver\service\service.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe

(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe

() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\chrome_extension2\host\chrome_native_msg_host.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe

(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-08] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2015-12-19] ()

HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"

HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1903344 2016-02-17] (NVIDIA Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-17] (Trend Micro Inc.)

HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-17] (Trend Micro Inc.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-07] (Logitech Inc.)

HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-09-24] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)

HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1917440 2016-07-15] ()

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)

HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)

HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [Akamai NetSession Interface] => C:\Users\Cody\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)

HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [NetDrive2] => "C:\PROGRA~1\NETDRI~1\NetDrive2.exe" -tray

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3313481241-1894715402-4189534921-1004] => hxxp://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084

Hosts: 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{bb993540-6cda-49de-9ab8-4fdb17444a7a}: [DhcpNameServer] 192.168.1.1

ManualProxies: 0hxxp://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB

HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB

SearchScopes: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004 -> DefaultScope {3C2CE495-0E51-4445-B938-7EC00E7B56A5} URL =

SearchScopes: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004 -> {3C2CE495-0E51-4445-B938-7EC00E7B56A5} URL =

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)

BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)

BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)

BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)

BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)

BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)

BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)

Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)

Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)

Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)

Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)

Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)

FireFox:

========

FF ProfilePath: C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\wv5djrep.default-1473395599353

FF Homepage: www.google.com.au

FF NetworkProxy: "no_proxies_on", "https://localhost, localhost, 127.0.0.1"

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-05] ()

FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-12] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-05] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-01-12] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-24] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-24] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3313481241-1894715402-4189534921-1004: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-06-11] ()

FF Extension: (Firefox Hotfix) - C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\wv5djrep.default-1473395599353\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]

FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension

FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-06-23]

FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension

FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-10]

FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension

FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-01-11]

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com.au/"

CHR Profile: C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-24]

CHR Extension: (Google Docs) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-24]

CHR Extension: (Google Drive) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]

CHR Extension: (Adguard AdBlocker) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-08-30]

CHR Extension: (YouTube) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]

CHR Extension: (Google Search) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]

CHR Extension: (Google Sheets) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-24]

CHR Extension: (Google Docs Offline) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]

CHR Extension: (Ghostery) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-07]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]

CHR Extension: (Trend Micro Toolbar) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-09-01]

CHR Extension: (Gmail) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-24]

CHR Extension: (Chrome Media Router) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)

R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)

S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)

R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-06-27] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)

R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-07] (Logitech Inc.)

R2 LolScreenSaverService; C:\Riot Games\LolScreenSaver\service\service.exe [707072 2016-03-31] () [File not signed]

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)

R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)

S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310448 2016-08-30] (Overwolf LTD)

R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-17] (Trend Micro Inc.)

R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2443776 2016-07-14] (Trend Micro Inc.)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)

R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)

R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-15] (TeamViewer GmbH)

S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

S2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive2\nd2svc.exe [X]

S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-21] (Qualcomm Atheros Communications, Inc.)

R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)

R3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-09-09] ()

R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)

R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)

R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)

S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)

S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2014-02-07] (PassMark Software)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )

S3 SNXPPAMD; C:\Windows\System32\drivers\snxppamd.sys [99424 2013-03-13] (SUNIX Co., Ltd.)

S3 SNXPSAMD; C:\Windows\System32\drivers\snxpsamd.sys [97888 2013-03-13] (SUNIX Co., Ltd.)

R3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)

R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)

R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)

R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)

R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)

S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)

R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)

R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)

R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [101600 2016-07-21] (Trend Micro Inc.)

R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [124752 2015-12-10] (Trend Micro Inc.)

S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2015-09-24] (Cisco Systems, Inc.)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

S3 mfeapfk; system32\drivers\mfeapfk.sys [X]

U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-10 20:04 - 2016-09-10 20:04 - 00000635 _____ C:\WINDOWS\system32\Drivers\etc\tmsshf.bin

2016-09-10 20:03 - 2016-09-10 20:03 - 00034712 _____ C:\Users\Cody\Downloads\FRST.txt

2016-09-10 20:02 - 2016-09-10 20:03 - 00000000 ____D C:\FRST

2016-09-10 20:02 - 2016-09-10 20:02 - 02397696 _____ (Farbar) C:\Users\Cody\Downloads\FRST64.exe

2016-09-10 19:50 - 2016-09-10 19:50 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Cody\Downloads\SpyHunter-Installer.exe

2016-09-10 02:25 - 2016-09-10 02:25 - 00003434 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup

2016-09-10 02:24 - 2016-09-10 02:24 - 00002361 _____ C:\Users\Cody\Desktop\SpyHunter.lnk

2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\sh4ldr

2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group

2016-09-10 02:23 - 2016-09-10 02:24 - 00000000 ____D C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2016-09-10 02:21 - 2016-09-10 02:21 - 00000000 ____D C:\Users\Cody\Downloads\SpyHunter 4 + Crack

2016-09-10 02:20 - 2016-09-10 02:21 - 15901755 _____ C:\Users\Cody\Downloads\SpyHunter 4 + Crack.zip

2016-09-09 21:29 - 2016-09-10 19:52 - 00001166 _____ C:\Users\Cody\Desktop\nativelog.txt

2016-09-09 16:30 - 2016-09-09 16:30 - 00001816 _____ C:\Users\Cody\Desktop\Google Chrome.lnk

2016-09-09 15:15 - 2016-09-10 01:50 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-09-09 15:14 - 2016-09-09 16:25 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-09-09 15:14 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2016-09-09 15:14 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2016-09-09 15:14 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2016-09-09 15:12 - 2016-09-09 15:14 - 22851472 _____ (Malwarebytes ) C:\Users\Cody\Downloads\mbam-setup-2.2.1.1043.exe

2016-09-09 14:45 - 2016-09-09 14:45 - 00000000 _____ C:\autoexec.bat

2016-09-09 14:44 - 2016-09-09 14:44 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys

2016-09-09 14:18 - 2016-09-09 14:18 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2016-09-09 14:17 - 2016-09-09 14:40 - 00171198 _____ C:\WINDOWS\ntbtlog.txt

2016-09-07 17:29 - 2016-09-07 17:29 - 36269107 _____ C:\Users\Cody\Downloads\Introduction to Electric Circuits, 8th Edition by Richard C. Dorf & James A. Svoboda.pdf

2016-09-07 17:16 - 2016-09-07 17:16 - 00000000 ____D C:\ProgramData\Webitar Production Inc

2016-09-07 13:09 - 2016-09-07 13:09 - 09333759 _____ C:\Users\Cody\Downloads\Republic_Venator_Class Star_Destroyer_Divici.zip

2016-09-06 19:13 - 2016-09-06 19:13 - 00000000 ____D C:\Users\Cody\Documents\Minecraft projects

2016-09-06 13:21 - 2016-09-09 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-09-06 12:38 - 2016-09-06 12:38 - 00000000 ____D C:\Users\Cody\AppData\Local\Macromedia

2016-09-04 22:57 - 2016-09-07 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2016-09-04 19:38 - 2016-09-09 16:25 - 00000982 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk

2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\Users\Cody\AppData\Local\TomTom

2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom

2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V

2016-09-04 19:37 - 2016-09-04 19:37 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect

2016-09-04 19:34 - 2016-09-04 19:35 - 37565768 _____ (TomTom International B.V.) C:\Users\Cody\Downloads\InstallMyDriveConnect.exe

2016-09-03 21:25 - 2016-09-03 21:25 - 00013914 _____ C:\Users\Cody\AppData\Local\recently-used.xbel

2016-09-03 20:55 - 2016-09-03 20:55 - 03927093 _____ C:\Users\Cody\Downloads\forge-1.8.9-11.15.1.1722-installer-win.exe

2016-09-03 20:41 - 2016-09-03 20:42 - 03719516 _____ C:\Users\Cody\Downloads\forge-1.8-11.14.4.1563-installer-win.exe

2016-09-03 20:32 - 2016-09-03 20:32 - 01971599 _____ C:\Users\Cody\Downloads\fml-1.8-8.0.127.1103-installer-win.exe

2016-09-03 17:23 - 2016-09-03 17:23 - 02802417 _____ C:\Users\Cody\Downloads\RaceMenu Overlay Compilation - CBBE version-48705-1-1.rar

2016-09-03 11:34 - 2016-09-03 11:34 - 00001624 _____ C:\Users\Cody\Downloads\Should You Lock the Door- (1).xml

2016-09-03 11:33 - 2016-09-03 11:33 - 00001624 _____ C:\Users\Cody\Downloads\Should You Lock the Door-.xml

2016-09-02 19:54 - 2016-09-02 19:54 - 02797828 _____ C:\Users\Cody\Downloads\ELEC2004 Study Guide.zip

2016-09-02 19:54 - 2016-09-02 19:54 - 00000000 ____D C:\Users\Cody\Downloads\ELEC2004 Study Guide

2016-08-27 21:22 - 2016-08-27 21:22 - 00000000 ____D C:\Users\Cody\Downloads\XRM_BACKGR

2016-08-27 21:19 - 2016-08-27 21:20 - 00000000 ____D C:\Users\Cody\Downloads\XRM1.30

2016-08-27 20:54 - 2016-08-27 20:55 - 27089068 _____ C:\Users\Cody\Downloads\XRM_BACKGR.zip

2016-08-27 20:52 - 2016-08-27 21:09 - 485793193 _____ C:\Users\Cody\Downloads\XRM1.30_PART_1 (1).zip

2016-08-27 20:52 - 2016-08-27 20:59 - 328027746 _____ C:\Users\Cody\Downloads\XRM1.29_PART_3.zip

2016-08-27 20:52 - 2016-08-27 20:52 - 08927374 _____ C:\Users\Cody\Downloads\XRM1.30d_PART_2.zip

2016-08-27 20:40 - 2016-08-27 20:40 - 00605859 _____ C:\Users\Cody\Downloads\X3-ImmersiveGUIHUD-1.3.rar

2016-08-27 20:38 - 2016-08-27 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Egosoft

2016-08-27 20:35 - 2016-08-27 20:38 - 03313352 _____ (Egosoft ) C:\Users\Cody\Downloads\X3AP_Bonus_Pack_5.1.0.0.exe

2016-08-26 21:00 - 2016-08-26 21:03 - 57330773 _____ C:\Users\Cody\Downloads\Beastess 8.02.7z

2016-08-24 01:14 - 2016-08-24 01:14 - 00006403 _____ C:\Users\Cody\Downloads\Cure.rar

2016-08-23 23:52 - 2016-08-23 23:52 - 00000083 _____ C:\Users\Cody\.gtk-bookmarks

2016-08-23 23:13 - 2016-09-03 21:25 - 00000000 ____D C:\Users\Cody\AppData\Local\gtk-2.0

2016-08-23 23:11 - 2016-08-23 23:11 - 00000000 ____D C:\Users\Cody\.thumbnails

2016-08-23 22:39 - 2016-09-03 21:25 - 00000000 ____D C:\Users\Cody\.gimp-2.8

2016-08-23 22:39 - 2016-08-23 22:39 - 00000000 ____D C:\Users\Cody\AppData\Local\gegl-0.2

2016-08-23 22:39 - 2016-08-23 22:39 - 00000000 ____D C:\Users\Cody\AppData\Local\fontconfig

2016-08-23 22:37 - 2016-08-23 22:37 - 00000000 ____D C:\Users\Cody\Downloads\gimp-dds-win64-3.0.1

2016-08-23 22:36 - 2016-08-23 22:36 - 00000000 ____D C:\Users\Cody\Downloads\use own skin

2016-08-22 23:49 - 2016-08-22 23:50 - 31096007 _____ C:\Users\Cody\Downloads\SOS - Schlongs of Skyrim - 3.00.004.7z

2016-08-22 23:33 - 2016-08-22 23:34 - 00367593 _____ C:\Users\Cody\Downloads\PapyrusUtil_v32.zip

2016-08-22 16:25 - 2016-08-22 16:26 - 24688762 _____ C:\Users\Cody\Downloads\Mod Organizer v1_3_11 installer-1334-1-3-11.exe

2016-08-22 15:17 - 2016-08-22 15:17 - 123899131 _____ C:\Users\Cody\Downloads\MoreNastyCritters9_3_fomod.7z

2016-08-21 23:55 - 2016-08-21 23:56 - 00000000 ____D C:\Users\Cody\Downloads\TES5Edit 3.1.3-25859-3-1-3

2016-08-21 23:55 - 2016-08-21 23:55 - 02900822 _____ C:\Users\Cody\Downloads\TES5Edit 3.1.3-25859-3-1-3.7z

2016-08-21 23:21 - 2016-08-21 23:21 - 07603889 _____ C:\Users\Cody\Downloads\2.17 archives.7z

2016-08-21 23:18 - 2016-08-21 23:18 - 00000000 ____D C:\Users\Cody\Downloads\ERF Bodyslide Presets

2016-08-21 23:17 - 2016-08-21 23:17 - 00000000 ____D C:\Users\Cody\Downloads\PSQ Transform Package - Animated Wings 1.2

2016-08-21 23:14 - 2016-08-21 23:14 - 00000000 ____D C:\Users\Cody\Downloads\PSQ Transform Package - Horse Penis Addon 1.2

2016-08-21 23:01 - 2016-08-21 23:01 - 00002513 _____ C:\Users\Cody\Downloads\PSQ RND.7z

2016-08-21 22:59 - 2016-08-21 22:59 - 00001142 _____ C:\Users\Cody\Downloads\Transform Dummy Files.7z

2016-08-21 22:47 - 2016-08-21 22:50 - 77796693 _____ C:\Users\Cody\Downloads\PSQ Transform Package 1.2.zip

2016-08-21 22:47 - 2016-08-21 22:47 - 02761717 _____ C:\Users\Cody\Downloads\PSQ Transform Package - Horse Penis Addon 1.2.zip

2016-08-21 22:46 - 2016-08-21 22:46 - 00581085 _____ C:\Users\Cody\Downloads\PSQ Transform Package - Animated Wings 1.2.zip

2016-08-21 22:46 - 2016-08-21 22:46 - 00000569 _____ C:\Users\Cody\Downloads\PSQ Copy OrgBody Files Script.zip

2016-08-21 22:45 - 2016-08-21 22:45 - 00007394 _____ C:\Users\Cody\Downloads\ERF Bodyslide Presets.zip

2016-08-21 16:15 - 2016-08-21 16:15 - 00070738 _____ C:\Users\Cody\Downloads\SlaveTats-1.2.1.7z

2016-08-21 15:46 - 2016-09-09 16:26 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

2016-08-21 15:46 - 2016-08-21 15:46 - 00000000 ____D C:\Program Files\GIMP 2

2016-08-21 15:45 - 2016-08-21 15:45 - 00197483 _____ C:\Users\Cody\Downloads\gimp-dds-win64-3.0.1.zip

2016-08-21 15:44 - 2016-08-21 15:46 - 77404656 _____ (The GIMP Team ) C:\Users\Cody\Downloads\gimp-2.8.18-setup.exe

2016-08-21 15:09 - 2016-08-21 15:09 - 01605460 _____ C:\Users\Cody\Downloads\use own skin.7z

2016-08-21 14:20 - 2016-08-21 14:20 - 00000000 ____D C:\Users\Cody\Downloads\NifSkope_2_0_2016-04-11-1

2016-08-21 13:48 - 2016-08-21 13:48 - 00000000 ____D C:\Users\Cody\Downloads\fixed_textures

2016-08-21 00:46 - 2016-08-21 02:45 - 00000000 ____D C:\Users\Cody\Downloads\BSAopt-247-1-6-3

2016-08-21 00:46 - 2016-08-21 00:46 - 00983170 _____ C:\Users\Cody\Downloads\BSAopt-247-1-6-3.7z

2016-08-21 00:22 - 2016-08-21 00:22 - 00000000 ____D C:\Users\Cody\Downloads\Copy Orgbody MO

2016-08-21 00:14 - 2016-08-21 00:14 - 01622397 _____ C:\Users\Cody\Downloads\PSQ3.2.6.7z

2016-08-20 14:54 - 2016-09-09 16:26 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk

2016-08-20 14:54 - 2016-09-09 16:25 - 00001020 _____ C:\Users\Public\Desktop\LOOT.lnk

2016-08-20 14:54 - 2016-08-28 18:45 - 00000000 ____D C:\Users\Cody\AppData\Local\LOOT

2016-08-20 14:54 - 2016-08-20 14:54 - 00000000 ____D C:\Program Files (x86)\LOOT

2016-08-20 14:51 - 2016-08-20 14:53 - 25492241 _____ (LOOT Team ) C:\Users\Cody\Downloads\LOOT.Installer.exe

Azadai · Sep 10, 2016

Continued

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-10 20:03 - 2015-12-05 17:43 - 00000000 ____D C:\Program Files (x86)\Steam

2016-09-10 20:01 - 2015-12-30 22:04 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Skype

2016-09-10 19:58 - 2016-05-18 22:43 - 00000568 _____ C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job

2016-09-10 19:58 - 2016-03-20 14:18 - 00000568 _____ C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job

2016-09-10 19:57 - 2015-12-24 11:36 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-09-10 19:56 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-09-10 19:56 - 2015-10-30 16:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2016-09-10 19:55 - 2015-12-24 11:36 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-09-10 19:54 - 2016-07-26 15:44 - 00000000 ____D C:\Users\Cody\AppData\Local\DP_Tower_3.7

2016-09-10 19:53 - 2015-12-24 14:34 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2016-09-10 19:53 - 2015-12-24 11:28 - 00000000 __SHD C:\Users\Cody\IntelGraphicsProfiles

2016-09-10 19:53 - 2015-12-23 18:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-09-10 19:53 - 2015-12-23 18:11 - 00000000 ____D C:\ProgramData\NVIDIA

2016-09-10 19:52 - 2015-10-30 16:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI

2016-09-10 19:49 - 2016-08-05 21:49 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-09-10 18:34 - 2016-06-12 12:53 - 00000000 ____D C:\Users\Cody\AppData\Roaming\.minecraft

2016-09-10 12:18 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-09-10 12:11 - 2015-12-23 18:14 - 00000000 ____D C:\Users\Cody

2016-09-10 01:48 - 2016-01-19 19:15 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm

2016-09-10 01:46 - 2015-12-26 20:25 - 00000000 ____D C:\Users\Cody\AppData\Local\Battle.net

2016-09-10 00:57 - 2015-12-26 20:24 - 00000000 ____D C:\Program Files (x86)\Battle.net

2016-09-09 23:01 - 2016-01-10 15:43 - 00000010 _____ C:\Users\Cody\AppData\Local\sponge.last.runtime.cache

2016-09-09 20:58 - 2016-06-12 14:54 - 00000000 ____D C:\Users\Cody\AppData\Local\LogMeIn Hamachi

2016-09-09 16:29 - 2015-12-23 18:21 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-09-09 16:29 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF

2016-09-09 16:26 - 2016-07-24 16:53 - 00001282 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk

2016-09-09 16:26 - 2016-06-22 16:07 - 00002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk

2016-09-09 16:26 - 2016-06-22 16:07 - 00001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk

2016-09-09 16:26 - 2016-05-18 22:43 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015b.lnk

2016-09-09 16:26 - 2016-04-30 18:46 - 00001873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk

2016-09-09 16:26 - 2016-04-30 18:46 - 00001611 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk

2016-09-09 16:26 - 2016-04-06 23:42 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-09-09 16:26 - 2016-03-20 14:19 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015a.lnk

2016-09-09 16:26 - 2016-03-10 20:45 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk

2016-09-09 16:26 - 2016-02-08 23:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-09-09 16:26 - 2016-01-10 21:53 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk

2016-09-09 16:26 - 2015-12-26 15:57 - 00001284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

2016-09-09 16:26 - 2015-12-24 15:16 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2016-09-09 16:26 - 2015-12-24 11:37 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-09-09 16:26 - 2015-12-24 11:33 - 00001029 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk

2016-09-09 16:26 - 2015-12-23 19:44 - 00002407 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-09-09 16:26 - 2015-12-23 18:16 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2016-09-09 16:26 - 2013-10-22 13:10 - 00001392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

2016-09-09 16:26 - 2013-10-22 13:10 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

2016-09-09 16:25 - 2016-07-24 16:54 - 00001150 _____ C:\Users\Public\Desktop\Overwolf.lnk

2016-09-09 16:25 - 2016-06-22 16:07 - 00001327 _____ C:\Users\Public\Desktop\NCH Suite.lnk

2016-09-09 16:25 - 2016-06-22 16:07 - 00001195 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk

2016-09-09 16:25 - 2016-06-12 12:52 - 00001026 _____ C:\Users\Public\Desktop\Minecraft.lnk

2016-09-09 16:25 - 2016-05-29 02:00 - 00000697 _____ C:\Users\Public\Desktop\DCP_Setup_Maker.lnk

2016-09-09 16:25 - 2016-05-18 22:43 - 00001360 _____ C:\Users\Public\Desktop\MATLAB R2015b.lnk

2016-09-09 16:25 - 2016-04-06 23:42 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2016-09-09 16:25 - 2016-03-20 14:19 - 00001360 _____ C:\Users\Public\Desktop\MATLAB R2015a.lnk

2016-09-09 16:25 - 2016-03-10 20:45 - 00001048 _____ C:\Users\Public\Desktop\WinSCP.lnk

2016-09-09 16:25 - 2016-03-02 17:09 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk

2016-09-09 16:25 - 2016-02-27 20:54 - 00000971 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk

2016-09-09 16:25 - 2016-02-08 23:01 - 00002120 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

2016-09-09 16:25 - 2016-01-29 18:13 - 00001579 _____ C:\Users\Public\Desktop\League of Legends.lnk

2016-09-09 16:25 - 2016-01-19 19:32 - 00001258 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk

2016-09-09 16:25 - 2016-01-15 15:25 - 00001160 _____ C:\Users\Public\Desktop\StarCraft II.lnk

2016-09-09 16:25 - 2016-01-10 21:53 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk

2016-09-09 16:25 - 2015-12-30 22:04 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk

2016-09-09 16:25 - 2015-12-29 13:37 - 00001088 _____ C:\Users\Public\Desktop\Notepad++.lnk

2016-09-09 16:25 - 2015-12-26 21:04 - 00001207 _____ C:\Users\Public\Desktop\Diablo III.lnk

2016-09-09 16:25 - 2015-12-26 20:25 - 00001213 _____ C:\Users\Public\Desktop\Battle.net.lnk

2016-09-09 16:25 - 2015-12-26 15:57 - 00001266 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

2016-09-09 16:25 - 2015-12-24 15:16 - 00001818 _____ C:\Users\Public\Desktop\iTunes.lnk

2016-09-09 16:25 - 2015-12-24 14:34 - 00002038 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk

2016-09-09 16:25 - 2015-12-24 14:27 - 00001088 _____ C:\Users\Public\Desktop\iExplorer.lnk

2016-09-09 16:25 - 2015-12-23 16:41 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2016-09-09 16:24 - 2016-08-08 18:08 - 00002277 _____ C:\Users\Cody\Desktop\Discord.lnk

2016-09-09 16:24 - 2016-07-26 14:12 - 00001192 _____ C:\Users\Cody\Desktop\Syncios.lnk

2016-09-09 16:24 - 2016-07-24 16:53 - 00001326 _____ C:\Users\Cody\Desktop\TeamSpeak 3 Client.lnk

2016-09-09 16:24 - 2016-05-29 02:04 - 00002033 _____ C:\Users\Cody\Desktop\install4j.lnk

2016-09-09 16:24 - 2016-04-06 13:01 - 00001204 _____ C:\Users\Cody\Desktop\SourceTree.lnk

2016-09-09 16:24 - 2016-04-06 12:20 - 00002291 _____ C:\Users\Cody\Desktop\Git Shell.lnk

2016-09-09 16:24 - 2016-04-02 14:29 - 00000776 _____ C:\Users\Cody\Desktop\Eclipse.lnk

2016-09-09 16:24 - 2016-03-08 18:55 - 00001274 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice IV.lnk

2016-09-09 16:24 - 2016-03-08 18:55 - 00001250 _____ C:\Users\Cody\Desktop\LTspice IV.lnk

2016-09-09 16:24 - 2016-02-09 20:13 - 00002639 _____ C:\Users\Cody\Desktop\Windows 7 USB DVD Download Tool.lnk

2016-09-09 16:24 - 2016-02-08 23:15 - 00002282 _____ C:\Users\Cody\Desktop\Dungeons & Dragons Online.lnk

2016-09-09 16:24 - 2016-02-01 18:13 - 00001224 _____ C:\Users\Cody\Desktop\NavDesk 7.50.lnk

2016-09-09 16:24 - 2016-01-10 21:53 - 00001040 _____ C:\Users\Cody\Desktop\OSFMount.lnk

2016-09-09 16:24 - 2016-01-10 14:40 - 00001387 _____ C:\Users\Cody\Desktop\Trend Micro Maximum Security.lnk

2016-09-09 16:23 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\Cursors

2016-09-09 14:11 - 2015-12-26 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-09-07 20:08 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-09-07 18:00 - 2015-12-05 16:50 - 00000000 ____D C:\Users\Cody\Documents\Uni

2016-09-07 16:08 - 2015-12-03 16:38 - 00000000 ____D C:\Users\Cody\AppData\Local\Packages

2016-09-06 19:16 - 2016-01-11 21:01 - 00000196 _____ C:\Users\Cody\Desktop\New Text Document.txt

2016-09-04 15:23 - 2015-12-23 17:20 - 00000000 ____D C:\Users\Cody\AppData\Local\CrashDumps

2016-09-03 23:26 - 2016-01-15 14:52 - 00000000 ____D C:\Program Files (x86)\StarCraft II

2016-09-03 20:33 - 2016-04-02 14:05 - 00000000 ____D C:\Users\Cody\.oracle_jre_usage

2016-09-02 17:04 - 2016-04-08 22:28 - 00000000 ____D C:\Users\Cody\AppData\Roaming\SpaceEngineers

2016-09-01 18:40 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-09-01 18:40 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-09-01 10:54 - 2016-07-24 16:54 - 00000000 ____D C:\Program Files (x86)\Overwolf

2016-08-31 22:55 - 2016-07-24 16:54 - 00000002 _____ C:\END

2016-08-31 13:32 - 2016-01-10 21:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2016-08-29 23:31 - 2015-12-26 20:30 - 00000000 ____D C:\Program Files (x86)\Diablo III

2016-08-29 20:12 - 2016-08-08 18:08 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc

2016-08-29 20:12 - 2016-08-08 18:08 - 00000000 ____D C:\Users\Cody\AppData\Roaming\discord

2016-08-29 20:11 - 2016-08-08 18:07 - 00000000 ____D C:\Users\Cody\AppData\Local\Discord

2016-08-22 23:54 - 2016-02-27 20:54 - 00000000 ____D C:\Users\Cody\Documents\Nexus Mod Manager

2016-08-21 23:56 - 2016-02-27 14:35 - 00000000 ____D C:\Users\Cody\AppData\Local\Skyrim

2016-08-17 11:16 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-08-17 11:15 - 2016-01-12 14:01 - 00000000 ____D C:\Program Files\Microsoft Office 15

2016-08-16 22:07 - 2016-07-24 16:53 - 00000000 ____D C:\Users\Cody\AppData\Roaming\TS3Client

2016-08-16 13:45 - 2015-12-30 22:04 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-08-16 13:45 - 2015-12-30 22:04 - 00000000 ____D C:\ProgramData\Skype

2016-08-12 11:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\rescache

2016-08-11 09:13 - 2013-10-22 11:22 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-08-11 01:10 - 2015-10-30 19:07 - 00000000 ____D C:\Program Files\Windows Journal

2016-08-11 01:10 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2016-08-11 01:10 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB

2016-08-11 01:10 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\en-GB

==================== Files in the root of some directories =======

2016-03-08 20:07 - 2016-05-30 17:17 - 0004622 _____ () C:\Users\Cody\AppData\Roaming\LTspiceIV.ini

2016-03-11 01:06 - 2016-05-27 19:03 - 0000600 _____ () C:\Users\Cody\AppData\Roaming\winscp.rnd

2016-01-10 14:35 - 2016-01-10 14:35 - 0000036 _____ () C:\Users\Cody\AppData\Local\housecall.guid.cache

2016-03-31 17:25 - 2016-05-01 14:45 - 0000600 _____ () C:\Users\Cody\AppData\Local\PUTTY.RND

2016-09-03 21:25 - 2016-09-03 21:25 - 0013914 _____ () C:\Users\Cody\AppData\Local\recently-used.xbel

2016-01-10 15:43 - 2016-09-09 23:01 - 0000010 _____ () C:\Users\Cody\AppData\Local\sponge.last.runtime.cache

2015-12-23 18:11 - 2015-12-23 18:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2013-10-22 13:07 - 2013-10-22 13:08 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log

2013-10-22 13:04 - 2013-10-22 13:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log

2013-10-22 13:05 - 2013-10-22 13:05 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log

2013-10-22 13:06 - 2013-10-22 13:07 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log

2013-10-22 13:04 - 2013-10-22 13:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:

====================

C:\Users\Cody\Q2BlockDiagram2.exe

C:\Users\Cody\Q3Simulation.exe

Some files in TEMP:

====================

C:\Users\Cody\AppData\Local\Temp\0172691451345113mcinst.exe

C:\Users\Cody\AppData\Local\Temp\59f3-ed9e-90bb-abe8.exe

C:\Users\Cody\AppData\Local\Temp\COMAP.EXE

C:\Users\Cody\AppData\Local\Temp\Execute2App.exe

C:\Users\Cody\AppData\Local\Temp\jansi-64-1810959505688073440.dll

C:\Users\Cody\AppData\Local\Temp\jansi-64-7499072956835013738.dll

C:\Users\Cody\AppData\Local\Temp\jansi-64-8795685801070610727.dll

C:\Users\Cody\AppData\Local\Temp\jre-8u101-windows-au.exe

C:\Users\Cody\AppData\Local\Temp\jre-8u91-windows-au.exe

C:\Users\Cody\AppData\Local\Temp\McCSPInstall.dll

C:\Users\Cody\AppData\Local\Temp\mccspuninstall.exe

C:\Users\Cody\AppData\Local\Temp\msvcp90.dll

C:\Users\Cody\AppData\Local\Temp\msvcr90.dll

C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe

C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe

C:\Users\Cody\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Cody\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Cody\AppData\Local\Temp\nvStInst.exe

C:\Users\Cody\AppData\Local\Temp\SynciosDeviceService.exe

C:\Users\Cody\AppData\Local\Temp\TmDbgLog.dll

C:\Users\Cody\AppData\Local\Temp\utils.dll

C:\Users\Cody\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-07 11:23

==================== End of FRST.txt ============================

Azadai · Sep 10, 2016

Additional.txt Log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016

Ran by Cody (10-09-2016 20:05:02)

Running from C:\Users\Cody\Downloads

Windows 10 Home Version 1511 (X64) (2015-12-23 09:39:46)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3313481241-1894715402-4189534921-500 - Administrator - Enabled) => C:\Users\Administrator

Cody (S-1-5-21-3313481241-1894715402-4189534921-1004 - Administrator - Enabled) => C:\Users\Cody

DefaultAccount (S-1-5-21-3313481241-1894715402-4189534921-503 - Limited - Disabled)

Guest (S-1-5-21-3313481241-1894715402-4189534921-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3313481241-1894715402-4189534921-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Maximum Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Trend Micro Maximum Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Akamai) (Version: - Akamai Technologies, Inc)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)

Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.06020 - Cisco Systems, Inc.)

Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.06020 - Cisco Systems, Inc.) Hidden

CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)

Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)

Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)

Discord (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)

DOOM 3 (HKLM\...\Steam App 9050) (Version: - id Software)

DOOM 3: Resurrection of Evil (HKLM\...\Steam App 9070) (Version: - id Software)

DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden

Dungeons & Dragons Online v2600.0045.4801.4249 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 2600.0045.4801.4249 - Atari, Inc.)

Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)

GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)

GitHub (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\5f7eb300e2ea4ebf) (Version: 3.0.17.0 - GitHub, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)

Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)

iExplorer 3.2.5.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)

install4j 6.1.1 (HKLM\...\6187-37938-2029-3898) (Version: 6.1.1 - ej-technologies GmbH)

Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)

Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)

IzPack 5.0.8 (HKLM\...\IzPack 5.0.8) (Version: - )

Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)

Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)

Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

League Screensaver (HKLM-x32\...\LolScreenSaver) (Version: W0.1.19-0.11.13-beta - Riot Games)

Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden

LOOT version 0.9.2 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.2 - LOOT Team)

LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

MATLAB R2015a (HKLM\...\Matlab R2015a) (Version: 8.5 - MathWorks)

MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Might & Magic: Heroes VI (HKLM\...\Steam App 48220) (Version: - Blackhole)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)

Mozilla Thunderbird 45.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.1.0 (x86 en-US)) (Version: 45.1.0 - Mozilla)

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)

NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.15 - Black Tree Gaming)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)

NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)

NVIDIA Graphics Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.43 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)

Overwolf (HKLM-x32\...\Overwolf) (Version: 0.97.209.0 - Overwolf Ltd.)

Python 3.5.1 (32-bit) (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)

Python 3.5.1 Add to Path (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Core Interpreter (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Core Interpreter (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Development Libraries (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Executables (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Executables (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)

Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Standard Library (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Standard Library (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Tcl/Tk Support (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Tcl/Tk Support (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Test Suite (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Test Suite (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)

Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden

Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)

Sanctum (HKLM\...\Steam App 91600) (Version: - Coffee Stain Studios)

Sanctum 2 (HKLM\...\Steam App 210770) (Version: - Coffee Stain Studios)

SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden

Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)

Skyrim Creation Kit (HKLM\...\Steam App 202480) (Version: - bgs.bethsoft.com)

Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version: - The SKSE Team)

SourceTree (HKLM-x32\...\SourceTree 1.8.3) (Version: 1.8.3 - Atlassian)

SourceTree (x32 Version: 1.8.3 - Atlassian) Hidden

Space Engineers (HKLM\...\Steam App 244850) (Version: - Keen Software House)

StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)

SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM-x32\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)

SUPER © v2016.Build.69+3D+Recorder (2016/04/02) version v2016.B (HKLM-x32\...\{CB93965C-C24C-437D-839B-285188F22F11}_is1) (Version: v2016.Build.69+3D+Recorder - eRightSoft)

Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.02 - NCH Software)

Syncios 5.0.6 (HKLM-x32\...\Syncios) (Version: 5.0.6 - Anvsoft)

TeamSpeak 3 Client (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)

TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)

The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)

TomTom MyDrive Connect 4.1.1.2797 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.1.2797 - TomTom)

Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)

Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.7.0.1075 - Trend Micro Inc.)

Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)

Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)

X3 Albio Prelude Bonus Pack 5.1.0.0 (HKLM-x32\...\X3AP Bonus Pack_is1) (Version: 5.1.0.0 - Egosoft)

X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version: - Egosoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Cody\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {0CA8690D-AB37-4F2A-B16E-8C0B14C35751} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION

Task: {0E45AFB6-E450-403B-BD83-DA4043A10184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)

Task: {34726F01-7385-4433-BB2F-2804E3F9F7A2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)

Task: {5878757E-0C48-4924-B243-B3DBAB029162} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {637C4646-000D-4A11-8518-F7B5B05A176E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)

Task: {644B9F54-3DCC-44F9-B8A5-140BC69E972B} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-08-30] (Overwolf LTD)

Task: {6A041227-2399-4548-91CC-C9010A5B9FBB} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-10] (Dell, Inc.)

Task: {7894DFAA-F794-402C-B9CF-CC055DDF878A} - System32\Tasks\MATLAB R2015a Startup Accelerator => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe [2014-12-29] ()

Task: {7FC4820F-C243-41E4-B28B-B9A3B40F127F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-29] (Microsoft Corporation)

Task: {825A6E9B-B251-45F6-A43E-E94A478DEDF2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)

Task: {887B87CD-41FD-4B97-89F7-A9149F7BF159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-29] (Microsoft Corporation)

Task: {A977D273-0777-462E-B2E4-1E4299246434} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()

Task: {ABC6C0C1-AE6F-45CC-9008-D495FF304FB0} - \SystemToolsDailyTest -> No File <==== ATTENTION

Task: {AE1A82E7-31E3-498D-80BE-AE7868BF04AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-05] (Adobe Systems Incorporated)

Task: {B7402253-40F4-4D72-80A6-F3D6E2B05E7E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)

Task: {C250ADC3-70D8-4AE1-A387-C6A38AD76193} - \WPD\SqmUpload_S-1-5-21-3313481241-1894715402-4189534921-1001 -> No File <==== ATTENTION

Task: {C352EE92-713C-4F06-81A4-277A3E84FBDA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)

Task: {C38429A3-91EE-40C4-BC95-BB5B09440BD4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)

Task: {CD8CD085-35ED-4D4C-84FC-D33D00BB5993} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)

Task: {DC2DF0E1-D6ED-4155-A9A2-95F77B3013BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)

Task: {DE1ADDA9-92A9-455E-B423-2F8AE5138F3A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)

Task: {EDD27B22-CD7B-4ADC-9EE0-BEFB231D6388} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-05] (Microsoft Corporation)

Task: {FC805CF4-6310-4A26-BAC3-29F6D23EEF2C} - \PCDEventLauncherTask -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe

Task: C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Cody\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 17:17 - 2015-10-30 17:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll

2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2015-12-23 18:11 - 2016-02-24 06:28 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2016-01-10 14:37 - 2015-03-31 21:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll

2016-01-10 14:37 - 2015-03-31 21:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll

2016-01-10 14:37 - 2015-03-31 21:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll

2016-01-10 14:37 - 2015-03-31 21:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll

2016-01-10 14:37 - 2015-03-31 21:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll

2016-01-10 14:37 - 2015-03-31 21:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll

2015-12-29 09:23 - 2015-07-17 04:31 - 00168544 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll

2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2016-03-31 04:25 - 2016-03-31 04:25 - 00707072 _____ () C:\Riot Games\LolScreenSaver\service\service.exe

2016-01-10 14:39 - 2015-07-17 04:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll

2016-01-10 14:39 - 2015-07-17 04:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll

2016-01-10 14:39 - 2015-07-17 04:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll

2016-01-10 14:39 - 2015-07-17 04:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll

2016-01-12 14:01 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2016-01-10 14:37 - 2014-08-01 20:17 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll

2016-07-17 20:06 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-07-17 20:06 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-07-27 12:03 - 2016-05-25 02:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2016-04-19 08:33 - 2016-04-19 08:33 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

2016-01-10 14:37 - 2016-07-14 12:49 - 40970752 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe

2015-12-24 11:54 - 2015-12-07 14:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-07-17 20:07 - 2016-07-01 13:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2016-07-17 20:06 - 2016-07-01 13:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-07-17 20:06 - 2016-07-01 13:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-07-17 20:06 - 2016-07-01 13:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-07-17 20:06 - 2016-07-01 13:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2015-12-29 09:23 - 2015-07-17 04:31 - 00065520 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll

2015-03-07 10:07 - 2015-03-07 10:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll

2016-01-07 05:43 - 2016-01-07 05:43 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll

2015-03-07 10:07 - 2015-03-07 10:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll

2016-01-07 05:43 - 2016-01-07 05:43 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll

2016-03-02 16:12 - 2016-02-17 16:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll

2015-12-23 16:38 - 2016-02-17 16:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll

2016-03-02 16:12 - 2016-02-17 16:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll

2015-09-24 03:53 - 2015-09-24 03:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

2016-04-19 08:33 - 2016-04-19 08:33 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

2016-04-19 08:33 - 2016-04-19 08:33 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

2015-12-23 16:38 - 2016-02-17 17:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2016-08-09 09:58 - 2016-08-03 10:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll

2016-08-09 09:58 - 2016-08-03 10:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll

2013-10-22 13:04 - 2013-03-05 13:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2013-03-06 04:41 - 2013-03-06 04:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2015-12-29 09:23 - 2015-07-17 04:31 - 00092792 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_57.dll

2015-12-29 09:23 - 2015-07-17 04:31 - 00024312 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_system-vc110-mt-1_57.dll

2015-12-29 09:23 - 2015-07-17 04:31 - 00032552 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_chrono-vc110-mt-1_57.dll

2015-12-29 09:23 - 2015-07-17 04:31 - 00049544 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_57.dll

2013-10-22 12:59 - 2013-08-09 22:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2015-12-05 17:43 - 2016-08-09 09:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-12-05 17:43 - 2015-07-02 08:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-12-05 17:43 - 2016-08-24 05:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll

2015-12-05 17:43 - 2015-07-02 08:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-12-05 17:43 - 2015-07-02 08:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2015-12-05 17:43 - 2016-01-27 17:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2015-12-05 17:43 - 2016-01-27 17:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2015-12-05 17:43 - 2016-01-27 17:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2015-12-05 17:43 - 2016-01-27 17:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2015-12-05 17:43 - 2016-01-27 17:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2015-12-05 17:43 - 2016-08-24 05:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2016-03-09 21:31 - 2016-07-05 08:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll

2015-12-05 17:43 - 2016-08-05 06:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2015-12-05 17:43 - 2015-09-25 09:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

2016-02-29 23:41 - 2016-02-29 23:41 - 00125952 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_loader.dll

2016-02-29 23:41 - 2016-02-29 23:41 - 00901120 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_1_9_32.dll

2016-02-29 23:46 - 2016-02-29 23:46 - 00225280 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\AHZmoreHUDPlugin.dll

2016-08-16 21:40 - 2016-08-16 21:40 - 00585216 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\chargen.dll

2016-08-18 22:17 - 2016-08-18 22:17 - 00756736 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\DeviousDevices.dll

2016-08-22 00:36 - 2016-08-22 00:36 - 00030720 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\Flying_Physics.dll

2016-08-21 00:50 - 2016-08-21 00:50 - 10804224 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\hdtPhysicsExtensions.dll

2016-08-18 11:12 - 2016-08-18 11:12 - 02268672 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\JContainers.dll

2016-08-22 23:18 - 2016-08-22 23:18 - 00214528 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\MfgConsole.dll

2016-08-16 21:40 - 2016-08-16 21:40 - 00827904 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\nioverride.dll

2016-08-22 23:54 - 2016-08-22 23:54 - 00385024 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\SchlongsOfSkyrim.dll

2016-08-22 23:18 - 2016-08-22 23:18 - 00563712 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\SexLabUtil.dll

2016-08-22 23:54 - 2016-08-22 23:55 - 00945152 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\StorageUtil.dll

2016-08-28 20:24 - 2016-08-28 20:24 - 00107008 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\zzEstrusUtil.dll

2015-12-05 17:43 - 2016-08-24 05:33 - 00380192 _____ () C:\Program Files (x86)\Steam\steam.dll

2010-12-18 05:56 - 2010-12-18 05:56 - 02603520 _____ () c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll

2010-01-13 09:55 - 2010-01-13 09:55 - 00322048 _____ () c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll

2010-12-18 05:56 - 2010-12-18 05:56 - 00382464 _____ () c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll

2010-12-17 05:16 - 2010-12-17 05:16 - 00195584 _____ () c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll

2013-03-08 05:54 - 2013-03-08 05:54 - 00071680 _____ () c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

Azadai · Sep 10, 2016

Continued

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\cpp.edu -> hxxp://www.cpp.edu

IE trusted site: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2016-09-10 02:28 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Cody\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\abstract_blue_2-wide.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Hamachi2Svc => 2

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"

HKLM\...\StartupApproved\Run32: => "Syncios device service"

HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "Akamai NetSession Interface"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{A9947E99-A1EF-4F26-9EFD-F87C0E964F2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{5F6A678E-CD6B-4ACB-8A49-8A3004ADCF4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{77D0F2C6-8EE2-4A17-A337-F00437EFBCB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{FE6B164A-F5F1-4717-B713-5122C6ABE70D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{8D95307E-19DF-426C-A372-26F207A8B9EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{9A0EEA54-D77D-4B3B-A7B4-2E2109525A89}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{16EB0374-956D-4FD6-BBEB-47D49A8BFB97}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{B3CB7CA5-FAA4-4FFA-BC91-A4458C4FFE40}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{77CCC0A3-32AB-47A7-A442-5E53A1787835}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{3BA82FA7-D5A2-4D8B-817F-B4BA913B606B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{222B695A-17A5-4214-BE9F-F43F633612D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{522E4307-3DE4-41C9-9966-FA01135C355A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{1DE53467-7E0B-4E74-B286-655016B8BCF6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{D54F8AE3-B2A4-41C9-8D0D-D0830189FF72}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{0D6F5875-0034-4A8F-8D2B-229A8479C259}] => (Allow) LPort=1900

FirewallRules: [{96622F71-4E28-424D-BA43-1ACD58541503}] => (Allow) LPort=2869

FirewallRules: [{6596E0CE-57DD-4A46-85B4-22AB5DB05FF1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{A7FE2FA4-99FE-4E18-AE16-1507697E67EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe

FirewallRules: [{267DC37D-7AEB-44D3-94F3-E0F9DF5B22B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{110684A9-9987-4037-93F7-E0A3FA8BF4BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{44D837CB-B2D4-4C5A-984F-7BAA4D289853}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E47DB184-D86A-470B-AA1B-391C13A22608}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{1A70B8E7-2CC1-4860-871B-E0B74364EFD5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{1282EEC9-4F47-4BE1-BBAB-583DAA5722D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{A9B9004B-58BD-450F-AD14-4864CB8C30D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3AP.exe

FirewallRules: [{15DDEDAF-C063-43F1-8D0B-8D5C98B56AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3AP.exe

FirewallRules: [{B69E0C68-6702-4BEC-873C-BAF33839CB15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe

FirewallRules: [{26ADF8C7-8444-454C-961A-B05D948E611E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe

FirewallRules: [TCP Query User{E04E57A0-38B2-4E02-A58B-99B9E78505D0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe

FirewallRules: [UDP Query User{DD567391-4D5C-4152-AAC4-768994DCCB2D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe

FirewallRules: [{D9D52B2F-5D7B-47B9-ACE4-A4D3EC639640}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe

FirewallRules: [{64FD604F-DA42-4C03-888A-E20111DA7EFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe

FirewallRules: [TCP Query User{F159914B-EE3F-46C1-85EC-23A6A92315E0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{1FCE66A2-05F1-4603-88DD-0CA56C838DC4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{EF3C0257-D45F-41D2-9689-88C2671B3A66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

FirewallRules: [{6F060CE0-6382-4FDA-BC82-D00748DC22A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

FirewallRules: [{049FBF91-B1F3-4712-A895-B77885AA831B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

FirewallRules: [{9A45A3B5-3192-4E65-9053-2BF67F78ACEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

FirewallRules: [{EEBDCBC5-2F04-43FD-9314-7E006C16F8D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{0E4B7A13-938C-4563-B937-30BCB4F2CB04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{01C5562B-48D0-45D8-823F-EDC54B9B75DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{1E1A07F8-4F25-44D1-983F-9363D43AAA6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{BAA820F2-EA1C-43B1-A196-2E3CC85D986A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{91455FA5-6370-4553-9F46-E123093C78A2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{683C45A1-FA8B-47E3-A412-79A22205FE7F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{F6557CC3-1AD8-42B5-8932-F80FC2A093B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{05E99840-67E7-4C7E-B478-58BBAA3A8BC5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{27F26161-42BF-450C-9742-E05AD2C67374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe

FirewallRules: [{652E8502-7341-4B7D-BF9F-2968E6008408}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe

FirewallRules: [TCP Query User{0EB72472-483D-4BF4-A9DA-614BA23FD791}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe

FirewallRules: [UDP Query User{A9CD5D1A-095A-4058-94E7-8E3E4F6C329D}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe

FirewallRules: [TCP Query User{1B309030-7374-4F84-B158-0B5F330FECDC}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{40526C0A-1D12-488C-8197-E8044DA1D524}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{F3A0747E-C61C-43C1-8774-7221968CEEED}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe

FirewallRules: [UDP Query User{298B4449-614B-4A09-98E7-779AA65197F7}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe

FirewallRules: [TCP Query User{37756491-7EF2-4D52-8A70-6F66A7428085}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [UDP Query User{1F223779-4408-4BA3-9343-D434A420DDF7}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [{5997C51A-BA5F-43B5-AD89-77C8EF2B1209}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe

FirewallRules: [{02F7E7EE-4843-47F5-97B9-4249BE392C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe

FirewallRules: [{B97946BE-C0AA-434E-BE89-25E6521B9DB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{50A3E8EB-14BC-4FD0-9C17-D05238DE06B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe

FirewallRules: [TCP Query User{0E515C08-91E0-4280-B6A8-8874B3A58F63}C:\users\cody\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cody\appdata\local\akamai\netsession_win.exe

FirewallRules: [UDP Query User{4CD8EF3D-3FBF-42D4-8C60-2FDDEA31CF9A}C:\users\cody\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cody\appdata\local\akamai\netsession_win.exe

FirewallRules: [TCP Query User{90D51B5B-3D65-45B3-9911-59DB55424F13}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{6C85ED2D-87CD-46C4-A31A-20861F186374}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{14BCB45D-238D-4234-9F2B-89E34100B26B}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe

FirewallRules: [UDP Query User{5BE86246-0BE2-4B7A-8F2D-D578E1A68B6C}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe

FirewallRules: [{25B46F39-9EB6-496A-8741-355E0EC1F7E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{6F77B0FF-F3DD-499C-A807-A2871BCDB4ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{B3DB7049-1EDB-487B-B564-C78AF86F8C9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe

FirewallRules: [{636FCC9A-EE44-4B74-9484-668301E4E67B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe

FirewallRules: [{BDC69297-0BA9-4957-B054-37256D9F77BA}] => (Allow) C:\Program Files\NetDrive2\nd2svc.exe

FirewallRules: [{D49EE5B7-C9C2-4751-9C89-2A2C1978F77E}] => (Allow) C:\Program Files\NetDrive2\NetDrive2.exe

FirewallRules: [{26E9CCCC-2D6E-44C4-8860-86B682A0AD40}] => (Allow) C:\Program Files\NetDrive2\nd2cmd.exe

FirewallRules: [{9D7FCC3C-5AE9-4D7C-BB75-DB30B001A815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe

FirewallRules: [{A5CC5BE0-3956-4415-8398-E05BF8C29FD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe

FirewallRules: [TCP Query User{E31FA226-D80B-4D04-B8B0-1E9E4D0BAAF0}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe

FirewallRules: [UDP Query User{52D21E49-B16B-4F5F-9ECA-7DD89AF01E4C}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe

FirewallRules: [TCP Query User{F3241641-FE00-4172-8348-D99CD877B440}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{3CDB9F64-E845-452B-954D-A96CC3B99852}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{06B447F7-A6ED-4046-B455-0ABCB0E2453E}C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe

FirewallRules: [UDP Query User{1A9D08F6-9171-4FC6-9E46-8FC3D7CED94F}C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe

FirewallRules: [TCP Query User{D355F44D-2F9D-40ED-8F7E-510FCE05EB0C}C:\program files (x86)\python35-32\pythonw.exe] => (Allow) C:\program files (x86)\python35-32\pythonw.exe

FirewallRules: [UDP Query User{663B42A7-69C1-4CB0-8BEF-EB255C0FF584}C:\program files (x86)\python35-32\pythonw.exe] => (Allow) C:\program files (x86)\python35-32\pythonw.exe

FirewallRules: [{3AEFF351-671F-4966-9CD1-60C90E02C827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe

FirewallRules: [{8A3EE691-42AC-44CA-A7E9-4CF04764DB3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe

FirewallRules: [{F932FB5B-423E-42BC-BAD5-193DF01754B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{59FC7ED3-70AB-4955-B9BE-D3EDAA03AA59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C3FC3765-44FD-4569-8930-7DCCF6094F6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe

FirewallRules: [{ECF64800-B24F-4D75-B9A6-B30815041DC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe

FirewallRules: [TCP Query User{9E600AD2-5C71-4CDC-821D-AACEA7C116B6}C:\users\cody\documents\eclipse\eclipse.exe] => (Allow) C:\users\cody\documents\eclipse\eclipse.exe

FirewallRules: [UDP Query User{E1CD5BEC-C61B-4F65-B800-1E8DE38ADF14}C:\users\cody\documents\eclipse\eclipse.exe] => (Allow) C:\users\cody\documents\eclipse\eclipse.exe

FirewallRules: [TCP Query User{ECC3D302-D645-4ADD-BB5C-732B8C35D7B1}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{E8785A6C-A4EA-4C69-ADFD-3EB2689FA9A7}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{39542793-7AF3-431D-8E4F-84AC1A96AC59}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe

FirewallRules: [UDP Query User{4C05D73F-E651-494D-838C-7F5E09817FDB}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe

FirewallRules: [TCP Query User{1876CD3D-F313-419F-B997-EC97FC9FDB9A}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{5E5B6466-7069-477D-8670-6337164CC952}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe

FirewallRules: [{8647EDB1-9A7F-44AA-A455-1422BAB3C1DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe

FirewallRules: [{A6C738F4-6201-40F3-9E9E-606DB2FD5CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe

FirewallRules: [TCP Query User{F20E730F-B223-44AD-970E-AB7537691464}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{A9EA59A8-B30E-416A-AEFF-D076167E9DBA}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{5EB66BFA-829B-491B-8118-57FB33A0A313}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe

FirewallRules: [UDP Query User{42EDBBA7-8BA4-41FE-BA0D-483016B40367}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe

FirewallRules: [{0718C3C3-CA75-4D49-81B6-31F402D1FF73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe

FirewallRules: [{5B656C7D-2C0B-42EB-BE1D-AED9B70BC619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe

FirewallRules: [TCP Query User{2C285D7B-34A0-4F90-8D3E-9E8602A435DD}C:\program files\install4j6\bin\install4j.exe] => (Allow) C:\program files\install4j6\bin\install4j.exe

FirewallRules: [UDP Query User{7A6A7CB9-D690-44BF-92C7-DDA7DE97F3CA}C:\program files\install4j6\bin\install4j.exe] => (Allow) C:\program files\install4j6\bin\install4j.exe

FirewallRules: [{5B8C371A-9AAA-44BD-8613-1F8727044004}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe

FirewallRules: [{171E700E-538F-40BF-B761-B2EE12F0D9BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe

FirewallRules: [TCP Query User{93607D63-BFF1-4388-B643-87BFE54AAEEF}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{4312334E-F747-4355-80C1-2C1AD397BC30}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{11C2BF2A-F6E3-4091-AA9E-61B05B574584}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe

FirewallRules: [UDP Query User{1B4212E6-486D-4F22-B907-150476DAFD73}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe

FirewallRules: [{1B5FDB0D-820A-4194-8D88-4F0AD45C12F7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe

FirewallRules: [{B144D89B-345C-46AF-B9CE-A25F6671C3FD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe

FirewallRules: [TCP Query User{1CCB3762-3766-4D4C-BFD2-FBA2129EEBAC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [UDP Query User{5579875B-784D-4A22-9464-AF0C0CCE87A3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [TCP Query User{53B05ADF-5025-46E0-8CD4-80792430BC0C}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{3E72EA3C-A8A7-40D2-B6E6-774A2B43A0A1}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{3E0066E0-2808-449B-99C2-150127843537}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe

FirewallRules: [UDP Query User{88998446-CC83-4501-881D-68781EC85CD6}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe

FirewallRules: [TCP Query User{36D8D677-06AF-41BD-9E53-48B716966776}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [UDP Query User{C5147C01-18DE-48C3-934F-58F48562C182}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [TCP Query User{E47D89E9-7D7A-44FE-B617-D5A65EF909E1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [UDP Query User{F83B69D0-7302-4C29-A995-0F971CF80E7D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [{6BD419A0-68C9-4A17-8456-2A67A2DCFAAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3TC.exe

FirewallRules: [{D1D03B35-009D-4338-B32D-76C9FE7F678E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3TC.exe

FirewallRules: [TCP Query User{B4247BC6-22FA-4D02-8FAF-BE36BDEE2359}C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{CD2A4EFE-1AC9-4D3F-9009-032B64EA301A}C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe

FirewallRules: [{AFECF350-FF79-4C2F-A0C1-8FAE2053EF54}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe

FirewallRules: [{FDCE9949-FCF9-434C-A7E3-3C4308C238FA}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{669DD9AF-15BA-4003-92F2-024F5B165304}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{A330EE98-1B46-4E2B-972C-91417F071520}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe

FirewallRules: [{C8634E7C-88B2-48F1-996A-D16225FC42A2}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe

FirewallRules: [{306561D3-0071-4ED3-8CA0-8CAD9BEF295E}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe

FirewallRules: [TCP Query User{F2BBF05C-7969-45E7-BC72-48E4FD1DA3A7}C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe

FirewallRules: [UDP Query User{559D5153-B402-4D04-9C96-AB079380586B}C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe

FirewallRules: [{A648FDF1-B153-4FD7-8272-418FAFD1EF42}] => (Block) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe

FirewallRules: [{8ED57D8E-EF78-4563-B27A-D2677E8D17A9}] => (Block) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe

FirewallRules: [TCP Query User{ADD0F885-717F-4576-9EEE-3123A9D1C93C}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

FirewallRules: [UDP Query User{66102041-2C64-483A-89F5-C20DB4489584}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

FirewallRules: [{18D0ACC1-CCB0-4573-85FA-20206DC06702}] => (Block) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

FirewallRules: [{ACD122B4-7C67-41DE-AB9A-2A9224249C79}] => (Block) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

FirewallRules: [{88B07424-E7D5-4E3C-BAF4-6D6DC3AC23AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [TCP Query User{77719439-521D-4A32-B293-D126AD1871F2}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{DB11DF07-083C-4AD1-B493-13228B239FC1}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe

FirewallRules: [{F66BFF1F-064D-4251-BB96-EC8A374B0AED}] => (Block) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe

FirewallRules: [{EBA61CD5-6EA4-4263-BC26-A8C8DB65B7AA}] => (Block) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe

FirewallRules: [{67DF9635-7A2F-4D43-9F51-35A193560F16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe

FirewallRules: [{3E658949-0219-4047-A2CA-54BF0222BC7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe

FirewallRules: [TCP Query User{9FF1295E-DB75-4619-9CCF-59BB868F14E9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{DF892856-8A60-4AF9-8EC5-3E733AF06980}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

==================== Restore Points =========================

20-08-2016 18:39:18 Scheduled Checkpoint

29-08-2016 11:05:32 Scheduled Checkpoint

01-09-2016 18:39:19 Windows Update

10-09-2016 02:23:39 Installed SpyHunter

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (09/10/2016 02:24:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:

Access is denied.

.

Error: (09/09/2016 04:22:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAH-DESKTOP)

Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/09/2016 02:18:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAH-DESKTOP)

Description: Activation of application Microsoft.Getstarted_4.0.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/09/2016 02:16:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAH-DESKTOP)

Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/08/2016 02:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1203

Error: (09/08/2016 02:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1203

Error: (09/08/2016 02:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2016 09:35:46 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program TESV.exe version 1.9.32.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 22b0

Start Time: 01d208f3f4828275

Termination Time: 163

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe

Report Id: 35457838-74ef-11e6-8294-a41f72ff73f6

Faulting package full name:

Faulting package-relative application ID:

Error: (09/06/2016 11:13:40 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program explorer.exe version 10.0.10586.494 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ba0

Start Time: 01d207d503e9e8cd

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 9d97bd6e-7433-11e6-8294-a41f72ff73f6

Faulting package full name:

Faulting package-relative application ID:

Error: (09/05/2016 02:24:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15516

System errors:

=============

Error: (09/10/2016 07:56:49 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (09/10/2016 07:56:46 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/10/2016 07:56:46 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/10/2016 07:56:37 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/10/2016 07:56:37 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/10/2016 07:56:29 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/10/2016 07:56:29 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/10/2016 07:56:28 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/10/2016 07:56:28 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/10/2016 07:56:19 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

{C2F03A33-21F5-47FA-B4BB-156362A2F239}

and APPID

{316CDED5-E4AE-4B15-9113-7055D84DCC97}

to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:

===================================

Date: 2016-09-01 19:52:44.842

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-24 15:20:46.026

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-11 09:12:23.526

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-10 20:06:04.702

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 18:50:06.380

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-20 12:01:54.017

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-19 10:11:07.940

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 21:01:38.790

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-22 22:53:22.656

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-22 11:46:32.091

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz

Percentage of memory in use: 59%

Total physical RAM: 8108.73 MB

Available physical RAM: 3321.96 MB

Total Virtual: 9644.73 MB

Available Virtual: 3307.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:930.37 GB) (Free:81.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 403870F7)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Sep 10, 2016

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

In the future please use Notepad instead of Wordpad to open logs.
Wordpad creates an extra space and all logs are twice as long and harder for me to read.
Thank you

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Azadai · Sep 11, 2016

Sorry about that. Here are the logs from the scans you got me to run:
RogueKiller:
RogueKiller V12.6.1.0 (x64) [Sep 6 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Cody [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/11/2016 07:41:54 (Duration : 00:51:37)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084 -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084 -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084 -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> ERROR [2]

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-75M2NA0 +++++
--- User ---
[MBR] b1e9294352e2668e5685f3710fee7062
[BSP] 45ae2875c3c9a971702dcaf0c0c2a78f : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 468992 | Size: 490 MB
3 - Basic data partition | Offset (sectors): 1472512 | Size: 952700 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1952602112 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

MalewareBytes:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/09/2016
Scan Time: 4:37 PM
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.11.03
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Cody

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 441541
Time Elapsed: 45 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

AdwClean[C0]:
# AdwCleaner v6.010 - Logfile created 11/09/2016 at 17:49:48
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-11.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Cody - MAH-DESKTOP
# Running from : C:\Users\Cody\Downloads\adwcleaner_6.010.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File deleted: C:\END
[-] File deleted: C:\Users\Cody\AppData\Local\Temp\Utils.dll

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inkrevealed.dl.tb.ask.com

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1292 Bytes] - [11/09/2016 17:49:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [1584 Bytes] - [11/09/2016 17:42:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1438 Bytes] ##########

AdwClean[S0]:
# AdwCleaner v6.010 - Logfile created 11/09/2016 at 17:42:02
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-11.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Cody - MAH-DESKTOP
# Running from : C:\Users\Cody\Downloads\adwcleaner_6.010.exe
# Mode: Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

File Found: C:\END
File Found: C:\Users\Cody\AppData\Local\Temp\Utils.dll

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inkrevealed.dl.tb.ask.com

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1432 Bytes] - [11/09/2016 17:42:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1505 Bytes] ##########

JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64
Ran by Cody (Administrator) on 11/09/2016 at 18:08:00.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 2

Successfully deleted: C:\Users\Cody\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\WINDOWS\prefetch\TOOLBARNATIVEMSGHOST.EXE-FF3881E5.pf (File)

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3C2CE495-0E51-4445-B938-7EC00E7B56A5} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/09/2016 at 18:56:55.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Sep 11, 2016

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Azadai · Sep 12, 2016

Here are the logs from the Farbar scan
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Cody (administrator) on MAH-DESKTOP (12-09-2016 11:13:42)
Running from C:\Users\Cody\Downloads
Loaded Profiles: Cody (Available Profiles: Cody & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Riot Games\LolScreenSaver\service\service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe
() C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Cody\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-08] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2015-12-19] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1903344 2016-02-17] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-17] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-17] (Trend Micro Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-07] (Logitech Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-09-24] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1917440 2016-07-15] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [Akamai NetSession Interface] => C:\Users\Cody\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [NetDrive2] => "C:\PROGRA~1\NETDRI~1\NetDrive2.exe" -tray
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bb993540-6cda-49de-9ab8-4fdb17444a7a}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004 -> DefaultScope {3C2CE495-0E51-4445-B938-7EC00E7B56A5} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\wv5djrep.default-1473395599353
FF Homepage: www.google.com.au
FF NetworkProxy: "no_proxies_on", "https://localhost, localhost, 127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-05] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-12] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-01-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3313481241-1894715402-4189534921-1004: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-06-11] ()
FF Extension: (Firefox Hotfix) - C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\wv5djrep.default-1473395599353\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-06-23]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-01-11]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com.au/"
CHR Profile: C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-24]
CHR Extension: (Google Docs) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-24]
CHR Extension: (Google Drive) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (Adguard AdBlocker) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-08-30]
CHR Extension: (YouTube) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]
CHR Extension: (Google Search) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Google Sheets) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Ghostery) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-09-01]
CHR Extension: (Gmail) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-24]
CHR Extension: (Chrome Media Router) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-07] (Logitech Inc.)
R2 LolScreenSaverService; C:\Riot Games\LolScreenSaver\service\service.exe [707072 2016-03-31] () [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310448 2016-08-30] (Overwolf LTD)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-17] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2443776 2016-07-14] (Trend Micro Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-15] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive2\nd2svc.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-21] (Qualcomm Atheros Communications, Inc.)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-09-09] ()
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2014-02-07] (PassMark Software)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SNXPPAMD; C:\Windows\System32\drivers\snxppamd.sys [99424 2013-03-13] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\System32\drivers\snxpsamd.sys [97888 2013-03-13] (SUNIX Co., Ltd.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [101600 2016-07-21] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [124752 2015-12-10] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-11] ()
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2015-09-24] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 mfeapfk; system32\drivers\mfeapfk.sys [X]
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Azadai · Sep 12, 2016

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-12 11:13 - 2016-09-12 11:14 - 00032199 _____ C:\Users\Cody\Downloads\FRST.txt
2016-09-11 17:40 - 2016-09-11 17:49 - 00000000 ____D C:\AdwCleaner
2016-09-11 16:39 - 2016-09-11 18:07 - 01610560 _____ (Malwarebytes) C:\Users\Cody\Downloads\JRT.exe
2016-09-11 16:39 - 2016-09-11 17:40 - 03826240 _____ C:\Users\Cody\Downloads\adwcleaner_6.010.exe
2016-09-11 07:41 - 2016-09-11 07:41 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-09-11 07:39 - 2016-09-11 07:39 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-09-11 07:39 - 2016-09-11 07:39 - 00000000 ____D C:\ProgramData\RogueKiller
2016-09-11 07:39 - 2016-09-11 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-09-11 07:39 - 2016-09-11 07:39 - 00000000 ____D C:\Program Files\RogueKiller
2016-09-11 07:32 - 2016-09-11 07:39 - 33106704 _____ (Adlice Software ) C:\Users\Cody\Downloads\setup.exe
2016-09-10 20:04 - 2016-09-10 20:04 - 00000635 _____ C:\WINDOWS\system32\Drivers\etc\tmsshf.bin
2016-09-10 20:02 - 2016-09-12 11:13 - 00000000 ____D C:\FRST
2016-09-10 20:02 - 2016-09-10 20:02 - 02397696 _____ (Farbar) C:\Users\Cody\Downloads\FRST64.exe
2016-09-10 19:50 - 2016-09-10 19:50 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Cody\Downloads\SpyHunter-Installer.exe
2016-09-10 02:25 - 2016-09-10 02:25 - 00003434 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2016-09-10 02:24 - 2016-09-10 02:24 - 00002361 _____ C:\Users\Cody\Desktop\SpyHunter.lnk
2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\sh4ldr
2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2016-09-10 02:23 - 2016-09-10 02:24 - 00000000 ____D C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-09-10 02:21 - 2016-09-10 02:21 - 00000000 ____D C:\Users\Cody\Downloads\SpyHunter 4 + Crack
2016-09-10 02:20 - 2016-09-10 02:21 - 15901755 _____ C:\Users\Cody\Downloads\SpyHunter 4 + Crack.zip
2016-09-09 21:29 - 2016-09-11 21:43 - 00001136 _____ C:\Users\Cody\Desktop\nativelog.txt
2016-09-09 16:30 - 2016-09-09 16:30 - 00001816 _____ C:\Users\Cody\Desktop\Google Chrome.lnk
2016-09-09 15:15 - 2016-09-11 21:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-09 15:14 - 2016-09-09 16:25 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-09 15:14 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-09 15:14 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-09 15:14 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-09 15:12 - 2016-09-09 15:14 - 22851472 _____ (Malwarebytes ) C:\Users\Cody\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-09 14:45 - 2016-09-09 14:45 - 00000000 _____ C:\autoexec.bat
2016-09-09 14:44 - 2016-09-09 14:44 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-09-09 14:18 - 2016-09-09 14:18 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-09-09 14:17 - 2016-09-09 14:40 - 00171198 _____ C:\WINDOWS\ntbtlog.txt
2016-09-07 17:29 - 2016-09-07 17:29 - 36269107 _____ C:\Users\Cody\Downloads\Introduction to Electric Circuits, 8th Edition by Richard C. Dorf & James A. Svoboda.pdf
2016-09-07 17:16 - 2016-09-07 17:16 - 00000000 ____D C:\ProgramData\Webitar Production Inc
2016-09-07 13:09 - 2016-09-07 13:09 - 09333759 _____ C:\Users\Cody\Downloads\Republic_Venator_Class Star_Destroyer_Divici.zip
2016-09-06 19:13 - 2016-09-06 19:13 - 00000000 ____D C:\Users\Cody\Documents\Minecraft projects
2016-09-06 13:21 - 2016-09-09 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-06 12:38 - 2016-09-06 12:38 - 00000000 ____D C:\Users\Cody\AppData\Local\Macromedia
2016-09-04 22:57 - 2016-09-07 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-09-04 19:38 - 2016-09-09 16:25 - 00000982 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\Users\Cody\AppData\Local\TomTom
2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2016-09-04 19:37 - 2016-09-04 19:37 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2016-09-04 19:34 - 2016-09-04 19:35 - 37565768 _____ (TomTom International B.V.) C:\Users\Cody\Downloads\InstallMyDriveConnect.exe
2016-09-03 21:25 - 2016-09-03 21:25 - 00013914 _____ C:\Users\Cody\AppData\Local\recently-used.xbel
2016-09-03 20:55 - 2016-09-03 20:55 - 03927093 _____ C:\Users\Cody\Downloads\forge-1.8.9-11.15.1.1722-installer-win.exe
2016-09-03 20:41 - 2016-09-03 20:42 - 03719516 _____ C:\Users\Cody\Downloads\forge-1.8-11.14.4.1563-installer-win.exe
2016-09-03 20:32 - 2016-09-03 20:32 - 01971599 _____ C:\Users\Cody\Downloads\fml-1.8-8.0.127.1103-installer-win.exe
2016-09-03 17:23 - 2016-09-03 17:23 - 02802417 _____ C:\Users\Cody\Downloads\RaceMenu Overlay Compilation - CBBE version-48705-1-1.rar
2016-09-03 11:34 - 2016-09-03 11:34 - 00001624 _____ C:\Users\Cody\Downloads\Should You Lock the Door- (1).xml
2016-09-03 11:33 - 2016-09-03 11:33 - 00001624 _____ C:\Users\Cody\Downloads\Should You Lock the Door-.xml
2016-09-02 19:54 - 2016-09-02 19:54 - 02797828 _____ C:\Users\Cody\Downloads\ELEC2004 Study Guide.zip
2016-09-02 19:54 - 2016-09-02 19:54 - 00000000 ____D C:\Users\Cody\Downloads\ELEC2004 Study Guide
2016-08-27 21:22 - 2016-08-27 21:22 - 00000000 ____D C:\Users\Cody\Downloads\XRM_BACKGR
2016-08-27 21:19 - 2016-08-27 21:20 - 00000000 ____D C:\Users\Cody\Downloads\XRM1.30
2016-08-27 20:54 - 2016-08-27 20:55 - 27089068 _____ C:\Users\Cody\Downloads\XRM_BACKGR.zip
2016-08-27 20:52 - 2016-08-27 21:09 - 485793193 _____ C:\Users\Cody\Downloads\XRM1.30_PART_1 (1).zip
2016-08-27 20:52 - 2016-08-27 20:59 - 328027746 _____ C:\Users\Cody\Downloads\XRM1.29_PART_3.zip
2016-08-27 20:52 - 2016-08-27 20:52 - 08927374 _____ C:\Users\Cody\Downloads\XRM1.30d_PART_2.zip
2016-08-27 20:40 - 2016-08-27 20:40 - 00605859 _____ C:\Users\Cody\Downloads\X3-ImmersiveGUIHUD-1.3.rar
2016-08-27 20:38 - 2016-08-27 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Egosoft
2016-08-27 20:35 - 2016-08-27 20:38 - 03313352 _____ (Egosoft ) C:\Users\Cody\Downloads\X3AP_Bonus_Pack_5.1.0.0.exe
2016-08-26 21:00 - 2016-08-26 21:03 - 57330773 _____ C:\Users\Cody\Downloads\Beastess 8.02.7z
2016-08-24 01:14 - 2016-08-24 01:14 - 00006403 _____ C:\Users\Cody\Downloads\Cure.rar
2016-08-23 23:52 - 2016-08-23 23:52 - 00000083 _____ C:\Users\Cody\.gtk-bookmarks
2016-08-23 23:13 - 2016-09-03 21:25 - 00000000 ____D C:\Users\Cody\AppData\Local\gtk-2.0
2016-08-23 23:11 - 2016-08-23 23:11 - 00000000 ____D C:\Users\Cody\.thumbnails
2016-08-23 22:39 - 2016-09-03 21:25 - 00000000 ____D C:\Users\Cody\.gimp-2.8
2016-08-23 22:39 - 2016-08-23 22:39 - 00000000 ____D C:\Users\Cody\AppData\Local\gegl-0.2
2016-08-23 22:39 - 2016-08-23 22:39 - 00000000 ____D C:\Users\Cody\AppData\Local\fontconfig
2016-08-23 22:37 - 2016-08-23 22:37 - 00000000 ____D C:\Users\Cody\Downloads\gimp-dds-win64-3.0.1
2016-08-23 22:36 - 2016-08-23 22:36 - 00000000 ____D C:\Users\Cody\Downloads\use own skin
2016-08-22 23:49 - 2016-08-22 23:50 - 31096007 _____ C:\Users\Cody\Downloads\SOS - Schlongs of Skyrim - 3.00.004.7z
2016-08-22 23:33 - 2016-08-22 23:34 - 00367593 _____ C:\Users\Cody\Downloads\PapyrusUtil_v32.zip
2016-08-22 16:25 - 2016-08-22 16:26 - 24688762 _____ C:\Users\Cody\Downloads\Mod Organizer v1_3_11 installer-1334-1-3-11.exe
2016-08-22 15:17 - 2016-08-22 15:17 - 123899131 _____ C:\Users\Cody\Downloads\MoreNastyCritters9_3_fomod.7z
2016-08-21 23:55 - 2016-08-21 23:56 - 00000000 ____D C:\Users\Cody\Downloads\TES5Edit 3.1.3-25859-3-1-3
2016-08-21 23:55 - 2016-08-21 23:55 - 02900822 _____ C:\Users\Cody\Downloads\TES5Edit 3.1.3-25859-3-1-3.7z
2016-08-21 23:21 - 2016-08-21 23:21 - 07603889 _____ C:\Users\Cody\Downloads\2.17 archives.7z
2016-08-21 23:18 - 2016-08-21 23:18 - 00000000 ____D C:\Users\Cody\Downloads\ERF Bodyslide Presets
2016-08-21 23:17 - 2016-08-21 23:17 - 00000000 ____D C:\Users\Cody\Downloads\PSQ Transform Package - Animated Wings 1.2
2016-08-21 23:14 - 2016-08-21 23:14 - 00000000 ____D C:\Users\Cody\Downloads\PSQ Transform Package - Horse Penis Addon 1.2
2016-08-21 23:01 - 2016-08-21 23:01 - 00002513 _____ C:\Users\Cody\Downloads\PSQ RND.7z
2016-08-21 22:59 - 2016-08-21 22:59 - 00001142 _____ C:\Users\Cody\Downloads\Transform Dummy Files.7z
2016-08-21 22:47 - 2016-08-21 22:50 - 77796693 _____ C:\Users\Cody\Downloads\PSQ Transform Package 1.2.zip
2016-08-21 22:47 - 2016-08-21 22:47 - 02761717 _____ C:\Users\Cody\Downloads\PSQ Transform Package - Horse Penis Addon 1.2.zip
2016-08-21 22:46 - 2016-08-21 22:46 - 00581085 _____ C:\Users\Cody\Downloads\PSQ Transform Package - Animated Wings 1.2.zip
2016-08-21 22:46 - 2016-08-21 22:46 - 00000569 _____ C:\Users\Cody\Downloads\PSQ Copy OrgBody Files Script.zip
2016-08-21 22:45 - 2016-08-21 22:45 - 00007394 _____ C:\Users\Cody\Downloads\ERF Bodyslide Presets.zip
2016-08-21 16:15 - 2016-08-21 16:15 - 00070738 _____ C:\Users\Cody\Downloads\SlaveTats-1.2.1.7z
2016-08-21 15:46 - 2016-09-09 16:26 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2016-08-21 15:46 - 2016-08-21 15:46 - 00000000 ____D C:\Program Files\GIMP 2
2016-08-21 15:45 - 2016-08-21 15:45 - 00197483 _____ C:\Users\Cody\Downloads\gimp-dds-win64-3.0.1.zip
2016-08-21 15:44 - 2016-08-21 15:46 - 77404656 _____ (The GIMP Team ) C:\Users\Cody\Downloads\gimp-2.8.18-setup.exe
2016-08-21 15:09 - 2016-08-21 15:09 - 01605460 _____ C:\Users\Cody\Downloads\use own skin.7z
2016-08-21 14:20 - 2016-08-21 14:20 - 00000000 ____D C:\Users\Cody\Downloads\NifSkope_2_0_2016-04-11-1
2016-08-21 13:48 - 2016-08-21 13:48 - 00000000 ____D C:\Users\Cody\Downloads\fixed_textures
2016-08-21 00:46 - 2016-08-21 02:45 - 00000000 ____D C:\Users\Cody\Downloads\BSAopt-247-1-6-3
2016-08-21 00:46 - 2016-08-21 00:46 - 00983170 _____ C:\Users\Cody\Downloads\BSAopt-247-1-6-3.7z
2016-08-21 00:22 - 2016-08-21 00:22 - 00000000 ____D C:\Users\Cody\Downloads\Copy Orgbody MO
2016-08-21 00:14 - 2016-08-21 00:14 - 01622397 _____ C:\Users\Cody\Downloads\PSQ3.2.6.7z
2016-08-20 14:54 - 2016-09-09 16:26 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2016-08-20 14:54 - 2016-09-09 16:25 - 00001020 _____ C:\Users\Public\Desktop\LOOT.lnk
2016-08-20 14:54 - 2016-08-28 18:45 - 00000000 ____D C:\Users\Cody\AppData\Local\LOOT
2016-08-20 14:54 - 2016-08-20 14:54 - 00000000 ____D C:\Program Files (x86)\LOOT
2016-08-20 14:51 - 2016-08-20 14:53 - 25492241 _____ (LOOT Team ) C:\Users\Cody\Downloads\LOOT.Installer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-12 11:14 - 2016-01-10 15:43 - 00000010 _____ C:\Users\Cody\AppData\Local\sponge.last.runtime.cache
2016-09-12 11:11 - 2015-12-24 11:36 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-12 11:10 - 2016-07-26 15:44 - 00000000 ____D C:\Users\Cody\AppData\Local\DP_Tower_3.7
2016-09-12 11:10 - 2016-05-18 22:43 - 00000568 _____ C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job
2016-09-12 11:10 - 2016-03-20 14:18 - 00000568 _____ C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job
2016-09-12 11:10 - 2015-12-24 14:34 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-12 11:10 - 2015-12-24 11:28 - 00000000 __SHD C:\Users\Cody\IntelGraphicsProfiles
2016-09-12 10:57 - 2015-12-24 11:36 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-12 10:49 - 2016-08-05 21:49 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-12 10:38 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-11 23:26 - 2015-12-30 22:04 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Skype
2016-09-11 23:25 - 2015-12-26 20:25 - 00000000 ____D C:\Users\Cody\AppData\Local\Battle.net
2016-09-11 22:18 - 2016-01-19 19:15 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-09-11 22:16 - 2015-12-26 20:24 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-09-11 21:39 - 2016-06-12 12:53 - 00000000 ____D C:\Users\Cody\AppData\Roaming\.minecraft
2016-09-11 18:00 - 2015-10-30 16:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-09-11 17:57 - 2015-12-23 18:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-11 17:57 - 2015-12-23 18:11 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-11 17:57 - 2015-10-30 16:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-11 17:39 - 2015-12-05 17:43 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-11 08:32 - 2013-08-23 01:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-09-10 19:52 - 2015-12-23 18:14 - 00000000 ____D C:\Users\Cody
2016-09-10 12:18 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-09 20:58 - 2016-06-12 14:54 - 00000000 ____D C:\Users\Cody\AppData\Local\LogMeIn Hamachi
2016-09-09 16:29 - 2015-12-23 18:21 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-09 16:29 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-09 16:26 - 2016-07-24 16:53 - 00001282 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-09-09 16:26 - 2016-06-22 16:07 - 00002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2016-09-09 16:26 - 2016-06-22 16:07 - 00001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2016-09-09 16:26 - 2016-05-18 22:43 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015b.lnk
2016-09-09 16:26 - 2016-04-30 18:46 - 00001873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-09-09 16:26 - 2016-04-30 18:46 - 00001611 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-09-09 16:26 - 2016-04-06 23:42 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-09 16:26 - 2016-03-20 14:19 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015a.lnk
2016-09-09 16:26 - 2016-03-10 20:45 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2016-09-09 16:26 - 2016-02-08 23:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-09 16:26 - 2016-01-10 21:53 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-09-09 16:26 - 2015-12-26 15:57 - 00001284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-09-09 16:26 - 2015-12-24 15:16 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-09 16:26 - 2015-12-24 11:37 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-09 16:26 - 2015-12-24 11:33 - 00001029 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-09-09 16:26 - 2015-12-23 19:44 - 00002407 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-09 16:26 - 2015-12-23 18:16 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-09 16:26 - 2013-10-22 13:10 - 00001392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-09-09 16:26 - 2013-10-22 13:10 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-09-09 16:25 - 2016-07-24 16:54 - 00001150 _____ C:\Users\Public\Desktop\Overwolf.lnk
2016-09-09 16:25 - 2016-06-22 16:07 - 00001327 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-09-09 16:25 - 2016-06-22 16:07 - 00001195 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk
2016-09-09 16:25 - 2016-06-12 12:52 - 00001026 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-09-09 16:25 - 2016-05-29 02:00 - 00000697 _____ C:\Users\Public\Desktop\DCP_Setup_Maker.lnk
2016-09-09 16:25 - 2016-05-18 22:43 - 00001360 _____ C:\Users\Public\Desktop\MATLAB R2015b.lnk
2016-09-09 16:25 - 2016-04-06 23:42 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-09 16:25 - 2016-03-20 14:19 - 00001360 _____ C:\Users\Public\Desktop\MATLAB R2015a.lnk
2016-09-09 16:25 - 2016-03-10 20:45 - 00001048 _____ C:\Users\Public\Desktop\WinSCP.lnk
2016-09-09 16:25 - 2016-03-02 17:09 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-09-09 16:25 - 2016-02-27 20:54 - 00000971 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-09-09 16:25 - 2016-02-08 23:01 - 00002120 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-09-09 16:25 - 2016-01-29 18:13 - 00001579 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-09-09 16:25 - 2016-01-19 19:32 - 00001258 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2016-09-09 16:25 - 2016-01-15 15:25 - 00001160 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2016-09-09 16:25 - 2016-01-10 21:53 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-09-09 16:25 - 2015-12-30 22:04 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2016-09-09 16:25 - 2015-12-29 13:37 - 00001088 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-09-09 16:25 - 2015-12-26 21:04 - 00001207 _____ C:\Users\Public\Desktop\Diablo III.lnk
2016-09-09 16:25 - 2015-12-26 20:25 - 00001213 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-09-09 16:25 - 2015-12-26 15:57 - 00001266 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-09-09 16:25 - 2015-12-24 15:16 - 00001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-09-09 16:25 - 2015-12-24 14:34 - 00002038 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2016-09-09 16:25 - 2015-12-24 14:27 - 00001088 _____ C:\Users\Public\Desktop\iExplorer.lnk
2016-09-09 16:25 - 2015-12-23 16:41 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-09-09 16:24 - 2016-08-08 18:08 - 00002277 _____ C:\Users\Cody\Desktop\Discord.lnk
2016-09-09 16:24 - 2016-07-26 14:12 - 00001192 _____ C:\Users\Cody\Desktop\Syncios.lnk
2016-09-09 16:24 - 2016-07-24 16:53 - 00001326 _____ C:\Users\Cody\Desktop\TeamSpeak 3 Client.lnk
2016-09-09 16:24 - 2016-05-29 02:04 - 00002033 _____ C:\Users\Cody\Desktop\install4j.lnk
2016-09-09 16:24 - 2016-04-06 13:01 - 00001204 _____ C:\Users\Cody\Desktop\SourceTree.lnk
2016-09-09 16:24 - 2016-04-06 12:20 - 00002291 _____ C:\Users\Cody\Desktop\Git Shell.lnk
2016-09-09 16:24 - 2016-04-02 14:29 - 00000776 _____ C:\Users\Cody\Desktop\Eclipse.lnk
2016-09-09 16:24 - 2016-03-08 18:55 - 00001274 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice IV.lnk
2016-09-09 16:24 - 2016-03-08 18:55 - 00001250 _____ C:\Users\Cody\Desktop\LTspice IV.lnk
2016-09-09 16:24 - 2016-02-09 20:13 - 00002639 _____ C:\Users\Cody\Desktop\Windows 7 USB DVD Download Tool.lnk
2016-09-09 16:24 - 2016-02-08 23:15 - 00002282 _____ C:\Users\Cody\Desktop\Dungeons & Dragons Online.lnk
2016-09-09 16:24 - 2016-02-01 18:13 - 00001224 _____ C:\Users\Cody\Desktop\NavDesk 7.50.lnk
2016-09-09 16:24 - 2016-01-10 21:53 - 00001040 _____ C:\Users\Cody\Desktop\OSFMount.lnk
2016-09-09 16:24 - 2016-01-10 14:40 - 00001387 _____ C:\Users\Cody\Desktop\Trend Micro Maximum Security.lnk
2016-09-09 16:23 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\Cursors
2016-09-09 14:11 - 2015-12-26 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-07 20:08 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-07 18:00 - 2015-12-05 16:50 - 00000000 ____D C:\Users\Cody\Documents\Uni
2016-09-07 16:08 - 2015-12-03 16:38 - 00000000 ____D C:\Users\Cody\AppData\Local\Packages
2016-09-06 19:16 - 2016-01-11 21:01 - 00000196 _____ C:\Users\Cody\Desktop\New Text Document.txt
2016-09-04 15:23 - 2015-12-23 17:20 - 00000000 ____D C:\Users\Cody\AppData\Local\CrashDumps
2016-09-03 23:26 - 2016-01-15 14:52 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-09-03 20:33 - 2016-04-02 14:05 - 00000000 ____D C:\Users\Cody\.oracle_jre_usage
2016-09-02 17:04 - 2016-04-08 22:28 - 00000000 ____D C:\Users\Cody\AppData\Roaming\SpaceEngineers
2016-09-01 18:40 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 18:40 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-01 10:54 - 2016-07-24 16:54 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-08-31 13:32 - 2016-01-10 21:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-08-29 23:31 - 2015-12-26 20:30 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-08-29 20:12 - 2016-08-08 18:08 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-29 20:12 - 2016-08-08 18:08 - 00000000 ____D C:\Users\Cody\AppData\Roaming\discord
2016-08-29 20:11 - 2016-08-08 18:07 - 00000000 ____D C:\Users\Cody\AppData\Local\Discord
2016-08-22 23:54 - 2016-02-27 20:54 - 00000000 ____D C:\Users\Cody\Documents\Nexus Mod Manager
2016-08-21 23:56 - 2016-02-27 14:35 - 00000000 ____D C:\Users\Cody\AppData\Local\Skyrim
2016-08-17 11:16 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-17 11:15 - 2016-01-12 14:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-16 22:07 - 2016-07-24 16:53 - 00000000 ____D C:\Users\Cody\AppData\Roaming\TS3Client
2016-08-16 13:45 - 2015-12-30 22:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-16 13:45 - 2015-12-30 22:04 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-03-08 20:07 - 2016-05-30 17:17 - 0004622 _____ () C:\Users\Cody\AppData\Roaming\LTspiceIV.ini
2016-03-11 01:06 - 2016-05-27 19:03 - 0000600 _____ () C:\Users\Cody\AppData\Roaming\winscp.rnd
2016-01-10 14:35 - 2016-01-10 14:35 - 0000036 _____ () C:\Users\Cody\AppData\Local\housecall.guid.cache
2016-03-31 17:25 - 2016-05-01 14:45 - 0000600 _____ () C:\Users\Cody\AppData\Local\PUTTY.RND
2016-09-03 21:25 - 2016-09-03 21:25 - 0013914 _____ () C:\Users\Cody\AppData\Local\recently-used.xbel
2016-01-10 15:43 - 2016-09-12 11:14 - 0000010 _____ () C:\Users\Cody\AppData\Local\sponge.last.runtime.cache
2015-12-23 18:11 - 2015-12-23 18:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-22 13:07 - 2013-10-22 13:08 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-22 13:04 - 2013-10-22 13:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-22 13:05 - 2013-10-22 13:05 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-10-22 13:06 - 2013-10-22 13:07 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2013-10-22 13:04 - 2013-10-22 13:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\Users\Cody\Q2BlockDiagram2.exe
C:\Users\Cody\Q3Simulation.exe

Some files in TEMP:
====================
C:\Users\Cody\AppData\Local\Temp\0172691451345113mcinst.exe
C:\Users\Cody\AppData\Local\Temp\59f3-ed9e-90bb-abe8.exe
C:\Users\Cody\AppData\Local\Temp\COMAP.EXE
C:\Users\Cody\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Cody\AppData\Local\Temp\Execute2App.exe
C:\Users\Cody\AppData\Local\Temp\jansi-64-1810959505688073440.dll
C:\Users\Cody\AppData\Local\Temp\jansi-64-3745218813016737628.dll
C:\Users\Cody\AppData\Local\Temp\jansi-64-7499072956835013738.dll
C:\Users\Cody\AppData\Local\Temp\jansi-64-7510082244880606345.dll
C:\Users\Cody\AppData\Local\Temp\jansi-64-8795685801070610727.dll
C:\Users\Cody\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Cody\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Cody\AppData\Local\Temp\libeay32.dll
C:\Users\Cody\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Cody\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Cody\AppData\Local\Temp\msvcp90.dll
C:\Users\Cody\AppData\Local\Temp\msvcr120.dll
C:\Users\Cody\AppData\Local\Temp\msvcr90.dll
C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
C:\Users\Cody\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Cody\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Cody\AppData\Local\Temp\nvStInst.exe
C:\Users\Cody\AppData\Local\Temp\sqlite3.dll
C:\Users\Cody\AppData\Local\Temp\SynciosDeviceService.exe
C:\Users\Cody\AppData\Local\Temp\TmDbgLog.dll
C:\Users\Cody\AppData\Local\Temp\xmlUpdater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-07 11:23

==================== End of FRST.txt ============================

Azadai · Sep 12, 2016

Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Cody (12-09-2016 11:15:02)
Running from C:\Users\Cody\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-23 09:39:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3313481241-1894715402-4189534921-500 - Administrator - Enabled) => C:\Users\Administrator
Cody (S-1-5-21-3313481241-1894715402-4189534921-1004 - Administrator - Enabled) => C:\Users\Cody
DefaultAccount (S-1-5-21-3313481241-1894715402-4189534921-503 - Limited - Disabled)
Guest (S-1-5-21-3313481241-1894715402-4189534921-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3313481241-1894715402-4189534921-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Maximum Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Maximum Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.06020 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.06020 - Cisco Systems, Inc.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DOOM 3 (HKLM\...\Steam App 9050) (Version: - id Software)
DOOM 3: Resurrection of Evil (HKLM\...\Steam App 9070) (Version: - id Software)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Dungeons & Dragons Online v2600.0045.4801.4249 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 2600.0045.4801.4249 - Atari, Inc.)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
GitHub (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\5f7eb300e2ea4ebf) (Version: 3.0.17.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
iExplorer 3.2.5.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
install4j 6.1.1 (HKLM\...\6187-37938-2029-3898) (Version: 6.1.1 - ej-technologies GmbH)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
IzPack 5.0.8 (HKLM\...\IzPack 5.0.8) (Version: - )
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
League Screensaver (HKLM-x32\...\LolScreenSaver) (Version: W0.1.19-0.11.13-beta - Riot Games)
Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden
LOOT version 0.9.2 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.2 - LOOT Team)
LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2015a (HKLM\...\Matlab R2015a) (Version: 8.5 - MathWorks)
MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Might & Magic: Heroes VI (HKLM\...\Steam App 48220) (Version: - Blackhole)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Mozilla Thunderbird 45.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.1.0 (x86 en-US)) (Version: 45.1.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.15 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.43 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.97.209.0 - Overwolf Ltd.)
Python 3.5.1 (32-bit) (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Sanctum (HKLM\...\Steam App 91600) (Version: - Coffee Stain Studios)
Sanctum 2 (HKLM\...\Steam App 210770) (Version: - Coffee Stain Studios)
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Skyrim Creation Kit (HKLM\...\Steam App 202480) (Version: - bgs.bethsoft.com)
Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version: - The SKSE Team)
SourceTree (HKLM-x32\...\SourceTree 1.8.3) (Version: 1.8.3 - Atlassian)
SourceTree (x32 Version: 1.8.3 - Atlassian) Hidden
Space Engineers (HKLM\...\Steam App 244850) (Version: - Keen Software House)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM-x32\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)
SUPER © v2016.Build.69+3D+Recorder (2016/04/02) version v2016.B (HKLM-x32\...\{CB93965C-C24C-437D-839B-285188F22F11}_is1) (Version: v2016.Build.69+3D+Recorder - eRightSoft)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.02 - NCH Software)
Syncios 5.0.6 (HKLM-x32\...\Syncios) (Version: 5.0.6 - Anvsoft)
TeamSpeak 3 Client (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
TomTom MyDrive Connect 4.1.1.2797 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.1.2797 - TomTom)
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.7.0.1075 - Trend Micro Inc.)
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
X3 Albio Prelude Bonus Pack 5.1.0.0 (HKLM-x32\...\X3AP Bonus Pack_is1) (Version: 5.1.0.0 - Egosoft)
X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version: - Egosoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Cody\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0CA8690D-AB37-4F2A-B16E-8C0B14C35751} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {0E45AFB6-E450-403B-BD83-DA4043A10184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
Task: {34726F01-7385-4433-BB2F-2804E3F9F7A2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {5878757E-0C48-4924-B243-B3DBAB029162} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {637C4646-000D-4A11-8518-F7B5B05A176E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {644B9F54-3DCC-44F9-B8A5-140BC69E972B} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-08-30] (Overwolf LTD)
Task: {6A041227-2399-4548-91CC-C9010A5B9FBB} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-10] (Dell, Inc.)
Task: {7894DFAA-F794-402C-B9CF-CC055DDF878A} - System32\Tasks\MATLAB R2015a Startup Accelerator => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe [2014-12-29] ()
Task: {7FC4820F-C243-41E4-B28B-B9A3B40F127F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-29] (Microsoft Corporation)
Task: {825A6E9B-B251-45F6-A43E-E94A478DEDF2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {887B87CD-41FD-4B97-89F7-A9149F7BF159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-29] (Microsoft Corporation)
Task: {A977D273-0777-462E-B2E4-1E4299246434} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()
Task: {ABC6C0C1-AE6F-45CC-9008-D495FF304FB0} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {AE1A82E7-31E3-498D-80BE-AE7868BF04AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-05] (Adobe Systems Incorporated)
Task: {B7402253-40F4-4D72-80A6-F3D6E2B05E7E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {C250ADC3-70D8-4AE1-A387-C6A38AD76193} - \WPD\SqmUpload_S-1-5-21-3313481241-1894715402-4189534921-1001 -> No File <==== ATTENTION
Task: {C352EE92-713C-4F06-81A4-277A3E84FBDA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {C38429A3-91EE-40C4-BC95-BB5B09440BD4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {CD8CD085-35ED-4D4C-84FC-D33D00BB5993} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
Task: {DC2DF0E1-D6ED-4155-A9A2-95F77B3013BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {DE1ADDA9-92A9-455E-B423-2F8AE5138F3A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {EDD27B22-CD7B-4ADC-9EE0-BEFB231D6388} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-05] (Microsoft Corporation)
Task: {FC805CF4-6310-4A26-BAC3-29F6D23EEF2C} - \PCDEventLauncherTask -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Cody\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 17:17 - 2015-10-30 17:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2016-01-10 14:37 - 2015-03-31 21:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll
2016-01-10 14:37 - 2015-03-31 21:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll
2016-01-10 14:37 - 2015-03-31 21:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2016-01-10 14:37 - 2015-03-31 21:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll
2016-01-10 14:37 - 2015-03-31 21:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll
2016-01-10 14:37 - 2015-03-31 21:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2015-12-29 09:23 - 2015-07-17 04:31 - 00168544 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-31 04:25 - 2016-03-31 04:25 - 00707072 _____ () C:\Riot Games\LolScreenSaver\service\service.exe
2016-01-12 14:01 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-10 14:37 - 2014-08-01 20:17 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll
2016-01-10 14:39 - 2015-07-17 04:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2016-01-10 14:39 - 2015-07-17 04:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2016-01-10 14:39 - 2015-07-17 04:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2016-01-10 14:39 - 2015-07-17 04:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2016-03-02 16:12 - 2016-02-17 16:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-23 16:38 - 2016-02-17 16:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-02 16:12 - 2016-02-17 16:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-05-18 22:35 - 2015-07-30 18:57 - 00045056 _____ () C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe
2016-03-20 14:01 - 2014-12-29 19:25 - 00045056 _____ () C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe
2016-07-17 20:06 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-17 20:06 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-27 12:03 - 2016-05-25 02:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-12-24 11:54 - 2015-12-07 14:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-17 20:07 - 2016-07-01 13:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-10 14:37 - 2016-07-14 12:49 - 40970752 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
2016-07-17 20:06 - 2016-07-01 13:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-17 20:06 - 2016-07-01 13:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-17 20:06 - 2016-07-01 13:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-17 20:06 - 2016-07-01 13:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-29 09:23 - 2015-07-17 04:31 - 00065520 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2015-03-07 10:07 - 2015-03-07 10:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-01-07 05:43 - 2016-01-07 05:43 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 10:07 - 2015-03-07 10:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-01-07 05:43 - 2016-01-07 05:43 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-09-24 03:53 - 2015-09-24 03:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-10-22 12:59 - 2013-08-09 22:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-12-23 16:38 - 2016-02-17 17:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-10-22 13:04 - 2013-03-05 13:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-06 04:41 - 2013-03-06 04:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\cpp.edu -> hxxp://www.cpp.edu
IE trusted site: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2016-09-10 02:28 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Cody\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\abstract_blue_2-wide.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Hamachi2Svc => 2
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "Akamai NetSession Interface"

Azadai · Sep 12, 2016

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A9947E99-A1EF-4F26-9EFD-F87C0E964F2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5F6A678E-CD6B-4ACB-8A49-8A3004ADCF4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{77D0F2C6-8EE2-4A17-A337-F00437EFBCB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FE6B164A-F5F1-4717-B713-5122C6ABE70D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8D95307E-19DF-426C-A372-26F207A8B9EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9A0EEA54-D77D-4B3B-A7B4-2E2109525A89}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{16EB0374-956D-4FD6-BBEB-47D49A8BFB97}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B3CB7CA5-FAA4-4FFA-BC91-A4458C4FFE40}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{77CCC0A3-32AB-47A7-A442-5E53A1787835}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3BA82FA7-D5A2-4D8B-817F-B4BA913B606B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{222B695A-17A5-4214-BE9F-F43F633612D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{522E4307-3DE4-41C9-9966-FA01135C355A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1DE53467-7E0B-4E74-B286-655016B8BCF6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D54F8AE3-B2A4-41C9-8D0D-D0830189FF72}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0D6F5875-0034-4A8F-8D2B-229A8479C259}] => (Allow) LPort=1900
FirewallRules: [{96622F71-4E28-424D-BA43-1ACD58541503}] => (Allow) LPort=2869
FirewallRules: [{6596E0CE-57DD-4A46-85B4-22AB5DB05FF1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A7FE2FA4-99FE-4E18-AE16-1507697E67EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{267DC37D-7AEB-44D3-94F3-E0F9DF5B22B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{110684A9-9987-4037-93F7-E0A3FA8BF4BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44D837CB-B2D4-4C5A-984F-7BAA4D289853}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E47DB184-D86A-470B-AA1B-391C13A22608}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1A70B8E7-2CC1-4860-871B-E0B74364EFD5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1282EEC9-4F47-4BE1-BBAB-583DAA5722D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A9B9004B-58BD-450F-AD14-4864CB8C30D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3AP.exe
FirewallRules: [{15DDEDAF-C063-43F1-8D0B-8D5C98B56AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3AP.exe
FirewallRules: [{B69E0C68-6702-4BEC-873C-BAF33839CB15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{26ADF8C7-8444-454C-961A-B05D948E611E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{E04E57A0-38B2-4E02-A58B-99B9E78505D0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{DD567391-4D5C-4152-AAC4-768994DCCB2D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{D9D52B2F-5D7B-47B9-ACE4-A4D3EC639640}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{64FD604F-DA42-4C03-888A-E20111DA7EFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [TCP Query User{F159914B-EE3F-46C1-85EC-23A6A92315E0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1FCE66A2-05F1-4603-88DD-0CA56C838DC4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{EF3C0257-D45F-41D2-9689-88C2671B3A66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6F060CE0-6382-4FDA-BC82-D00748DC22A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{049FBF91-B1F3-4712-A895-B77885AA831B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{9A45A3B5-3192-4E65-9053-2BF67F78ACEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{EEBDCBC5-2F04-43FD-9314-7E006C16F8D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0E4B7A13-938C-4563-B937-30BCB4F2CB04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{01C5562B-48D0-45D8-823F-EDC54B9B75DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1E1A07F8-4F25-44D1-983F-9363D43AAA6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BAA820F2-EA1C-43B1-A196-2E3CC85D986A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{91455FA5-6370-4553-9F46-E123093C78A2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{683C45A1-FA8B-47E3-A412-79A22205FE7F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F6557CC3-1AD8-42B5-8932-F80FC2A093B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{05E99840-67E7-4C7E-B478-58BBAA3A8BC5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{27F26161-42BF-450C-9742-E05AD2C67374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{652E8502-7341-4B7D-BF9F-2968E6008408}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{0EB72472-483D-4BF4-A9DA-614BA23FD791}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{A9CD5D1A-095A-4058-94E7-8E3E4F6C329D}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{1B309030-7374-4F84-B158-0B5F330FECDC}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{40526C0A-1D12-488C-8197-E8044DA1D524}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F3A0747E-C61C-43C1-8774-7221968CEEED}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{298B4449-614B-4A09-98E7-779AA65197F7}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{37756491-7EF2-4D52-8A70-6F66A7428085}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{1F223779-4408-4BA3-9343-D434A420DDF7}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{5997C51A-BA5F-43B5-AD89-77C8EF2B1209}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{02F7E7EE-4843-47F5-97B9-4249BE392C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [{B97946BE-C0AA-434E-BE89-25E6521B9DB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{50A3E8EB-14BC-4FD0-9C17-D05238DE06B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{0E515C08-91E0-4280-B6A8-8874B3A58F63}C:\users\cody\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cody\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4CD8EF3D-3FBF-42D4-8C60-2FDDEA31CF9A}C:\users\cody\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cody\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{90D51B5B-3D65-45B3-9911-59DB55424F13}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6C85ED2D-87CD-46C4-A31A-20861F186374}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{14BCB45D-238D-4234-9F2B-89E34100B26B}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [UDP Query User{5BE86246-0BE2-4B7A-8F2D-D578E1A68B6C}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [{25B46F39-9EB6-496A-8741-355E0EC1F7E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6F77B0FF-F3DD-499C-A807-A2871BCDB4ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{B3DB7049-1EDB-487B-B564-C78AF86F8C9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{636FCC9A-EE44-4B74-9484-668301E4E67B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{BDC69297-0BA9-4957-B054-37256D9F77BA}] => (Allow) C:\Program Files\NetDrive2\nd2svc.exe
FirewallRules: [{D49EE5B7-C9C2-4751-9C89-2A2C1978F77E}] => (Allow) C:\Program Files\NetDrive2\NetDrive2.exe
FirewallRules: [{26E9CCCC-2D6E-44C4-8860-86B682A0AD40}] => (Allow) C:\Program Files\NetDrive2\nd2cmd.exe
FirewallRules: [{9D7FCC3C-5AE9-4D7C-BB75-DB30B001A815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe
FirewallRules: [{A5CC5BE0-3956-4415-8398-E05BF8C29FD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe
FirewallRules: [TCP Query User{E31FA226-D80B-4D04-B8B0-1E9E4D0BAAF0}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{52D21E49-B16B-4F5F-9ECA-7DD89AF01E4C}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{F3241641-FE00-4172-8348-D99CD877B440}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3CDB9F64-E845-452B-954D-A96CC3B99852}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{06B447F7-A6ED-4046-B455-0ABCB0E2453E}C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe
FirewallRules: [UDP Query User{1A9D08F6-9171-4FC6-9E46-8FC3D7CED94F}C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe
FirewallRules: [TCP Query User{D355F44D-2F9D-40ED-8F7E-510FCE05EB0C}C:\program files (x86)\python35-32\pythonw.exe] => (Allow) C:\program files (x86)\python35-32\pythonw.exe
FirewallRules: [UDP Query User{663B42A7-69C1-4CB0-8BEF-EB255C0FF584}C:\program files (x86)\python35-32\pythonw.exe] => (Allow) C:\program files (x86)\python35-32\pythonw.exe
FirewallRules: [{3AEFF351-671F-4966-9CD1-60C90E02C827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{8A3EE691-42AC-44CA-A7E9-4CF04764DB3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{F932FB5B-423E-42BC-BAD5-193DF01754B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59FC7ED3-70AB-4955-B9BE-D3EDAA03AA59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3FC3765-44FD-4569-8930-7DCCF6094F6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{ECF64800-B24F-4D75-B9A6-B30815041DC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [TCP Query User{9E600AD2-5C71-4CDC-821D-AACEA7C116B6}C:\users\cody\documents\eclipse\eclipse.exe] => (Allow) C:\users\cody\documents\eclipse\eclipse.exe
FirewallRules: [UDP Query User{E1CD5BEC-C61B-4F65-B800-1E8DE38ADF14}C:\users\cody\documents\eclipse\eclipse.exe] => (Allow) C:\users\cody\documents\eclipse\eclipse.exe
FirewallRules: [TCP Query User{ECC3D302-D645-4ADD-BB5C-732B8C35D7B1}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E8785A6C-A4EA-4C69-ADFD-3EB2689FA9A7}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{39542793-7AF3-431D-8E4F-84AC1A96AC59}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe
FirewallRules: [UDP Query User{4C05D73F-E651-494D-838C-7F5E09817FDB}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe
FirewallRules: [TCP Query User{1876CD3D-F313-419F-B997-EC97FC9FDB9A}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5E5B6466-7069-477D-8670-6337164CC952}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
FirewallRules: [{8647EDB1-9A7F-44AA-A455-1422BAB3C1DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{A6C738F4-6201-40F3-9E9E-606DB2FD5CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{F20E730F-B223-44AD-970E-AB7537691464}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A9EA59A8-B30E-416A-AEFF-D076167E9DBA}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5EB66BFA-829B-491B-8118-57FB33A0A313}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{42EDBBA7-8BA4-41FE-BA0D-483016B40367}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [{0718C3C3-CA75-4D49-81B6-31F402D1FF73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{5B656C7D-2C0B-42EB-BE1D-AED9B70BC619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [TCP Query User{2C285D7B-34A0-4F90-8D3E-9E8602A435DD}C:\program files\install4j6\bin\install4j.exe] => (Allow) C:\program files\install4j6\bin\install4j.exe
FirewallRules: [UDP Query User{7A6A7CB9-D690-44BF-92C7-DDA7DE97F3CA}C:\program files\install4j6\bin\install4j.exe] => (Allow) C:\program files\install4j6\bin\install4j.exe
FirewallRules: [{5B8C371A-9AAA-44BD-8613-1F8727044004}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{171E700E-538F-40BF-B761-B2EE12F0D9BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [TCP Query User{93607D63-BFF1-4388-B643-87BFE54AAEEF}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4312334E-F747-4355-80C1-2C1AD397BC30}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{11C2BF2A-F6E3-4091-AA9E-61B05B574584}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [UDP Query User{1B4212E6-486D-4F22-B907-150476DAFD73}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
FirewallRules: [{1B5FDB0D-820A-4194-8D88-4F0AD45C12F7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{B144D89B-345C-46AF-B9CE-A25F6671C3FD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [TCP Query User{1CCB3762-3766-4D4C-BFD2-FBA2129EEBAC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5579875B-784D-4A22-9464-AF0C0CCE87A3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{53B05ADF-5025-46E0-8CD4-80792430BC0C}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3E72EA3C-A8A7-40D2-B6E6-774A2B43A0A1}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3E0066E0-2808-449B-99C2-150127843537}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [UDP Query User{88998446-CC83-4501-881D-68781EC85CD6}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
FirewallRules: [TCP Query User{36D8D677-06AF-41BD-9E53-48B716966776}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{C5147C01-18DE-48C3-934F-58F48562C182}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{E47D89E9-7D7A-44FE-B617-D5A65EF909E1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{F83B69D0-7302-4C29-A995-0F971CF80E7D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6BD419A0-68C9-4A17-8456-2A67A2DCFAAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3TC.exe
FirewallRules: [{D1D03B35-009D-4338-B32D-76C9FE7F678E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3TC.exe
FirewallRules: [TCP Query User{B4247BC6-22FA-4D02-8FAF-BE36BDEE2359}C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CD2A4EFE-1AC9-4D3F-9009-032B64EA301A}C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [{AFECF350-FF79-4C2F-A0C1-8FAE2053EF54}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [{FDCE9949-FCF9-434C-A7E3-3C4308C238FA}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{669DD9AF-15BA-4003-92F2-024F5B165304}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A330EE98-1B46-4E2B-972C-91417F071520}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{C8634E7C-88B2-48F1-996A-D16225FC42A2}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [{306561D3-0071-4ED3-8CA0-8CAD9BEF295E}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F2BBF05C-7969-45E7-BC72-48E4FD1DA3A7}C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [UDP Query User{559D5153-B402-4D04-9C96-AB079380586B}C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{A648FDF1-B153-4FD7-8272-418FAFD1EF42}] => (Block) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [{8ED57D8E-EF78-4563-B27A-D2677E8D17A9}] => (Block) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe
FirewallRules: [TCP Query User{ADD0F885-717F-4576-9EEE-3123A9D1C93C}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{66102041-2C64-483A-89F5-C20DB4489584}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [{18D0ACC1-CCB0-4573-85FA-20206DC06702}] => (Block) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [{ACD122B4-7C67-41DE-AB9A-2A9224249C79}] => (Block) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [{88B07424-E7D5-4E3C-BAF4-6D6DC3AC23AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{77719439-521D-4A32-B293-D126AD1871F2}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DB11DF07-083C-4AD1-B493-13228B239FC1}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{F66BFF1F-064D-4251-BB96-EC8A374B0AED}] => (Block) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{EBA61CD5-6EA4-4263-BC26-A8C8DB65B7AA}] => (Block) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{67DF9635-7A2F-4D43-9F51-35A193560F16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe
FirewallRules: [{3E658949-0219-4047-A2CA-54BF0222BC7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe
FirewallRules: [TCP Query User{9FF1295E-DB75-4619-9CCF-59BB868F14E9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{DF892856-8A60-4AF9-8EC5-3E733AF06980}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

==================== Restore Points =========================

29-08-2016 11:05:32 Scheduled Checkpoint
01-09-2016 18:39:19 Windows Update
10-09-2016 02:23:39 Installed SpyHunter
11-09-2016 18:08:11 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2016 11:10:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 202516

Error: (09/12/2016 11:10:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 202516

Error: (09/12/2016 11:10:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/12/2016 10:29:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAH-DESKTOP)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2016 10:28:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39702578

Error: (09/12/2016 10:28:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39702578

Error: (09/12/2016 10:28:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/11/2016 06:08:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/11/2016 08:33:20 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (09/11/2016 08:33:19 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

System errors:
=============
Error: (09/12/2016 11:13:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (09/12/2016 11:06:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1e0f387 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/12/2016 11:06:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1e0f387 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/12/2016 11:06:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1e0f387 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/12/2016 11:06:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1e0f387 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/12/2016 10:57:21 AM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/12/2016 10:57:21 AM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/12/2016 10:32:10 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (09/12/2016 10:30:48 AM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/12/2016 10:30:48 AM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
Date: 2016-09-01 19:52:44.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-24 15:20:46.026
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-11 09:12:23.526
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-10 20:06:04.702
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 18:50:06.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-20 12:01:54.017
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-19 10:11:07.940
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-18 21:01:38.790
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-22 22:53:22.656
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-22 11:46:32.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 8108.73 MB
Available physical RAM: 5650.52 MB
Total Virtual: 9644.73 MB
Available Virtual: 7054.71 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:930.37 GB) (Free:81.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 403870F7)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Sep 12, 2016

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Azadai · Sep 12, 2016

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Cody (13-09-2016 11:38:11) Run:1
Running from C:\Users\Cody\Desktop\FRST
Loaded Profiles: Cody (Available Profiles: Cody & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
S2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive2\nd2svc.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
S3 mfeapfk; system32\drivers\mfeapfk.sys [X]
U2 TMAgent; no ImagePath
2016-03-08 20:07 - 2016-05-30 17:17 - 0004622 _____ () C:\Users\Cody\AppData\Roaming\LTspiceIV.ini
2016-03-11 01:06 - 2016-05-27 19:03 - 0000600 _____ () C:\Users\Cody\AppData\Roaming\winscp.rnd
2016-01-10 14:35 - 2016-01-10 14:35 - 0000036 _____ () C:\Users\Cody\AppData\Local\housecall.guid.cache
2016-03-31 17:25 - 2016-05-01 14:45 - 0000600 _____ () C:\Users\Cody\AppData\Local\PUTTY.RND
2016-09-03 21:25 - 2016-09-03 21:25 - 0013914 _____ () C:\Users\Cody\AppData\Local\recently-used.xbel
2016-01-10 15:43 - 2016-09-12 11:14 - 0000010 _____ () C:\Users\Cody\AppData\Local\sponge.last.runtime.cache
2015-12-23 18:11 - 2015-12-23 18:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-22 13:07 - 2013-10-22 13:08 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-22 13:04 - 2013-10-22 13:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-22 13:05 - 2013-10-22 13:05 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-10-22 13:06 - 2013-10-22 13:07 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2013-10-22 13:04 - 2013-10-22 13:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\Users\Cody\Q2BlockDiagram2.exe
C:\Users\Cody\Q3Simulation.exe
C:\Users\Cody\AppData\Local\Temp\0172691451345113mcinst.exe
C:\Users\Cody\AppData\Local\Temp\59f3-ed9e-90bb-abe8.exe
C:\Users\Cody\AppData\Local\Temp\COMAP.EXE
C:\Users\Cody\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Cody\AppData\Local\Temp\Execute2App.exe
C:\Users\Cody\AppData\Local\Temp\jansi-64-1810959505688073440.dll
C:\Users\Cody\AppData\Local\Temp\jansi-64-3745218813016737628.dll
C:\Users\Cody\AppData\Local\Temp\jansi-64-7499072956835013738.dll
C:\Users\Cody\AppData\Local\Temp\jansi-64-7510082244880606345.dll
C:\Users\Cody\AppData\Local\Temp\jansi-64-8795685801070610727.dll
C:\Users\Cody\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Cody\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Cody\AppData\Local\Temp\libeay32.dll
C:\Users\Cody\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Cody\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Cody\AppData\Local\Temp\msvcp90.dll
C:\Users\Cody\AppData\Local\Temp\msvcr120.dll
C:\Users\Cody\AppData\Local\Temp\msvcr90.dll
C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
C:\Users\Cody\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Cody\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Cody\AppData\Local\Temp\nvStInst.exe
C:\Users\Cody\AppData\Local\Temp\sqlite3.dll
C:\Users\Cody\AppData\Local\Temp\SynciosDeviceService.exe
C:\Users\Cody\AppData\Local\Temp\TmDbgLog.dll
C:\Users\Cody\AppData\Local\Temp\xmlUpdater.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
C:\Program Files (x86)\Enigma Software Group
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
2016-09-10 19:50 - 2016-09-10 19:50 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Cody\Downloads\SpyHunter-Installer.exe
2016-09-10 02:25 - 2016-09-10 02:25 - 00003434 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2016-09-10 02:24 - 2016-09-10 02:24 - 00002361 _____ C:\Users\Cody\Desktop\SpyHunter.lnk
2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-09-10 02:21 - 2016-09-10 02:21 - 00000000 ____D C:\Users\Cody\Downloads\SpyHunter 4 + Crack
2016-09-10 02:20 - 2016-09-10 02:21 - 15901755 _____ C:\Users\Cody\Downloads\SpyHunter 4 + Crack.zip
Task: {0CA8690D-AB37-4F2A-B16E-8C0B14C35751} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {ABC6C0C1-AE6F-45CC-9008-D495FF304FB0} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {C250ADC3-70D8-4AE1-A387-C6A38AD76193} - \WPD\SqmUpload_S-1-5-21-3313481241-1894715402-4189534921-1001 -> No File <==== ATTENTION
Task: {FC805CF4-6310-4A26-BAC3-29F6D23EEF2C} - \PCDEventLauncherTask -> No File <==== ATTENTION

*****************

NetDrive2_Service_NetDrive2 => service removed successfully
WsDrvInst => service removed successfully
mfeapfk => service removed successfully
TMAgent => service removed successfully
C:\Users\Cody\AppData\Roaming\LTspiceIV.ini => moved successfully
C:\Users\Cody\AppData\Roaming\winscp.rnd => moved successfully
C:\Users\Cody\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Cody\AppData\Local\PUTTY.RND => moved successfully
C:\Users\Cody\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Cody\AppData\Local\sponge.last.runtime.cache => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\Users\Cody\Q2BlockDiagram2.exe => moved successfully
C:\Users\Cody\Q3Simulation.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\0172691451345113mcinst.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\59f3-ed9e-90bb-abe8.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\COMAP.EXE => moved successfully
C:\Users\Cody\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\Execute2App.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\jansi-64-1810959505688073440.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\jansi-64-3745218813016737628.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\jansi-64-7499072956835013738.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\jansi-64-7510082244880606345.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\jansi-64-8795685801070610727.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\McCSPInstall.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\mccspuninstall.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\msvcp90.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\msvcr90.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\SynciosDeviceService.exe => moved successfully
C:\Users\Cody\AppData\Local\Temp\TmDbgLog.dll => moved successfully
C:\Users\Cody\AppData\Local\Temp\xmlUpdater.exe => moved successfully
[1492] C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe => process closed successfully.
C:\Program Files (x86)\Enigma Software Group => moved successfully
SpyHunter 4 Service => service removed successfully
C:\Users\Cody\Downloads\SpyHunter-Installer.exe => moved successfully
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => moved successfully
C:\Users\Cody\Desktop\SpyHunter.lnk => moved successfully
C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter => moved successfully
C:\Users\Cody\Downloads\SpyHunter 4 + Crack => moved successfully
C:\Users\Cody\Downloads\SpyHunter 4 + Crack.zip => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CA8690D-AB37-4F2A-B16E-8C0B14C35751}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CA8690D-AB37-4F2A-B16E-8C0B14C35751}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABC6C0C1-AE6F-45CC-9008-D495FF304FB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABC6C0C1-AE6F-45CC-9008-D495FF304FB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C250ADC3-70D8-4AE1-A387-C6A38AD76193}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C250ADC3-70D8-4AE1-A387-C6A38AD76193}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3313481241-1894715402-4189534921-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC805CF4-6310-4A26-BAC3-29F6D23EEF2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC805CF4-6310-4A26-BAC3-29F6D23EEF2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => key removed successfully

==== End of Fixlog 11:38:17 ====

Broni · Sep 12, 2016

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Azadai · Sep 14, 2016

Checkup.txt:
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Maximum Security
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 101
Java version 32-bit out of Date!
Adobe Flash Player 23.0.0.162
Mozilla Firefox (47.0.1)
Mozilla Thunderbird (45.1.0)
Google Chrome (51.0.2704.103)
Google Chrome (52.0.2743.116)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro Titanium plugin Pt\PtSvcHost.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro Titanium plugin Pt\PtWatchDog.exe
Trend Micro TMIDS PwmSvc.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro Titanium plugin Pt\PtSessionAgent.exe
Trend Micro TMIDS tower PwmTower.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

FSS.txt:
Farbar Service Scanner Version: 27-01-2016
Ran by Cody (administrator) on 14-09-2016 at 11:57:48
Running from "C:\Users\Cody\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Sophos Free Virus Removal Tool came up clean and didn't have a log

Broni · Sep 14, 2016

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

Azadai · Sep 15, 2016

Thanks for your help with this. The hijacker appears to have been removed and I can do normal searches again (yay). Also I appreciate the Mr Clean image xD

Broni · Sep 15, 2016

Way to go!!
Good luck and stay safe

Solved Search Hijacker

Posts: 13 +0

Posts: 13 +0

Posts: 13 +0

Posts: 13 +0

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 13 +0

Posts: 13 +0

Posts: 13 +0

Posts: 56,041 +516

Attachments

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 56,041 +516

Posts: 13 +0

Posts: 56,041 +516

Similar threads