TechSpot

Search Hijacker

By Azadai
Sep 10, 2016
  1. Hi there,
    So every time I run a search this extra search bar appears at the top of the webpage and stays fixed there. If I try to do another search from the normal search bar it instead puts what I type into this other bar. It only seems to do it when I do a google or bing search: I tried a yahoo search and it didn't show up.

    I've tried running an antivirus scan with Trend Micro but it didn't turn up anything. Likewise, both SpyHunter and MalwareBytes cam up clean. I also couldn't find any extra extensions or plugins in either Chrome, Firefox or IE. I couldn't see any extra programs in Control Panel that shouldn't be there. If I click on the close arrow it gets rid of it, but it just comes back if I close and reopen the browser. Basically I'm at a loss on how to get rid of this thing.

    EDIT: I've just realised that it also puts ad overlays, onto any webpage I open, so the first time I click on the page it opens an ad. Usually AdGuard and Ghostery stop this sort of thing which is why I haven't noticed it until just now.

    I've attached a picture to show you what I mean hijackbar.PNG
     
  2. Azadai

    Azadai TS Rookie Topic Starter

    FRST.txt Log


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016

    Ran by Cody (administrator) on MAH-DESKTOP (10-09-2016 20:03:01)

    Running from C:\Users\Cody\Downloads

    Loaded Profiles: Cody (Available Profiles: Cody & Administrator)

    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

    Internet Explorer Version 11 (Default browser: Chrome)

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe

    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    () C:\Riot Games\LolScreenSaver\service\service.exe

    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe

    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe

    (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

    () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

    (Intel Corporation) C:\Windows\System32\igfxEM.exe

    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe

    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe

    () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\chrome_extension2\host\chrome_native_msg_host.exe

    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe

    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe

    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

    (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe

    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe



    ==================== Registry (Whitelisted) ===========================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)

    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-08] (Realtek Semiconductor)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)

    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2015-12-19] ()

    HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"

    HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)

    HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1903344 2016-02-17] (NVIDIA Corporation)

    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)

    HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-17] (Trend Micro Inc.)

    HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-17] (Trend Micro Inc.)

    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-07] (Logitech Inc.)

    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-09-24] (Cisco Systems, Inc.)

    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)

    HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1917440 2016-07-15] ()

    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)

    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)

    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [Akamai NetSession Interface] => C:\Users\Cody\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)

    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [NetDrive2] => "C:\PROGRA~1\NETDRI~1\NetDrive2.exe" -tray

    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)

    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)

    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)

    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    AutoConfigURL: [S-1-5-21-3313481241-1894715402-4189534921-1004] => hxxp://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084

    Hosts: 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    Tcpip\..\Interfaces\{bb993540-6cda-49de-9ab8-4fdb17444a7a}: [DhcpNameServer] 192.168.1.1

    ManualProxies: 0hxxp://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084


    Internet Explorer:

    ==================

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB

    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB

    SearchScopes: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004 -> DefaultScope {3C2CE495-0E51-4445-B938-7EC00E7B56A5} URL =

    SearchScopes: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004 -> {3C2CE495-0E51-4445-B938-7EC00E7B56A5} URL =

    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)

    BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)

    BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)

    BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)

    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)

    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)

    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)

    BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)

    BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)

    BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)

    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)

    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)

    Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

    Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)

    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)

    Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)

    Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)

    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

    Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)

    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)

    Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)


    FireFox:

    ========

    FF ProfilePath: C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\wv5djrep.default-1473395599353

    FF Homepage: www.google.com.au

    FF NetworkProxy: "no_proxies_on", "https://localhost, localhost, 127.0.0.1"

    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-05] ()

    FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)

    FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)

    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-12] (Microsoft Corporation)

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-05] ()

    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)

    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)

    FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)

    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-13] (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-01-12] (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)

    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-24] (NVIDIA Corporation)

    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-24] (NVIDIA Corporation)

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

    FF Plugin HKU\S-1-5-21-3313481241-1894715402-4189534921-1004: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-06-11] ()

    FF Extension: (Firefox Hotfix) - C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\wv5djrep.default-1473395599353\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]

    FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension

    FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-06-23]

    FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension

    FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

    FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-10]

    FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension

    FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-01-11]


    Chrome:

    =======

    CHR HomePage: Default -> hxxp://www.google.com/

    CHR StartupUrls: Default -> "hxxp://www.google.com.au/"

    CHR Profile: C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default

    CHR Extension: (Google Slides) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-24]

    CHR Extension: (Google Docs) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-24]

    CHR Extension: (Google Drive) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]

    CHR Extension: (Adguard AdBlocker) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-08-30]

    CHR Extension: (YouTube) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]

    CHR Extension: (Google Search) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]

    CHR Extension: (Google Sheets) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-24]

    CHR Extension: (Google Docs Offline) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]

    CHR Extension: (Ghostery) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-07]

    CHR Extension: (Chrome Web Store Payments) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]

    CHR Extension: (Trend Micro Toolbar) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-09-01]

    CHR Extension: (Gmail) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-24]

    CHR Extension: (Chrome Media Router) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]


    ==================== Services (Whitelisted) ========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)

    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)

    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)

    S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)

    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)

    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)

    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]

    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)

    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)

    R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-06-27] (Intel Corporation)

    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)

    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)

    R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-07] (Logitech Inc.)

    R2 LolScreenSaverService; C:\Riot Games\LolScreenSaver\service\service.exe [707072 2016-03-31] () [File not signed]

    S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)

    R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)

    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)

    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)

    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)

    S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310448 2016-08-30] (Overwolf LTD)

    R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-17] (Trend Micro Inc.)

    R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2443776 2016-07-14] (Trend Micro Inc.)

    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)

    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)

    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)

    R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)

    R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)

    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-15] (TeamViewer GmbH)

    S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)

    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

    S2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive2\nd2svc.exe [X]

    S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]


    ===================== Drivers (Whitelisted) ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-21] (Qualcomm Atheros Communications, Inc.)

    R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)

    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)

    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)

    R3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)

    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-09-09] ()

    R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)

    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)

    R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)

    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)

    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)

    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)

    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)

    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)

    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)

    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)

    S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)

    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)

    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)

    S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2014-02-07] (PassMark Software)

    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )

    S3 SNXPPAMD; C:\Windows\System32\drivers\snxppamd.sys [99424 2013-03-13] (SUNIX Co., Ltd.)

    S3 SNXPSAMD; C:\Windows\System32\drivers\snxpsamd.sys [97888 2013-03-13] (SUNIX Co., Ltd.)

    R3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)

    R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)

    R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)

    R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)

    R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)

    S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)

    R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)

    R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)

    R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [101600 2016-07-21] (Trend Micro Inc.)

    R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [124752 2015-12-10] (Trend Micro Inc.)

    S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2015-09-24] (Cisco Systems, Inc.)

    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

    S3 mfeapfk; system32\drivers\mfeapfk.sys [X]

    U2 TMAgent; no ImagePath


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-09-10 20:04 - 2016-09-10 20:04 - 00000635 _____ C:\WINDOWS\system32\Drivers\etc\tmsshf.bin

    2016-09-10 20:03 - 2016-09-10 20:03 - 00034712 _____ C:\Users\Cody\Downloads\FRST.txt

    2016-09-10 20:02 - 2016-09-10 20:03 - 00000000 ____D C:\FRST

    2016-09-10 20:02 - 2016-09-10 20:02 - 02397696 _____ (Farbar) C:\Users\Cody\Downloads\FRST64.exe

    2016-09-10 19:50 - 2016-09-10 19:50 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Cody\Downloads\SpyHunter-Installer.exe

    2016-09-10 02:25 - 2016-09-10 02:25 - 00003434 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup

    2016-09-10 02:24 - 2016-09-10 02:24 - 00002361 _____ C:\Users\Cody\Desktop\SpyHunter.lnk

    2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

    2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\sh4ldr

    2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group

    2016-09-10 02:23 - 2016-09-10 02:24 - 00000000 ____D C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

    2016-09-10 02:21 - 2016-09-10 02:21 - 00000000 ____D C:\Users\Cody\Downloads\SpyHunter 4 + Crack

    2016-09-10 02:20 - 2016-09-10 02:21 - 15901755 _____ C:\Users\Cody\Downloads\SpyHunter 4 + Crack.zip

    2016-09-09 21:29 - 2016-09-10 19:52 - 00001166 _____ C:\Users\Cody\Desktop\nativelog.txt

    2016-09-09 16:30 - 2016-09-09 16:30 - 00001816 _____ C:\Users\Cody\Desktop\Google Chrome.lnk

    2016-09-09 15:15 - 2016-09-10 01:50 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

    2016-09-09 15:14 - 2016-09-09 16:25 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

    2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes

    2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

    2016-09-09 15:14 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

    2016-09-09 15:14 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

    2016-09-09 15:14 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

    2016-09-09 15:12 - 2016-09-09 15:14 - 22851472 _____ (Malwarebytes ) C:\Users\Cody\Downloads\mbam-setup-2.2.1.1043.exe

    2016-09-09 14:45 - 2016-09-09 14:45 - 00000000 _____ C:\autoexec.bat

    2016-09-09 14:44 - 2016-09-09 14:44 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys

    2016-09-09 14:18 - 2016-09-09 14:18 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

    2016-09-09 14:17 - 2016-09-09 14:40 - 00171198 _____ C:\WINDOWS\ntbtlog.txt

    2016-09-07 17:29 - 2016-09-07 17:29 - 36269107 _____ C:\Users\Cody\Downloads\Introduction to Electric Circuits, 8th Edition by Richard C. Dorf & James A. Svoboda.pdf

    2016-09-07 17:16 - 2016-09-07 17:16 - 00000000 ____D C:\ProgramData\Webitar Production Inc

    2016-09-07 13:09 - 2016-09-07 13:09 - 09333759 _____ C:\Users\Cody\Downloads\Republic_Venator_Class Star_Destroyer_Divici.zip

    2016-09-06 19:13 - 2016-09-06 19:13 - 00000000 ____D C:\Users\Cody\Documents\Minecraft projects

    2016-09-06 13:21 - 2016-09-09 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    2016-09-06 12:38 - 2016-09-06 12:38 - 00000000 ____D C:\Users\Cody\AppData\Local\Macromedia

    2016-09-04 22:57 - 2016-09-07 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

    2016-09-04 19:38 - 2016-09-09 16:25 - 00000982 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk

    2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\Users\Cody\AppData\Local\TomTom

    2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom

    2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V

    2016-09-04 19:37 - 2016-09-04 19:37 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect

    2016-09-04 19:34 - 2016-09-04 19:35 - 37565768 _____ (TomTom International B.V.) C:\Users\Cody\Downloads\InstallMyDriveConnect.exe

    2016-09-03 21:25 - 2016-09-03 21:25 - 00013914 _____ C:\Users\Cody\AppData\Local\recently-used.xbel

    2016-09-03 20:55 - 2016-09-03 20:55 - 03927093 _____ C:\Users\Cody\Downloads\forge-1.8.9-11.15.1.1722-installer-win.exe

    2016-09-03 20:41 - 2016-09-03 20:42 - 03719516 _____ C:\Users\Cody\Downloads\forge-1.8-11.14.4.1563-installer-win.exe

    2016-09-03 20:32 - 2016-09-03 20:32 - 01971599 _____ C:\Users\Cody\Downloads\fml-1.8-8.0.127.1103-installer-win.exe

    2016-09-03 17:23 - 2016-09-03 17:23 - 02802417 _____ C:\Users\Cody\Downloads\RaceMenu Overlay Compilation - CBBE version-48705-1-1.rar

    2016-09-03 11:34 - 2016-09-03 11:34 - 00001624 _____ C:\Users\Cody\Downloads\Should You Lock the Door- (1).xml

    2016-09-03 11:33 - 2016-09-03 11:33 - 00001624 _____ C:\Users\Cody\Downloads\Should You Lock the Door-.xml

    2016-09-02 19:54 - 2016-09-02 19:54 - 02797828 _____ C:\Users\Cody\Downloads\ELEC2004 Study Guide.zip

    2016-09-02 19:54 - 2016-09-02 19:54 - 00000000 ____D C:\Users\Cody\Downloads\ELEC2004 Study Guide

    2016-08-27 21:22 - 2016-08-27 21:22 - 00000000 ____D C:\Users\Cody\Downloads\XRM_BACKGR

    2016-08-27 21:19 - 2016-08-27 21:20 - 00000000 ____D C:\Users\Cody\Downloads\XRM1.30

    2016-08-27 20:54 - 2016-08-27 20:55 - 27089068 _____ C:\Users\Cody\Downloads\XRM_BACKGR.zip

    2016-08-27 20:52 - 2016-08-27 21:09 - 485793193 _____ C:\Users\Cody\Downloads\XRM1.30_PART_1 (1).zip

    2016-08-27 20:52 - 2016-08-27 20:59 - 328027746 _____ C:\Users\Cody\Downloads\XRM1.29_PART_3.zip

    2016-08-27 20:52 - 2016-08-27 20:52 - 08927374 _____ C:\Users\Cody\Downloads\XRM1.30d_PART_2.zip

    2016-08-27 20:40 - 2016-08-27 20:40 - 00605859 _____ C:\Users\Cody\Downloads\X3-ImmersiveGUIHUD-1.3.rar

    2016-08-27 20:38 - 2016-08-27 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Egosoft

    2016-08-27 20:35 - 2016-08-27 20:38 - 03313352 _____ (Egosoft ) C:\Users\Cody\Downloads\X3AP_Bonus_Pack_5.1.0.0.exe

    2016-08-26 21:00 - 2016-08-26 21:03 - 57330773 _____ C:\Users\Cody\Downloads\Beastess 8.02.7z

    2016-08-24 01:14 - 2016-08-24 01:14 - 00006403 _____ C:\Users\Cody\Downloads\Cure.rar

    2016-08-23 23:52 - 2016-08-23 23:52 - 00000083 _____ C:\Users\Cody\.gtk-bookmarks

    2016-08-23 23:13 - 2016-09-03 21:25 - 00000000 ____D C:\Users\Cody\AppData\Local\gtk-2.0

    2016-08-23 23:11 - 2016-08-23 23:11 - 00000000 ____D C:\Users\Cody\.thumbnails

    2016-08-23 22:39 - 2016-09-03 21:25 - 00000000 ____D C:\Users\Cody\.gimp-2.8

    2016-08-23 22:39 - 2016-08-23 22:39 - 00000000 ____D C:\Users\Cody\AppData\Local\gegl-0.2

    2016-08-23 22:39 - 2016-08-23 22:39 - 00000000 ____D C:\Users\Cody\AppData\Local\fontconfig

    2016-08-23 22:37 - 2016-08-23 22:37 - 00000000 ____D C:\Users\Cody\Downloads\gimp-dds-win64-3.0.1

    2016-08-23 22:36 - 2016-08-23 22:36 - 00000000 ____D C:\Users\Cody\Downloads\use own skin

    2016-08-22 23:49 - 2016-08-22 23:50 - 31096007 _____ C:\Users\Cody\Downloads\SOS - Schlongs of Skyrim - 3.00.004.7z

    2016-08-22 23:33 - 2016-08-22 23:34 - 00367593 _____ C:\Users\Cody\Downloads\PapyrusUtil_v32.zip

    2016-08-22 16:25 - 2016-08-22 16:26 - 24688762 _____ C:\Users\Cody\Downloads\Mod Organizer v1_3_11 installer-1334-1-3-11.exe

    2016-08-22 15:17 - 2016-08-22 15:17 - 123899131 _____ C:\Users\Cody\Downloads\MoreNastyCritters9_3_fomod.7z

    2016-08-21 23:55 - 2016-08-21 23:56 - 00000000 ____D C:\Users\Cody\Downloads\TES5Edit 3.1.3-25859-3-1-3

    2016-08-21 23:55 - 2016-08-21 23:55 - 02900822 _____ C:\Users\Cody\Downloads\TES5Edit 3.1.3-25859-3-1-3.7z

    2016-08-21 23:21 - 2016-08-21 23:21 - 07603889 _____ C:\Users\Cody\Downloads\2.17 archives.7z

    2016-08-21 23:18 - 2016-08-21 23:18 - 00000000 ____D C:\Users\Cody\Downloads\ERF Bodyslide Presets

    2016-08-21 23:17 - 2016-08-21 23:17 - 00000000 ____D C:\Users\Cody\Downloads\PSQ Transform Package - Animated Wings 1.2

    2016-08-21 23:14 - 2016-08-21 23:14 - 00000000 ____D C:\Users\Cody\Downloads\PSQ Transform Package - Horse Penis Addon 1.2

    2016-08-21 23:01 - 2016-08-21 23:01 - 00002513 _____ C:\Users\Cody\Downloads\PSQ RND.7z

    2016-08-21 22:59 - 2016-08-21 22:59 - 00001142 _____ C:\Users\Cody\Downloads\Transform Dummy Files.7z

    2016-08-21 22:47 - 2016-08-21 22:50 - 77796693 _____ C:\Users\Cody\Downloads\PSQ Transform Package 1.2.zip

    2016-08-21 22:47 - 2016-08-21 22:47 - 02761717 _____ C:\Users\Cody\Downloads\PSQ Transform Package - Horse Penis Addon 1.2.zip

    2016-08-21 22:46 - 2016-08-21 22:46 - 00581085 _____ C:\Users\Cody\Downloads\PSQ Transform Package - Animated Wings 1.2.zip

    2016-08-21 22:46 - 2016-08-21 22:46 - 00000569 _____ C:\Users\Cody\Downloads\PSQ Copy OrgBody Files Script.zip

    2016-08-21 22:45 - 2016-08-21 22:45 - 00007394 _____ C:\Users\Cody\Downloads\ERF Bodyslide Presets.zip

    2016-08-21 16:15 - 2016-08-21 16:15 - 00070738 _____ C:\Users\Cody\Downloads\SlaveTats-1.2.1.7z

    2016-08-21 15:46 - 2016-09-09 16:26 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

    2016-08-21 15:46 - 2016-08-21 15:46 - 00000000 ____D C:\Program Files\GIMP 2

    2016-08-21 15:45 - 2016-08-21 15:45 - 00197483 _____ C:\Users\Cody\Downloads\gimp-dds-win64-3.0.1.zip

    2016-08-21 15:44 - 2016-08-21 15:46 - 77404656 _____ (The GIMP Team ) C:\Users\Cody\Downloads\gimp-2.8.18-setup.exe

    2016-08-21 15:09 - 2016-08-21 15:09 - 01605460 _____ C:\Users\Cody\Downloads\use own skin.7z

    2016-08-21 14:20 - 2016-08-21 14:20 - 00000000 ____D C:\Users\Cody\Downloads\NifSkope_2_0_2016-04-11-1

    2016-08-21 13:48 - 2016-08-21 13:48 - 00000000 ____D C:\Users\Cody\Downloads\fixed_textures

    2016-08-21 00:46 - 2016-08-21 02:45 - 00000000 ____D C:\Users\Cody\Downloads\BSAopt-247-1-6-3

    2016-08-21 00:46 - 2016-08-21 00:46 - 00983170 _____ C:\Users\Cody\Downloads\BSAopt-247-1-6-3.7z

    2016-08-21 00:22 - 2016-08-21 00:22 - 00000000 ____D C:\Users\Cody\Downloads\Copy Orgbody MO

    2016-08-21 00:14 - 2016-08-21 00:14 - 01622397 _____ C:\Users\Cody\Downloads\PSQ3.2.6.7z

    2016-08-20 14:54 - 2016-09-09 16:26 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk

    2016-08-20 14:54 - 2016-09-09 16:25 - 00001020 _____ C:\Users\Public\Desktop\LOOT.lnk

    2016-08-20 14:54 - 2016-08-28 18:45 - 00000000 ____D C:\Users\Cody\AppData\Local\LOOT

    2016-08-20 14:54 - 2016-08-20 14:54 - 00000000 ____D C:\Program Files (x86)\LOOT

    2016-08-20 14:51 - 2016-08-20 14:53 - 25492241 _____ (LOOT Team ) C:\Users\Cody\Downloads\LOOT.Installer.exe
     
  3. Azadai

    Azadai TS Rookie Topic Starter

    Continued



    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-09-10 20:03 - 2015-12-05 17:43 - 00000000 ____D C:\Program Files (x86)\Steam

    2016-09-10 20:01 - 2015-12-30 22:04 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Skype

    2016-09-10 19:58 - 2016-05-18 22:43 - 00000568 _____ C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job

    2016-09-10 19:58 - 2016-03-20 14:18 - 00000568 _____ C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job

    2016-09-10 19:57 - 2015-12-24 11:36 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

    2016-09-10 19:56 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness

    2016-09-10 19:56 - 2015-10-30 16:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

    2016-09-10 19:55 - 2015-12-24 11:36 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

    2016-09-10 19:54 - 2016-07-26 15:44 - 00000000 ____D C:\Users\Cody\AppData\Local\DP_Tower_3.7

    2016-09-10 19:53 - 2015-12-24 14:34 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

    2016-09-10 19:53 - 2015-12-24 11:28 - 00000000 __SHD C:\Users\Cody\IntelGraphicsProfiles

    2016-09-10 19:53 - 2015-12-23 18:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

    2016-09-10 19:53 - 2015-12-23 18:11 - 00000000 ____D C:\ProgramData\NVIDIA

    2016-09-10 19:52 - 2015-10-30 16:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI

    2016-09-10 19:49 - 2016-08-05 21:49 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

    2016-09-10 18:34 - 2016-06-12 12:53 - 00000000 ____D C:\Users\Cody\AppData\Roaming\.minecraft

    2016-09-10 12:18 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps

    2016-09-10 12:11 - 2015-12-23 18:14 - 00000000 ____D C:\Users\Cody

    2016-09-10 01:48 - 2016-01-19 19:15 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm

    2016-09-10 01:46 - 2015-12-26 20:25 - 00000000 ____D C:\Users\Cody\AppData\Local\Battle.net

    2016-09-10 00:57 - 2015-12-26 20:24 - 00000000 ____D C:\Program Files (x86)\Battle.net

    2016-09-09 23:01 - 2016-01-10 15:43 - 00000010 _____ C:\Users\Cody\AppData\Local\sponge.last.runtime.cache

    2016-09-09 20:58 - 2016-06-12 14:54 - 00000000 ____D C:\Users\Cody\AppData\Local\LogMeIn Hamachi

    2016-09-09 16:29 - 2015-12-23 18:21 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI

    2016-09-09 16:29 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF

    2016-09-09 16:26 - 2016-07-24 16:53 - 00001282 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk

    2016-09-09 16:26 - 2016-06-22 16:07 - 00002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk

    2016-09-09 16:26 - 2016-06-22 16:07 - 00001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk

    2016-09-09 16:26 - 2016-05-18 22:43 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015b.lnk

    2016-09-09 16:26 - 2016-04-30 18:46 - 00001873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk

    2016-09-09 16:26 - 2016-04-30 18:46 - 00001611 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk

    2016-09-09 16:26 - 2016-04-06 23:42 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

    2016-09-09 16:26 - 2016-03-20 14:19 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015a.lnk

    2016-09-09 16:26 - 2016-03-10 20:45 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk

    2016-09-09 16:26 - 2016-02-08 23:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    2016-09-09 16:26 - 2016-01-10 21:53 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk

    2016-09-09 16:26 - 2015-12-26 15:57 - 00001284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

    2016-09-09 16:26 - 2015-12-24 15:16 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

    2016-09-09 16:26 - 2015-12-24 11:37 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

    2016-09-09 16:26 - 2015-12-24 11:33 - 00001029 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk

    2016-09-09 16:26 - 2015-12-23 19:44 - 00002407 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

    2016-09-09 16:26 - 2015-12-23 18:16 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

    2016-09-09 16:26 - 2013-10-22 13:10 - 00001392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

    2016-09-09 16:26 - 2013-10-22 13:10 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

    2016-09-09 16:25 - 2016-07-24 16:54 - 00001150 _____ C:\Users\Public\Desktop\Overwolf.lnk

    2016-09-09 16:25 - 2016-06-22 16:07 - 00001327 _____ C:\Users\Public\Desktop\NCH Suite.lnk

    2016-09-09 16:25 - 2016-06-22 16:07 - 00001195 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk

    2016-09-09 16:25 - 2016-06-12 12:52 - 00001026 _____ C:\Users\Public\Desktop\Minecraft.lnk

    2016-09-09 16:25 - 2016-05-29 02:00 - 00000697 _____ C:\Users\Public\Desktop\DCP_Setup_Maker.lnk

    2016-09-09 16:25 - 2016-05-18 22:43 - 00001360 _____ C:\Users\Public\Desktop\MATLAB R2015b.lnk

    2016-09-09 16:25 - 2016-04-06 23:42 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

    2016-09-09 16:25 - 2016-03-20 14:19 - 00001360 _____ C:\Users\Public\Desktop\MATLAB R2015a.lnk

    2016-09-09 16:25 - 2016-03-10 20:45 - 00001048 _____ C:\Users\Public\Desktop\WinSCP.lnk

    2016-09-09 16:25 - 2016-03-02 17:09 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk

    2016-09-09 16:25 - 2016-02-27 20:54 - 00000971 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk

    2016-09-09 16:25 - 2016-02-08 23:01 - 00002120 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

    2016-09-09 16:25 - 2016-01-29 18:13 - 00001579 _____ C:\Users\Public\Desktop\League of Legends.lnk

    2016-09-09 16:25 - 2016-01-19 19:32 - 00001258 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk

    2016-09-09 16:25 - 2016-01-15 15:25 - 00001160 _____ C:\Users\Public\Desktop\StarCraft II.lnk

    2016-09-09 16:25 - 2016-01-10 21:53 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk

    2016-09-09 16:25 - 2015-12-30 22:04 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk

    2016-09-09 16:25 - 2015-12-29 13:37 - 00001088 _____ C:\Users\Public\Desktop\Notepad++.lnk

    2016-09-09 16:25 - 2015-12-26 21:04 - 00001207 _____ C:\Users\Public\Desktop\Diablo III.lnk

    2016-09-09 16:25 - 2015-12-26 20:25 - 00001213 _____ C:\Users\Public\Desktop\Battle.net.lnk

    2016-09-09 16:25 - 2015-12-26 15:57 - 00001266 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

    2016-09-09 16:25 - 2015-12-24 15:16 - 00001818 _____ C:\Users\Public\Desktop\iTunes.lnk

    2016-09-09 16:25 - 2015-12-24 14:34 - 00002038 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk

    2016-09-09 16:25 - 2015-12-24 14:27 - 00001088 _____ C:\Users\Public\Desktop\iExplorer.lnk

    2016-09-09 16:25 - 2015-12-23 16:41 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

    2016-09-09 16:24 - 2016-08-08 18:08 - 00002277 _____ C:\Users\Cody\Desktop\Discord.lnk

    2016-09-09 16:24 - 2016-07-26 14:12 - 00001192 _____ C:\Users\Cody\Desktop\Syncios.lnk

    2016-09-09 16:24 - 2016-07-24 16:53 - 00001326 _____ C:\Users\Cody\Desktop\TeamSpeak 3 Client.lnk

    2016-09-09 16:24 - 2016-05-29 02:04 - 00002033 _____ C:\Users\Cody\Desktop\install4j.lnk

    2016-09-09 16:24 - 2016-04-06 13:01 - 00001204 _____ C:\Users\Cody\Desktop\SourceTree.lnk

    2016-09-09 16:24 - 2016-04-06 12:20 - 00002291 _____ C:\Users\Cody\Desktop\Git Shell.lnk

    2016-09-09 16:24 - 2016-04-02 14:29 - 00000776 _____ C:\Users\Cody\Desktop\Eclipse.lnk

    2016-09-09 16:24 - 2016-03-08 18:55 - 00001274 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice IV.lnk

    2016-09-09 16:24 - 2016-03-08 18:55 - 00001250 _____ C:\Users\Cody\Desktop\LTspice IV.lnk

    2016-09-09 16:24 - 2016-02-09 20:13 - 00002639 _____ C:\Users\Cody\Desktop\Windows 7 USB DVD Download Tool.lnk

    2016-09-09 16:24 - 2016-02-08 23:15 - 00002282 _____ C:\Users\Cody\Desktop\Dungeons & Dragons Online.lnk

    2016-09-09 16:24 - 2016-02-01 18:13 - 00001224 _____ C:\Users\Cody\Desktop\NavDesk 7.50.lnk

    2016-09-09 16:24 - 2016-01-10 21:53 - 00001040 _____ C:\Users\Cody\Desktop\OSFMount.lnk

    2016-09-09 16:24 - 2016-01-10 14:40 - 00001387 _____ C:\Users\Cody\Desktop\Trend Micro Maximum Security.lnk

    2016-09-09 16:23 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\Cursors

    2016-09-09 14:11 - 2015-12-26 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

    2016-09-07 20:08 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\NDF

    2016-09-07 18:00 - 2015-12-05 16:50 - 00000000 ____D C:\Users\Cody\Documents\Uni

    2016-09-07 16:08 - 2015-12-03 16:38 - 00000000 ____D C:\Users\Cody\AppData\Local\Packages

    2016-09-06 19:16 - 2016-01-11 21:01 - 00000196 _____ C:\Users\Cody\Desktop\New Text Document.txt

    2016-09-04 15:23 - 2015-12-23 17:20 - 00000000 ____D C:\Users\Cody\AppData\Local\CrashDumps

    2016-09-03 23:26 - 2016-01-15 14:52 - 00000000 ____D C:\Program Files (x86)\StarCraft II

    2016-09-03 20:33 - 2016-04-02 14:05 - 00000000 ____D C:\Users\Cody\.oracle_jre_usage

    2016-09-02 17:04 - 2016-04-08 22:28 - 00000000 ____D C:\Users\Cody\AppData\Roaming\SpaceEngineers

    2016-09-01 18:40 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

    2016-09-01 18:40 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp

    2016-09-01 10:54 - 2016-07-24 16:54 - 00000000 ____D C:\Program Files (x86)\Overwolf

    2016-08-31 22:55 - 2016-07-24 16:54 - 00000002 _____ C:\END

    2016-08-31 13:32 - 2016-01-10 21:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer

    2016-08-29 23:31 - 2015-12-26 20:30 - 00000000 ____D C:\Program Files (x86)\Diablo III

    2016-08-29 20:12 - 2016-08-08 18:08 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc

    2016-08-29 20:12 - 2016-08-08 18:08 - 00000000 ____D C:\Users\Cody\AppData\Roaming\discord

    2016-08-29 20:11 - 2016-08-08 18:07 - 00000000 ____D C:\Users\Cody\AppData\Local\Discord

    2016-08-22 23:54 - 2016-02-27 20:54 - 00000000 ____D C:\Users\Cody\Documents\Nexus Mod Manager

    2016-08-21 23:56 - 2016-02-27 14:35 - 00000000 ____D C:\Users\Cody\AppData\Local\Skyrim

    2016-08-17 11:16 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

    2016-08-17 11:15 - 2016-01-12 14:01 - 00000000 ____D C:\Program Files\Microsoft Office 15

    2016-08-16 22:07 - 2016-07-24 16:53 - 00000000 ____D C:\Users\Cody\AppData\Roaming\TS3Client

    2016-08-16 13:45 - 2015-12-30 22:04 - 00000000 ___RD C:\Program Files (x86)\Skype

    2016-08-16 13:45 - 2015-12-30 22:04 - 00000000 ____D C:\ProgramData\Skype

    2016-08-12 11:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\rescache

    2016-08-11 09:13 - 2013-10-22 11:22 - 00000000 __RHD C:\Users\Public\AccountPictures

    2016-08-11 01:10 - 2015-10-30 19:07 - 00000000 ____D C:\Program Files\Windows Journal

    2016-08-11 01:10 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

    2016-08-11 01:10 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB

    2016-08-11 01:10 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\en-GB


    ==================== Files in the root of some directories =======


    2016-03-08 20:07 - 2016-05-30 17:17 - 0004622 _____ () C:\Users\Cody\AppData\Roaming\LTspiceIV.ini

    2016-03-11 01:06 - 2016-05-27 19:03 - 0000600 _____ () C:\Users\Cody\AppData\Roaming\winscp.rnd

    2016-01-10 14:35 - 2016-01-10 14:35 - 0000036 _____ () C:\Users\Cody\AppData\Local\housecall.guid.cache

    2016-03-31 17:25 - 2016-05-01 14:45 - 0000600 _____ () C:\Users\Cody\AppData\Local\PUTTY.RND

    2016-09-03 21:25 - 2016-09-03 21:25 - 0013914 _____ () C:\Users\Cody\AppData\Local\recently-used.xbel

    2016-01-10 15:43 - 2016-09-09 23:01 - 0000010 _____ () C:\Users\Cody\AppData\Local\sponge.last.runtime.cache

    2015-12-23 18:11 - 2015-12-23 18:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    2013-10-22 13:07 - 2013-10-22 13:08 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log

    2013-10-22 13:04 - 2013-10-22 13:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log

    2013-10-22 13:05 - 2013-10-22 13:05 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log

    2013-10-22 13:06 - 2013-10-22 13:07 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log

    2013-10-22 13:04 - 2013-10-22 13:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log


    Files to move or delete:

    ====================

    C:\Users\Cody\Q2BlockDiagram2.exe

    C:\Users\Cody\Q3Simulation.exe



    Some files in TEMP:

    ====================

    C:\Users\Cody\AppData\Local\Temp\0172691451345113mcinst.exe

    C:\Users\Cody\AppData\Local\Temp\59f3-ed9e-90bb-abe8.exe

    C:\Users\Cody\AppData\Local\Temp\COMAP.EXE

    C:\Users\Cody\AppData\Local\Temp\Execute2App.exe

    C:\Users\Cody\AppData\Local\Temp\jansi-64-1810959505688073440.dll

    C:\Users\Cody\AppData\Local\Temp\jansi-64-7499072956835013738.dll

    C:\Users\Cody\AppData\Local\Temp\jansi-64-8795685801070610727.dll

    C:\Users\Cody\AppData\Local\Temp\jre-8u101-windows-au.exe

    C:\Users\Cody\AppData\Local\Temp\jre-8u91-windows-au.exe

    C:\Users\Cody\AppData\Local\Temp\McCSPInstall.dll

    C:\Users\Cody\AppData\Local\Temp\mccspuninstall.exe

    C:\Users\Cody\AppData\Local\Temp\msvcp90.dll

    C:\Users\Cody\AppData\Local\Temp\msvcr90.dll

    C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe

    C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe

    C:\Users\Cody\AppData\Local\Temp\nvSCPAPI.dll

    C:\Users\Cody\AppData\Local\Temp\nvSCPAPI64.dll

    C:\Users\Cody\AppData\Local\Temp\nvStInst.exe

    C:\Users\Cody\AppData\Local\Temp\SynciosDeviceService.exe

    C:\Users\Cody\AppData\Local\Temp\TmDbgLog.dll

    C:\Users\Cody\AppData\Local\Temp\utils.dll

    C:\Users\Cody\AppData\Local\Temp\xmlUpdater.exe



    ==================== Bamital & volsnap =================


    (There is no automatic fix for files that do not pass verification.)


    C:\WINDOWS\system32\winlogon.exe => File is digitally signed

    C:\WINDOWS\system32\wininit.exe => File is digitally signed

    C:\WINDOWS\explorer.exe => File is digitally signed

    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

    C:\WINDOWS\system32\svchost.exe => File is digitally signed

    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

    C:\WINDOWS\system32\services.exe => File is digitally signed

    C:\WINDOWS\system32\User32.dll => File is digitally signed

    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

    C:\WINDOWS\system32\userinit.exe => File is digitally signed

    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

    C:\WINDOWS\system32\rpcss.dll => File is digitally signed

    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



    LastRegBack: 2016-09-07 11:23


    ==================== End of FRST.txt ============================
     
  4. Azadai

    Azadai TS Rookie Topic Starter

    Additional.txt Log


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016

    Ran by Cody (10-09-2016 20:05:02)

    Running from C:\Users\Cody\Downloads

    Windows 10 Home Version 1511 (X64) (2015-12-23 09:39:46)

    Boot Mode: Normal

    ==========================================================



    ==================== Accounts: =============================


    Administrator (S-1-5-21-3313481241-1894715402-4189534921-500 - Administrator - Enabled) => C:\Users\Administrator

    Cody (S-1-5-21-3313481241-1894715402-4189534921-1004 - Administrator - Enabled) => C:\Users\Cody

    DefaultAccount (S-1-5-21-3313481241-1894715402-4189534921-503 - Limited - Disabled)

    Guest (S-1-5-21-3313481241-1894715402-4189534921-501 - Limited - Disabled)

    HomeGroupUser$ (S-1-5-21-3313481241-1894715402-4189534921-1003 - Limited - Enabled)


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Trend Micro Maximum Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: Trend Micro Maximum Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)

    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)

    Akamai NetSession Interface (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Akamai) (Version: - Akamai Technologies, Inc)

    Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

    Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)

    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)

    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.06020 - Cisco Systems, Inc.)

    Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.06020 - Cisco Systems, Inc.) Hidden

    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

    Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)

    Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)

    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)

    Discord (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)

    DOOM 3 (HKLM\...\Steam App 9050) (Version: - id Software)

    DOOM 3: Resurrection of Evil (HKLM\...\Steam App 9070) (Version: - id Software)

    DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden

    Dungeons & Dragons Online v2600.0045.4801.4249 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 2600.0045.4801.4249 - Atari, Inc.)

    Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)

    GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)

    GitHub (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\5f7eb300e2ea4ebf) (Version: 3.0.17.0 - GitHub, Inc.)

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)

    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden

    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)

    iExplorer 3.2.5.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)

    install4j 6.1.1 (HKLM\...\6187-37938-2029-3898) (Version: 6.1.1 - ej-technologies GmbH)

    Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)

    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)

    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)

    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)

    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)

    IzPack 5.0.8 (HKLM\...\IzPack 5.0.8) (Version: - )

    Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)

    Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)

    Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)

    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

    League Screensaver (HKLM-x32\...\LolScreenSaver) (Version: W0.1.19-0.11.13-beta - Riot Games)

    Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)

    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)

    LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden

    LOOT version 0.9.2 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.2 - LOOT Team)

    LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )

    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

    MATLAB R2015a (HKLM\...\Matlab R2015a) (Version: 8.5 - MathWorks)

    MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)

    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)

    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)

    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)

    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

    Might & Magic: Heroes VI (HKLM\...\Steam App 48220) (Version: - Blackhole)

    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

    Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)

    Mozilla Thunderbird 45.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.1.0 (x86 en-US)) (Version: 45.1.0 - Mozilla)

    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)

    NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)

    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.15 - Black Tree Gaming)

    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)

    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)

    NVIDIA 3D Vision Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)

    NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)

    NVIDIA Graphics Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)

    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

    NVIDIA Miracast Virtual Audio 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.43 - NVIDIA Corporation)

    NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)

    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden

    Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden

    Office 15 Click-to-Run Localization Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden

    OpenAL (HKLM-x32\...\OpenAL) (Version: - )

    OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)

    Overwolf (HKLM-x32\...\Overwolf) (Version: 0.97.209.0 - Overwolf Ltd.)

    Python 3.5.1 (32-bit) (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)

    Python 3.5.1 Add to Path (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Core Interpreter (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Core Interpreter (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Development Libraries (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Executables (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Executables (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)

    Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Standard Library (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Standard Library (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Tcl/Tk Support (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Tcl/Tk Support (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Test Suite (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Test Suite (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden

    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)

    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)

    Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden

    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)

    Sanctum (HKLM\...\Steam App 91600) (Version: - Coffee Stain Studios)

    Sanctum 2 (HKLM\...\Steam App 210770) (Version: - Coffee Stain Studios)

    SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden

    SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden

    Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)

    Skyrim Creation Kit (HKLM\...\Steam App 202480) (Version: - bgs.bethsoft.com)

    Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version: - The SKSE Team)

    SourceTree (HKLM-x32\...\SourceTree 1.8.3) (Version: 1.8.3 - Atlassian)

    SourceTree (x32 Version: 1.8.3 - Atlassian) Hidden

    Space Engineers (HKLM\...\Steam App 244850) (Version: - Keen Software House)

    StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)

    SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM-x32\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)

    SUPER © v2016.Build.69+3D+Recorder (2016/04/02) version v2016.B (HKLM-x32\...\{CB93965C-C24C-437D-839B-285188F22F11}_is1) (Version: v2016.Build.69+3D+Recorder - eRightSoft)

    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.02 - NCH Software)

    Syncios 5.0.6 (HKLM-x32\...\Syncios) (Version: 5.0.6 - Anvsoft)

    TeamSpeak 3 Client (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)

    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)

    The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)

    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)

    TomTom MyDrive Connect 4.1.1.2797 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.1.2797 - TomTom)

    Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)

    Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.7.0.1075 - Trend Micro Inc.)

    Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden

    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

    Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

    WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

    WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)

    Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)

    X3 Albio Prelude Bonus Pack 5.1.0.0 (HKLM-x32\...\X3AP Bonus Pack_is1) (Version: 5.1.0.0 - Egosoft)

    X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version: - Egosoft)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    CustomCLSID: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Cody\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

    Task: {0CA8690D-AB37-4F2A-B16E-8C0B14C35751} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION

    Task: {0E45AFB6-E450-403B-BD83-DA4043A10184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)

    Task: {34726F01-7385-4433-BB2F-2804E3F9F7A2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)

    Task: {5878757E-0C48-4924-B243-B3DBAB029162} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

    Task: {637C4646-000D-4A11-8518-F7B5B05A176E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)

    Task: {644B9F54-3DCC-44F9-B8A5-140BC69E972B} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-08-30] (Overwolf LTD)

    Task: {6A041227-2399-4548-91CC-C9010A5B9FBB} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-10] (Dell, Inc.)

    Task: {7894DFAA-F794-402C-B9CF-CC055DDF878A} - System32\Tasks\MATLAB R2015a Startup Accelerator => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe [2014-12-29] ()

    Task: {7FC4820F-C243-41E4-B28B-B9A3B40F127F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-29] (Microsoft Corporation)

    Task: {825A6E9B-B251-45F6-A43E-E94A478DEDF2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)

    Task: {887B87CD-41FD-4B97-89F7-A9149F7BF159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-29] (Microsoft Corporation)

    Task: {A977D273-0777-462E-B2E4-1E4299246434} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()

    Task: {ABC6C0C1-AE6F-45CC-9008-D495FF304FB0} - \SystemToolsDailyTest -> No File <==== ATTENTION

    Task: {AE1A82E7-31E3-498D-80BE-AE7868BF04AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-05] (Adobe Systems Incorporated)

    Task: {B7402253-40F4-4D72-80A6-F3D6E2B05E7E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)

    Task: {C250ADC3-70D8-4AE1-A387-C6A38AD76193} - \WPD\SqmUpload_S-1-5-21-3313481241-1894715402-4189534921-1001 -> No File <==== ATTENTION

    Task: {C352EE92-713C-4F06-81A4-277A3E84FBDA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)

    Task: {C38429A3-91EE-40C4-BC95-BB5B09440BD4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)

    Task: {CD8CD085-35ED-4D4C-84FC-D33D00BB5993} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)

    Task: {DC2DF0E1-D6ED-4155-A9A2-95F77B3013BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)

    Task: {DE1ADDA9-92A9-455E-B423-2F8AE5138F3A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)

    Task: {EDD27B22-CD7B-4ADC-9EE0-BEFB231D6388} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-05] (Microsoft Corporation)

    Task: {FC805CF4-6310-4A26-BAC3-29F6D23EEF2C} - \PCDEventLauncherTask -> No File <==== ATTENTION


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe

    Task: C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe


    ==================== Shortcuts =============================


    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\Cody\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html


    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "


    ==================== Loaded Modules (Whitelisted) ==============


    2015-10-30 17:17 - 2015-10-30 17:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll

    2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

    2015-12-23 18:11 - 2016-02-24 06:28 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

    2016-01-10 14:37 - 2015-03-31 21:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll

    2016-01-10 14:37 - 2015-03-31 21:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll

    2016-01-10 14:37 - 2015-03-31 21:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll

    2016-01-10 14:37 - 2015-03-31 21:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll

    2016-01-10 14:37 - 2015-03-31 21:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll

    2016-01-10 14:37 - 2015-03-31 21:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll

    2015-12-29 09:23 - 2015-07-17 04:31 - 00168544 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll

    2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

    2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

    2016-03-31 04:25 - 2016-03-31 04:25 - 00707072 _____ () C:\Riot Games\LolScreenSaver\service\service.exe

    2016-01-10 14:39 - 2015-07-17 04:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll

    2016-01-10 14:39 - 2015-07-17 04:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll

    2016-01-10 14:39 - 2015-07-17 04:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll

    2016-01-10 14:39 - 2015-07-17 04:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll

    2016-01-12 14:01 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

    2016-01-10 14:37 - 2014-08-01 20:17 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll

    2016-07-17 20:06 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

    2016-07-17 20:06 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

    2016-07-27 12:03 - 2016-05-25 02:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

    2016-04-19 08:33 - 2016-04-19 08:33 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

    2016-01-10 14:37 - 2016-07-14 12:49 - 40970752 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe

    2015-12-24 11:54 - 2015-12-07 14:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

    2016-07-17 20:07 - 2016-07-01 13:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

    2016-07-17 20:06 - 2016-07-01 13:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

    2016-07-17 20:06 - 2016-07-01 13:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

    2016-07-17 20:06 - 2016-07-01 13:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

    2016-07-17 20:06 - 2016-07-01 13:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

    2015-12-29 09:23 - 2015-07-17 04:31 - 00065520 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll

    2015-03-07 10:07 - 2015-03-07 10:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll

    2016-01-07 05:43 - 2016-01-07 05:43 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll

    2015-03-07 10:07 - 2015-03-07 10:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll

    2016-01-07 05:43 - 2016-01-07 05:43 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll

    2016-03-02 16:12 - 2016-02-17 16:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll

    2015-12-23 16:38 - 2016-02-17 16:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll

    2016-03-02 16:12 - 2016-02-17 16:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll

    2015-09-24 03:53 - 2015-09-24 03:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

    2016-04-19 08:33 - 2016-04-19 08:33 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

    2016-04-19 08:33 - 2016-04-19 08:33 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

    2015-12-23 16:38 - 2016-02-17 17:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

    2016-08-09 09:58 - 2016-08-03 10:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll

    2016-08-09 09:58 - 2016-08-03 10:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll

    2013-10-22 13:04 - 2013-03-05 13:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

    2013-03-06 04:41 - 2013-03-06 04:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

    2015-12-29 09:23 - 2015-07-17 04:31 - 00092792 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_57.dll

    2015-12-29 09:23 - 2015-07-17 04:31 - 00024312 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_system-vc110-mt-1_57.dll

    2015-12-29 09:23 - 2015-07-17 04:31 - 00032552 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_chrono-vc110-mt-1_57.dll

    2015-12-29 09:23 - 2015-07-17 04:31 - 00049544 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_57.dll

    2013-10-22 12:59 - 2013-08-09 22:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    2015-12-05 17:43 - 2016-08-09 09:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll

    2015-12-05 17:43 - 2015-07-02 08:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

    2015-12-05 17:43 - 2016-08-24 05:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll

    2015-12-05 17:43 - 2015-07-02 08:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

    2015-12-05 17:43 - 2015-07-02 08:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

    2015-12-05 17:43 - 2016-01-27 17:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

    2015-12-05 17:43 - 2016-01-27 17:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

    2015-12-05 17:43 - 2016-01-27 17:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

    2015-12-05 17:43 - 2016-01-27 17:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

    2015-12-05 17:43 - 2016-01-27 17:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

    2015-12-05 17:43 - 2016-08-24 05:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

    2016-03-09 21:31 - 2016-07-05 08:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll

    2015-12-05 17:43 - 2016-08-05 06:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

    2015-12-05 17:43 - 2015-09-25 09:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

    2016-02-29 23:41 - 2016-02-29 23:41 - 00125952 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_loader.dll

    2016-02-29 23:41 - 2016-02-29 23:41 - 00901120 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_1_9_32.dll

    2016-02-29 23:46 - 2016-02-29 23:46 - 00225280 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\AHZmoreHUDPlugin.dll

    2016-08-16 21:40 - 2016-08-16 21:40 - 00585216 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\chargen.dll

    2016-08-18 22:17 - 2016-08-18 22:17 - 00756736 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\DeviousDevices.dll

    2016-08-22 00:36 - 2016-08-22 00:36 - 00030720 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\Flying_Physics.dll

    2016-08-21 00:50 - 2016-08-21 00:50 - 10804224 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\hdtPhysicsExtensions.dll

    2016-08-18 11:12 - 2016-08-18 11:12 - 02268672 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\JContainers.dll

    2016-08-22 23:18 - 2016-08-22 23:18 - 00214528 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\MfgConsole.dll

    2016-08-16 21:40 - 2016-08-16 21:40 - 00827904 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\nioverride.dll

    2016-08-22 23:54 - 2016-08-22 23:54 - 00385024 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\SchlongsOfSkyrim.dll

    2016-08-22 23:18 - 2016-08-22 23:18 - 00563712 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\SexLabUtil.dll

    2016-08-22 23:54 - 2016-08-22 23:55 - 00945152 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\StorageUtil.dll

    2016-08-28 20:24 - 2016-08-28 20:24 - 00107008 _____ () C:\Program Files (x86)\Steam\steamapps\common\Skyrim\Data\SKSE\Plugins\zzEstrusUtil.dll

    2015-12-05 17:43 - 2016-08-24 05:33 - 00380192 _____ () C:\Program Files (x86)\Steam\steam.dll

    2010-12-18 05:56 - 2010-12-18 05:56 - 02603520 _____ () c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll

    2010-01-13 09:55 - 2010-01-13 09:55 - 00322048 _____ () c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll

    2010-12-18 05:56 - 2010-12-18 05:56 - 00382464 _____ () c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll

    2010-12-17 05:16 - 2010-12-17 05:16 - 00195584 _____ () c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll

    2013-03-08 05:54 - 2013-03-08 05:54 - 00071680 _____ () c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)



    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"


    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
  5. Azadai

    Azadai TS Rookie Topic Starter

    Continued



    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)


    IE trusted site: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\cpp.edu -> hxxp://www.cpp.edu

    IE trusted site: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\trendmicro.com -> hxxps://pwm.trendmicro.com


    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2013-08-22 23:25 - 2016-09-10 02:28 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000


    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Cody\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\abstract_blue_2-wide.jpg

    DNS Servers: 192.168.1.1

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)

    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    (Currently there is no automatic fix for this section.)


    MSCONFIG\Services: Hamachi2Svc => 2

    HKLM\...\StartupApproved\Run: => "iTunesHelper"

    HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"

    HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

    HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"

    HKLM\...\StartupApproved\Run32: => "Syncios device service"

    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "OneDrive"

    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "Skype"

    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "Akamai NetSession Interface"


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

    FirewallRules: [{A9947E99-A1EF-4F26-9EFD-F87C0E964F2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{5F6A678E-CD6B-4ACB-8A49-8A3004ADCF4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{77D0F2C6-8EE2-4A17-A337-F00437EFBCB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

    FirewallRules: [{FE6B164A-F5F1-4717-B713-5122C6ABE70D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

    FirewallRules: [{8D95307E-19DF-426C-A372-26F207A8B9EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

    FirewallRules: [{9A0EEA54-D77D-4B3B-A7B4-2E2109525A89}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

    FirewallRules: [{16EB0374-956D-4FD6-BBEB-47D49A8BFB97}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

    FirewallRules: [{B3CB7CA5-FAA4-4FFA-BC91-A4458C4FFE40}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    FirewallRules: [{77CCC0A3-32AB-47A7-A442-5E53A1787835}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    FirewallRules: [{3BA82FA7-D5A2-4D8B-817F-B4BA913B606B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

    FirewallRules: [{222B695A-17A5-4214-BE9F-F43F633612D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

    FirewallRules: [{522E4307-3DE4-41C9-9966-FA01135C355A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

    FirewallRules: [{1DE53467-7E0B-4E74-B286-655016B8BCF6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

    FirewallRules: [{D54F8AE3-B2A4-41C9-8D0D-D0830189FF72}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

    FirewallRules: [{0D6F5875-0034-4A8F-8D2B-229A8479C259}] => (Allow) LPort=1900

    FirewallRules: [{96622F71-4E28-424D-BA43-1ACD58541503}] => (Allow) LPort=2869

    FirewallRules: [{6596E0CE-57DD-4A46-85B4-22AB5DB05FF1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

    FirewallRules: [{A7FE2FA4-99FE-4E18-AE16-1507697E67EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe

    FirewallRules: [{267DC37D-7AEB-44D3-94F3-E0F9DF5B22B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

    FirewallRules: [{110684A9-9987-4037-93F7-E0A3FA8BF4BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{44D837CB-B2D4-4C5A-984F-7BAA4D289853}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{E47DB184-D86A-470B-AA1B-391C13A22608}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{1A70B8E7-2CC1-4860-871B-E0B74364EFD5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{1282EEC9-4F47-4BE1-BBAB-583DAA5722D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    FirewallRules: [{A9B9004B-58BD-450F-AD14-4864CB8C30D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3AP.exe

    FirewallRules: [{15DDEDAF-C063-43F1-8D0B-8D5C98B56AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3AP.exe

    FirewallRules: [{B69E0C68-6702-4BEC-873C-BAF33839CB15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe

    FirewallRules: [{26ADF8C7-8444-454C-961A-B05D948E611E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe

    FirewallRules: [TCP Query User{E04E57A0-38B2-4E02-A58B-99B9E78505D0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe

    FirewallRules: [UDP Query User{DD567391-4D5C-4152-AAC4-768994DCCB2D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe

    FirewallRules: [{D9D52B2F-5D7B-47B9-ACE4-A4D3EC639640}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe

    FirewallRules: [{64FD604F-DA42-4C03-888A-E20111DA7EFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe

    FirewallRules: [TCP Query User{F159914B-EE3F-46C1-85EC-23A6A92315E0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

    FirewallRules: [UDP Query User{1FCE66A2-05F1-4603-88DD-0CA56C838DC4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

    FirewallRules: [{EF3C0257-D45F-41D2-9689-88C2671B3A66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

    FirewallRules: [{6F060CE0-6382-4FDA-BC82-D00748DC22A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe

    FirewallRules: [{049FBF91-B1F3-4712-A895-B77885AA831B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

    FirewallRules: [{9A45A3B5-3192-4E65-9053-2BF67F78ACEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe

    FirewallRules: [{EEBDCBC5-2F04-43FD-9314-7E006C16F8D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

    FirewallRules: [{0E4B7A13-938C-4563-B937-30BCB4F2CB04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

    FirewallRules: [{01C5562B-48D0-45D8-823F-EDC54B9B75DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    FirewallRules: [{1E1A07F8-4F25-44D1-983F-9363D43AAA6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    FirewallRules: [{BAA820F2-EA1C-43B1-A196-2E3CC85D986A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

    FirewallRules: [{91455FA5-6370-4553-9F46-E123093C78A2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

    FirewallRules: [{683C45A1-FA8B-47E3-A412-79A22205FE7F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

    FirewallRules: [{F6557CC3-1AD8-42B5-8932-F80FC2A093B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

    FirewallRules: [{05E99840-67E7-4C7E-B478-58BBAA3A8BC5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

    FirewallRules: [{27F26161-42BF-450C-9742-E05AD2C67374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe

    FirewallRules: [{652E8502-7341-4B7D-BF9F-2968E6008408}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe

    FirewallRules: [TCP Query User{0EB72472-483D-4BF4-A9DA-614BA23FD791}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe

    FirewallRules: [UDP Query User{A9CD5D1A-095A-4058-94E7-8E3E4F6C329D}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe

    FirewallRules: [TCP Query User{1B309030-7374-4F84-B158-0B5F330FECDC}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{40526C0A-1D12-488C-8197-E8044DA1D524}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe

    FirewallRules: [TCP Query User{F3A0747E-C61C-43C1-8774-7221968CEEED}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe

    FirewallRules: [UDP Query User{298B4449-614B-4A09-98E7-779AA65197F7}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe

    FirewallRules: [TCP Query User{37756491-7EF2-4D52-8A70-6F66A7428085}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

    FirewallRules: [UDP Query User{1F223779-4408-4BA3-9343-D434A420DDF7}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

    FirewallRules: [{5997C51A-BA5F-43B5-AD89-77C8EF2B1209}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe

    FirewallRules: [{02F7E7EE-4843-47F5-97B9-4249BE392C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe

    FirewallRules: [{B97946BE-C0AA-434E-BE89-25E6521B9DB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe

    FirewallRules: [{50A3E8EB-14BC-4FD0-9C17-D05238DE06B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe

    FirewallRules: [TCP Query User{0E515C08-91E0-4280-B6A8-8874B3A58F63}C:\users\cody\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cody\appdata\local\akamai\netsession_win.exe

    FirewallRules: [UDP Query User{4CD8EF3D-3FBF-42D4-8C60-2FDDEA31CF9A}C:\users\cody\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cody\appdata\local\akamai\netsession_win.exe

    FirewallRules: [TCP Query User{90D51B5B-3D65-45B3-9911-59DB55424F13}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{6C85ED2D-87CD-46C4-A31A-20861F186374}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe

    FirewallRules: [TCP Query User{14BCB45D-238D-4234-9F2B-89E34100B26B}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe

    FirewallRules: [UDP Query User{5BE86246-0BE2-4B7A-8F2D-D578E1A68B6C}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe

    FirewallRules: [{25B46F39-9EB6-496A-8741-355E0EC1F7E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

    FirewallRules: [{6F77B0FF-F3DD-499C-A807-A2871BCDB4ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe

    FirewallRules: [{B3DB7049-1EDB-487B-B564-C78AF86F8C9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe

    FirewallRules: [{636FCC9A-EE44-4B74-9484-668301E4E67B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe

    FirewallRules: [{BDC69297-0BA9-4957-B054-37256D9F77BA}] => (Allow) C:\Program Files\NetDrive2\nd2svc.exe

    FirewallRules: [{D49EE5B7-C9C2-4751-9C89-2A2C1978F77E}] => (Allow) C:\Program Files\NetDrive2\NetDrive2.exe

    FirewallRules: [{26E9CCCC-2D6E-44C4-8860-86B682A0AD40}] => (Allow) C:\Program Files\NetDrive2\nd2cmd.exe

    FirewallRules: [{9D7FCC3C-5AE9-4D7C-BB75-DB30B001A815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe

    FirewallRules: [{A5CC5BE0-3956-4415-8398-E05BF8C29FD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe

    FirewallRules: [TCP Query User{E31FA226-D80B-4D04-B8B0-1E9E4D0BAAF0}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe

    FirewallRules: [UDP Query User{52D21E49-B16B-4F5F-9ECA-7DD89AF01E4C}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe

    FirewallRules: [TCP Query User{F3241641-FE00-4172-8348-D99CD877B440}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{3CDB9F64-E845-452B-954D-A96CC3B99852}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe

    FirewallRules: [TCP Query User{06B447F7-A6ED-4046-B455-0ABCB0E2453E}C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe

    FirewallRules: [UDP Query User{1A9D08F6-9171-4FC6-9E46-8FC3D7CED94F}C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe

    FirewallRules: [TCP Query User{D355F44D-2F9D-40ED-8F7E-510FCE05EB0C}C:\program files (x86)\python35-32\pythonw.exe] => (Allow) C:\program files (x86)\python35-32\pythonw.exe

    FirewallRules: [UDP Query User{663B42A7-69C1-4CB0-8BEF-EB255C0FF584}C:\program files (x86)\python35-32\pythonw.exe] => (Allow) C:\program files (x86)\python35-32\pythonw.exe

    FirewallRules: [{3AEFF351-671F-4966-9CD1-60C90E02C827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe

    FirewallRules: [{8A3EE691-42AC-44CA-A7E9-4CF04764DB3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe

    FirewallRules: [{F932FB5B-423E-42BC-BAD5-193DF01754B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{59FC7ED3-70AB-4955-B9BE-D3EDAA03AA59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    FirewallRules: [{C3FC3765-44FD-4569-8930-7DCCF6094F6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe

    FirewallRules: [{ECF64800-B24F-4D75-B9A6-B30815041DC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe

    FirewallRules: [TCP Query User{9E600AD2-5C71-4CDC-821D-AACEA7C116B6}C:\users\cody\documents\eclipse\eclipse.exe] => (Allow) C:\users\cody\documents\eclipse\eclipse.exe

    FirewallRules: [UDP Query User{E1CD5BEC-C61B-4F65-B800-1E8DE38ADF14}C:\users\cody\documents\eclipse\eclipse.exe] => (Allow) C:\users\cody\documents\eclipse\eclipse.exe

    FirewallRules: [TCP Query User{ECC3D302-D645-4ADD-BB5C-732B8C35D7B1}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{E8785A6C-A4EA-4C69-ADFD-3EB2689FA9A7}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe

    FirewallRules: [TCP Query User{39542793-7AF3-431D-8E4F-84AC1A96AC59}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe

    FirewallRules: [UDP Query User{4C05D73F-E651-494D-838C-7F5E09817FDB}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe

    FirewallRules: [TCP Query User{1876CD3D-F313-419F-B997-EC97FC9FDB9A}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{5E5B6466-7069-477D-8670-6337164CC952}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe

    FirewallRules: [{8647EDB1-9A7F-44AA-A455-1422BAB3C1DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe

    FirewallRules: [{A6C738F4-6201-40F3-9E9E-606DB2FD5CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe

    FirewallRules: [TCP Query User{F20E730F-B223-44AD-970E-AB7537691464}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{A9EA59A8-B30E-416A-AEFF-D076167E9DBA}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe

    FirewallRules: [TCP Query User{5EB66BFA-829B-491B-8118-57FB33A0A313}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe

    FirewallRules: [UDP Query User{42EDBBA7-8BA4-41FE-BA0D-483016B40367}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe

    FirewallRules: [{0718C3C3-CA75-4D49-81B6-31F402D1FF73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe

    FirewallRules: [{5B656C7D-2C0B-42EB-BE1D-AED9B70BC619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe

    FirewallRules: [TCP Query User{2C285D7B-34A0-4F90-8D3E-9E8602A435DD}C:\program files\install4j6\bin\install4j.exe] => (Allow) C:\program files\install4j6\bin\install4j.exe

    FirewallRules: [UDP Query User{7A6A7CB9-D690-44BF-92C7-DDA7DE97F3CA}C:\program files\install4j6\bin\install4j.exe] => (Allow) C:\program files\install4j6\bin\install4j.exe

    FirewallRules: [{5B8C371A-9AAA-44BD-8613-1F8727044004}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe

    FirewallRules: [{171E700E-538F-40BF-B761-B2EE12F0D9BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe

    FirewallRules: [TCP Query User{93607D63-BFF1-4388-B643-87BFE54AAEEF}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{4312334E-F747-4355-80C1-2C1AD397BC30}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe

    FirewallRules: [TCP Query User{11C2BF2A-F6E3-4091-AA9E-61B05B574584}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe

    FirewallRules: [UDP Query User{1B4212E6-486D-4F22-B907-150476DAFD73}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe

    FirewallRules: [{1B5FDB0D-820A-4194-8D88-4F0AD45C12F7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe

    FirewallRules: [{B144D89B-345C-46AF-B9CE-A25F6671C3FD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe

    FirewallRules: [TCP Query User{1CCB3762-3766-4D4C-BFD2-FBA2129EEBAC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

    FirewallRules: [UDP Query User{5579875B-784D-4A22-9464-AF0C0CCE87A3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

    FirewallRules: [TCP Query User{53B05ADF-5025-46E0-8CD4-80792430BC0C}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{3E72EA3C-A8A7-40D2-B6E6-774A2B43A0A1}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe

    FirewallRules: [TCP Query User{3E0066E0-2808-449B-99C2-150127843537}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe

    FirewallRules: [UDP Query User{88998446-CC83-4501-881D-68781EC85CD6}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe

    FirewallRules: [TCP Query User{36D8D677-06AF-41BD-9E53-48B716966776}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

    FirewallRules: [UDP Query User{C5147C01-18DE-48C3-934F-58F48562C182}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

    FirewallRules: [TCP Query User{E47D89E9-7D7A-44FE-B617-D5A65EF909E1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

    FirewallRules: [UDP Query User{F83B69D0-7302-4C29-A995-0F971CF80E7D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

    FirewallRules: [{6BD419A0-68C9-4A17-8456-2A67A2DCFAAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3TC.exe

    FirewallRules: [{D1D03B35-009D-4338-B32D-76C9FE7F678E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3TC.exe

    FirewallRules: [TCP Query User{B4247BC6-22FA-4D02-8FAF-BE36BDEE2359}C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{CD2A4EFE-1AC9-4D3F-9009-032B64EA301A}C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe

    FirewallRules: [{AFECF350-FF79-4C2F-A0C1-8FAE2053EF54}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe

    FirewallRules: [{FDCE9949-FCF9-434C-A7E3-3C4308C238FA}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe

    FirewallRules: [TCP Query User{669DD9AF-15BA-4003-92F2-024F5B165304}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{A330EE98-1B46-4E2B-972C-91417F071520}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe

    FirewallRules: [{C8634E7C-88B2-48F1-996A-D16225FC42A2}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe

    FirewallRules: [{306561D3-0071-4ED3-8CA0-8CAD9BEF295E}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe

    FirewallRules: [TCP Query User{F2BBF05C-7969-45E7-BC72-48E4FD1DA3A7}C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe

    FirewallRules: [UDP Query User{559D5153-B402-4D04-9C96-AB079380586B}C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe

    FirewallRules: [{A648FDF1-B153-4FD7-8272-418FAFD1EF42}] => (Block) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe

    FirewallRules: [{8ED57D8E-EF78-4563-B27A-D2677E8D17A9}] => (Block) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe

    FirewallRules: [TCP Query User{ADD0F885-717F-4576-9EEE-3123A9D1C93C}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

    FirewallRules: [UDP Query User{66102041-2C64-483A-89F5-C20DB4489584}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

    FirewallRules: [{18D0ACC1-CCB0-4573-85FA-20206DC06702}] => (Block) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

    FirewallRules: [{ACD122B4-7C67-41DE-AB9A-2A9224249C79}] => (Block) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe

    FirewallRules: [{88B07424-E7D5-4E3C-BAF4-6D6DC3AC23AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    FirewallRules: [TCP Query User{77719439-521D-4A32-B293-D126AD1871F2}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{DB11DF07-083C-4AD1-B493-13228B239FC1}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe

    FirewallRules: [{F66BFF1F-064D-4251-BB96-EC8A374B0AED}] => (Block) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe

    FirewallRules: [{EBA61CD5-6EA4-4263-BC26-A8C8DB65B7AA}] => (Block) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe

    FirewallRules: [{67DF9635-7A2F-4D43-9F51-35A193560F16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe

    FirewallRules: [{3E658949-0219-4047-A2CA-54BF0222BC7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe

    FirewallRules: [TCP Query User{9FF1295E-DB75-4619-9CCF-59BB868F14E9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

    FirewallRules: [UDP Query User{DF892856-8A60-4AF9-8EC5-3E733AF06980}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe


    ==================== Restore Points =========================


    20-08-2016 18:39:18 Scheduled Checkpoint

    29-08-2016 11:05:32 Scheduled Checkpoint

    01-09-2016 18:39:19 Windows Update

    10-09-2016 02:23:39 Installed SpyHunter


    ==================== Faulty Device Manager Devices =============


    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

    Manufacturer: Cisco Systems

    Service: vpnva

    Problem: : This device is disabled. (Code 22)

    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.



    ==================== Event log errors: =========================


    Application errors:

    ==================

    Error: (09/10/2016 02:24:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:

    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.


    System Error:

    Access is denied.

    .


    Error: (09/09/2016 04:22:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAH-DESKTOP)

    Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    Error: (09/09/2016 02:18:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAH-DESKTOP)

    Description: Activation of application Microsoft.Getstarted_4.0.12.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    Error: (09/09/2016 02:16:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAH-DESKTOP)

    Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    Error: (09/08/2016 02:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledSPRetry 1203


    Error: (09/08/2016 02:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledEvent 1203


    Error: (09/08/2016 02:54:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: Continuously busy for more than a second


    Error: (09/07/2016 09:35:46 PM) (Source: Application Hang) (EventID: 1002) (User: )

    Description: The program TESV.exe version 1.9.32.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.


    Process ID: 22b0


    Start Time: 01d208f3f4828275


    Termination Time: 163


    Application Path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe


    Report Id: 35457838-74ef-11e6-8294-a41f72ff73f6


    Faulting package full name:


    Faulting package-relative application ID:


    Error: (09/06/2016 11:13:40 PM) (Source: Application Hang) (EventID: 1002) (User: )

    Description: The program explorer.exe version 10.0.10586.494 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.


    Process ID: 1ba0


    Start Time: 01d207d503e9e8cd


    Termination Time: 0


    Application Path: C:\Windows\explorer.exe


    Report Id: 9d97bd6e-7433-11e6-8294-a41f72ff73f6


    Faulting package full name:


    Faulting package-relative application ID:


    Error: (09/05/2016 02:24:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Task Scheduling Error: m->NextScheduledSPRetry 15516



    System errors:

    =============

    Error: (09/10/2016 07:56:49 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

    Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.


    Error: (09/10/2016 07:56:46 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {C2F03A33-21F5-47FA-B4BB-156362A2F239}

    and APPID

    {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


    Error: (09/10/2016 07:56:46 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {C2F03A33-21F5-47FA-B4BB-156362A2F239}

    and APPID

    {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


    Error: (09/10/2016 07:56:37 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {C2F03A33-21F5-47FA-B4BB-156362A2F239}

    and APPID

    {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


    Error: (09/10/2016 07:56:37 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {C2F03A33-21F5-47FA-B4BB-156362A2F239}

    and APPID

    {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


    Error: (09/10/2016 07:56:29 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {C2F03A33-21F5-47FA-B4BB-156362A2F239}

    and APPID

    {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


    Error: (09/10/2016 07:56:29 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {C2F03A33-21F5-47FA-B4BB-156362A2F239}

    and APPID

    {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


    Error: (09/10/2016 07:56:28 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {C2F03A33-21F5-47FA-B4BB-156362A2F239}

    and APPID

    {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


    Error: (09/10/2016 07:56:28 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {C2F03A33-21F5-47FA-B4BB-156362A2F239}

    and APPID

    {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


    Error: (09/10/2016 07:56:19 PM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)

    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {C2F03A33-21F5-47FA-B4BB-156362A2F239}

    and APPID

    {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.



    CodeIntegrity:

    ===================================

    Date: 2016-09-01 19:52:44.842

    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-08-24 15:20:46.026

    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-08-11 09:12:23.526

    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-08-10 20:06:04.702

    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-31 18:50:06.380

    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-20 12:01:54.017

    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-19 10:11:07.940

    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-18 21:01:38.790

    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-06-22 22:53:22.656

    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    Date: 2016-06-22 11:46:32.091

    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.



    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz

    Percentage of memory in use: 59%

    Total physical RAM: 8108.73 MB

    Available physical RAM: 3321.96 MB

    Total Virtual: 9644.73 MB

    Available Virtual: 3307.84 MB


    ==================== Drives ================================


    Drive c: (OS) (Fixed) (Total:930.37 GB) (Free:81.95 GB) NTFS


    ==================== MBR & Partition Table ==================


    ========================================================

    Disk: 0 (Size: 931.5 GB) (Disk ID: 403870F7)


    Partition: GPT.


    ==================== End of Addition.txt ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] In the future please use Notepad instead of Wordpad to open logs.
    Wordpad creates an extra space and all logs are twice as long and harder for me to read.
    Thank you :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. Azadai

    Azadai TS Rookie Topic Starter

    Sorry about that. Here are the logs from the scans you got me to run:
    RogueKiller:
    RogueKiller V12.6.1.0 (x64) [Sep 6 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.10586) 64 bits version
    Started in : Normal mode
    User : Cody [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 09/11/2016 07:41:54 (Duration : 00:51:37)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 16 ¤¤¤
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084 -> Deleted
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084 -> ERROR [2]
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084 -> ERROR [2]
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://non-block.com/wpad.dat?9a74ebdcc637e6b158803a4faae89dc315986084 -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> ERROR [2]
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3313481241-1894715402-4189534921-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> ERROR [2]

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD10EZEX-75M2NA0 +++++
    --- User ---
    [MBR] b1e9294352e2668e5685f3710fee7062
    [BSP] 45ae2875c3c9a971702dcaf0c0c2a78f : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
    2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 468992 | Size: 490 MB
    3 - Basic data partition | Offset (sectors): 1472512 | Size: 952700 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1952602112 | Size: 450 MB
    User = LL1 ... OK
    User = LL2 ... OK


    MalewareBytes:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/09/2016
    Scan Time: 4:37 PM
    Logfile: malwarebyteslog.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.09.11.03
    Rootkit Database: v2016.08.15.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Cody

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 441541
    Time Elapsed: 45 min, 7 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    AdwClean[C0]:
    # AdwCleaner v6.010 - Logfile created 11/09/2016 at 17:49:48
    # Updated on 12/08/2016 by ToolsLib
    # Database : 2016-09-11.1 [Server]
    # Operating System : Windows 10 Home (X64)
    # Username : Cody - MAH-DESKTOP
    # Running from : C:\Users\Cody\Downloads\adwcleaner_6.010.exe
    # Mode: Clean
    # Support : https://toolslib.net/forum



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****

    [-] File deleted: C:\END
    [-] File deleted: C:\Users\Cody\AppData\Local\Temp\Utils.dll


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inkrevealed.dl.tb.ask.com


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [1292 Bytes] - [11/09/2016 17:49:48]
    C:\AdwCleaner\AdwCleaner[S0].txt - [1584 Bytes] - [11/09/2016 17:42:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1438 Bytes] ##########


    AdwClean[S0]:
    # AdwCleaner v6.010 - Logfile created 11/09/2016 at 17:42:02
    # Updated on 12/08/2016 by ToolsLib
    # Database : 2016-09-11.1 [Server]
    # Operating System : Windows 10 Home (X64)
    # Username : Cody - MAH-DESKTOP
    # Running from : C:\Users\Cody\Downloads\adwcleaner_6.010.exe
    # Mode: Scan
    # Support : https://toolslib.net/forum



    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    No malicious folders found.


    ***** [ Files ] *****

    File Found: C:\END
    File Found: C:\Users\Cody\AppData\Local\Temp\Utils.dll


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    Key Found: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inkrevealed.dl.tb.ask.com


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[S0].txt - [1432 Bytes] - [11/09/2016 17:42:02]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1505 Bytes] ##########


    JRT:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 10 Home x64
    Ran by Cody (Administrator) on 11/09/2016 at 18:08:00.58
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 2

    Successfully deleted: C:\Users\Cody\AppData\Local\crashrpt (Folder)
    Successfully deleted: C:\WINDOWS\prefetch\TOOLBARNATIVEMSGHOST.EXE-FF3881E5.pf (File)



    Registry: 2

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3C2CE495-0E51-4445-B938-7EC00E7B56A5} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11/09/2016 at 18:56:55.45
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  9. Azadai

    Azadai TS Rookie Topic Starter

    Here are the logs from the Farbar scan
    FRST.txt:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
    Ran by Cody (administrator) on MAH-DESKTOP (12-09-2016 11:13:42)
    Running from C:\Users\Cody\Downloads
    Loaded Profiles: Cody (Available Profiles: Cody & Administrator)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
    () C:\Riot Games\LolScreenSaver\service\service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe
    () C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Users\Cody\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
    () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-08] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2015-12-19] ()
    HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
    HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1903344 2016-02-17] (NVIDIA Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
    HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-17] (Trend Micro Inc.)
    HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-17] (Trend Micro Inc.)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-07] (Logitech Inc.)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-09-24] (Cisco Systems, Inc.)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1917440 2016-07-15] ()
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29500544 2016-07-13] (Skype Technologies S.A.)
    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [Akamai NetSession Interface] => C:\Users\Cody\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Run: [NetDrive2] => "C:\PROGRA~1\NETDRI~1\NetDrive2.exe" -tray
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{bb993540-6cda-49de-9ab8-4fdb17444a7a}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    SearchScopes: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004 -> DefaultScope {3C2CE495-0E51-4445-B938-7EC00E7B56A5} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)
    BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)
    BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
    BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)
    BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)
    BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
    BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)
    Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
    Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
    Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
    Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
    Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)
    Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-17] (Trend Micro Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\wv5djrep.default-1473395599353
    FF Homepage: www.google.com.au
    FF NetworkProxy: "no_proxies_on", "https://localhost, localhost, 127.0.0.1"
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-05] ()
    FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-12] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-05] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-13] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-01-12] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-24] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-24] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3313481241-1894715402-4189534921-1004: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-06-11] ()
    FF Extension: (Firefox Hotfix) - C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\wv5djrep.default-1473395599353\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]
    FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
    FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-06-23]
    FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
    FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
    FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-10]
    FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
    FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-01-11]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com.au/"
    CHR Profile: C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-24]
    CHR Extension: (Google Docs) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-24]
    CHR Extension: (Google Drive) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
    CHR Extension: (Adguard AdBlocker) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-08-30]
    CHR Extension: (YouTube) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]
    CHR Extension: (Google Search) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
    CHR Extension: (Google Sheets) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
    CHR Extension: (Ghostery) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Trend Micro Toolbar) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-09-01]
    CHR Extension: (Gmail) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-24]
    CHR Extension: (Chrome Media Router) - C:\Users\Cody\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
    S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
    R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-06-27] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
    R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-07] (Logitech Inc.)
    R2 LolScreenSaverService; C:\Riot Games\LolScreenSaver\service\service.exe [707072 2016-03-31] () [File not signed]
    S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
    S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1310448 2016-08-30] (Overwolf LTD)
    R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-17] (Trend Micro Inc.)
    R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2443776 2016-07-14] (Trend Micro Inc.)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
    R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
    R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-15] (TeamViewer GmbH)
    S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
    S2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive2\nd2svc.exe [X]
    S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-21] (Qualcomm Atheros Communications, Inc.)
    R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
    S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-09-09] ()
    R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
    R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
    S3 OSFMount; C:\Program Files\OSFMount\OSFMount.sys [1299384 2014-02-07] (PassMark Software)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    S3 SNXPPAMD; C:\Windows\System32\drivers\snxppamd.sys [99424 2013-03-13] (SUNIX Co., Ltd.)
    S3 SNXPSAMD; C:\Windows\System32\drivers\snxpsamd.sys [97888 2013-03-13] (SUNIX Co., Ltd.)
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
    R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)
    R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)
    R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
    R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
    S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)
    R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)
    R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
    R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [101600 2016-07-21] (Trend Micro Inc.)
    R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [124752 2015-12-10] (Trend Micro Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-11] ()
    S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [52592 2015-09-24] (Cisco Systems, Inc.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    S3 mfeapfk; system32\drivers\mfeapfk.sys [X]
    U2 TMAgent; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  10. Azadai

    Azadai TS Rookie Topic Starter

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-12 11:13 - 2016-09-12 11:14 - 00032199 _____ C:\Users\Cody\Downloads\FRST.txt
    2016-09-11 17:40 - 2016-09-11 17:49 - 00000000 ____D C:\AdwCleaner
    2016-09-11 16:39 - 2016-09-11 18:07 - 01610560 _____ (Malwarebytes) C:\Users\Cody\Downloads\JRT.exe
    2016-09-11 16:39 - 2016-09-11 17:40 - 03826240 _____ C:\Users\Cody\Downloads\adwcleaner_6.010.exe
    2016-09-11 07:41 - 2016-09-11 07:41 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-09-11 07:39 - 2016-09-11 07:39 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-09-11 07:39 - 2016-09-11 07:39 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-09-11 07:39 - 2016-09-11 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-09-11 07:39 - 2016-09-11 07:39 - 00000000 ____D C:\Program Files\RogueKiller
    2016-09-11 07:32 - 2016-09-11 07:39 - 33106704 _____ (Adlice Software ) C:\Users\Cody\Downloads\setup.exe
    2016-09-10 20:04 - 2016-09-10 20:04 - 00000635 _____ C:\WINDOWS\system32\Drivers\etc\tmsshf.bin
    2016-09-10 20:02 - 2016-09-12 11:13 - 00000000 ____D C:\FRST
    2016-09-10 20:02 - 2016-09-10 20:02 - 02397696 _____ (Farbar) C:\Users\Cody\Downloads\FRST64.exe
    2016-09-10 19:50 - 2016-09-10 19:50 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Cody\Downloads\SpyHunter-Installer.exe
    2016-09-10 02:25 - 2016-09-10 02:25 - 00003434 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
    2016-09-10 02:24 - 2016-09-10 02:24 - 00002361 _____ C:\Users\Cody\Desktop\SpyHunter.lnk
    2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\sh4ldr
    2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
    2016-09-10 02:23 - 2016-09-10 02:24 - 00000000 ____D C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
    2016-09-10 02:21 - 2016-09-10 02:21 - 00000000 ____D C:\Users\Cody\Downloads\SpyHunter 4 + Crack
    2016-09-10 02:20 - 2016-09-10 02:21 - 15901755 _____ C:\Users\Cody\Downloads\SpyHunter 4 + Crack.zip
    2016-09-09 21:29 - 2016-09-11 21:43 - 00001136 _____ C:\Users\Cody\Desktop\nativelog.txt
    2016-09-09 16:30 - 2016-09-09 16:30 - 00001816 _____ C:\Users\Cody\Desktop\Google Chrome.lnk
    2016-09-09 15:15 - 2016-09-11 21:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-09-09 15:14 - 2016-09-09 16:25 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-09-09 15:14 - 2016-09-09 15:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-09-09 15:14 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-09-09 15:14 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-09-09 15:14 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-09-09 15:12 - 2016-09-09 15:14 - 22851472 _____ (Malwarebytes ) C:\Users\Cody\Downloads\mbam-setup-2.2.1.1043.exe
    2016-09-09 14:45 - 2016-09-09 14:45 - 00000000 _____ C:\autoexec.bat
    2016-09-09 14:44 - 2016-09-09 14:44 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
    2016-09-09 14:18 - 2016-09-09 14:18 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2016-09-09 14:17 - 2016-09-09 14:40 - 00171198 _____ C:\WINDOWS\ntbtlog.txt
    2016-09-07 17:29 - 2016-09-07 17:29 - 36269107 _____ C:\Users\Cody\Downloads\Introduction to Electric Circuits, 8th Edition by Richard C. Dorf & James A. Svoboda.pdf
    2016-09-07 17:16 - 2016-09-07 17:16 - 00000000 ____D C:\ProgramData\Webitar Production Inc
    2016-09-07 13:09 - 2016-09-07 13:09 - 09333759 _____ C:\Users\Cody\Downloads\Republic_Venator_Class Star_Destroyer_Divici.zip
    2016-09-06 19:13 - 2016-09-06 19:13 - 00000000 ____D C:\Users\Cody\Documents\Minecraft projects
    2016-09-06 13:21 - 2016-09-09 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-09-06 12:38 - 2016-09-06 12:38 - 00000000 ____D C:\Users\Cody\AppData\Local\Macromedia
    2016-09-04 22:57 - 2016-09-07 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2016-09-04 19:38 - 2016-09-09 16:25 - 00000982 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
    2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\Users\Cody\AppData\Local\TomTom
    2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
    2016-09-04 19:38 - 2016-09-04 19:38 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
    2016-09-04 19:37 - 2016-09-04 19:37 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
    2016-09-04 19:34 - 2016-09-04 19:35 - 37565768 _____ (TomTom International B.V.) C:\Users\Cody\Downloads\InstallMyDriveConnect.exe
    2016-09-03 21:25 - 2016-09-03 21:25 - 00013914 _____ C:\Users\Cody\AppData\Local\recently-used.xbel
    2016-09-03 20:55 - 2016-09-03 20:55 - 03927093 _____ C:\Users\Cody\Downloads\forge-1.8.9-11.15.1.1722-installer-win.exe
    2016-09-03 20:41 - 2016-09-03 20:42 - 03719516 _____ C:\Users\Cody\Downloads\forge-1.8-11.14.4.1563-installer-win.exe
    2016-09-03 20:32 - 2016-09-03 20:32 - 01971599 _____ C:\Users\Cody\Downloads\fml-1.8-8.0.127.1103-installer-win.exe
    2016-09-03 17:23 - 2016-09-03 17:23 - 02802417 _____ C:\Users\Cody\Downloads\RaceMenu Overlay Compilation - CBBE version-48705-1-1.rar
    2016-09-03 11:34 - 2016-09-03 11:34 - 00001624 _____ C:\Users\Cody\Downloads\Should You Lock the Door- (1).xml
    2016-09-03 11:33 - 2016-09-03 11:33 - 00001624 _____ C:\Users\Cody\Downloads\Should You Lock the Door-.xml
    2016-09-02 19:54 - 2016-09-02 19:54 - 02797828 _____ C:\Users\Cody\Downloads\ELEC2004 Study Guide.zip
    2016-09-02 19:54 - 2016-09-02 19:54 - 00000000 ____D C:\Users\Cody\Downloads\ELEC2004 Study Guide
    2016-08-27 21:22 - 2016-08-27 21:22 - 00000000 ____D C:\Users\Cody\Downloads\XRM_BACKGR
    2016-08-27 21:19 - 2016-08-27 21:20 - 00000000 ____D C:\Users\Cody\Downloads\XRM1.30
    2016-08-27 20:54 - 2016-08-27 20:55 - 27089068 _____ C:\Users\Cody\Downloads\XRM_BACKGR.zip
    2016-08-27 20:52 - 2016-08-27 21:09 - 485793193 _____ C:\Users\Cody\Downloads\XRM1.30_PART_1 (1).zip
    2016-08-27 20:52 - 2016-08-27 20:59 - 328027746 _____ C:\Users\Cody\Downloads\XRM1.29_PART_3.zip
    2016-08-27 20:52 - 2016-08-27 20:52 - 08927374 _____ C:\Users\Cody\Downloads\XRM1.30d_PART_2.zip
    2016-08-27 20:40 - 2016-08-27 20:40 - 00605859 _____ C:\Users\Cody\Downloads\X3-ImmersiveGUIHUD-1.3.rar
    2016-08-27 20:38 - 2016-08-27 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Egosoft
    2016-08-27 20:35 - 2016-08-27 20:38 - 03313352 _____ (Egosoft ) C:\Users\Cody\Downloads\X3AP_Bonus_Pack_5.1.0.0.exe
    2016-08-26 21:00 - 2016-08-26 21:03 - 57330773 _____ C:\Users\Cody\Downloads\Beastess 8.02.7z
    2016-08-24 01:14 - 2016-08-24 01:14 - 00006403 _____ C:\Users\Cody\Downloads\Cure.rar
    2016-08-23 23:52 - 2016-08-23 23:52 - 00000083 _____ C:\Users\Cody\.gtk-bookmarks
    2016-08-23 23:13 - 2016-09-03 21:25 - 00000000 ____D C:\Users\Cody\AppData\Local\gtk-2.0
    2016-08-23 23:11 - 2016-08-23 23:11 - 00000000 ____D C:\Users\Cody\.thumbnails
    2016-08-23 22:39 - 2016-09-03 21:25 - 00000000 ____D C:\Users\Cody\.gimp-2.8
    2016-08-23 22:39 - 2016-08-23 22:39 - 00000000 ____D C:\Users\Cody\AppData\Local\gegl-0.2
    2016-08-23 22:39 - 2016-08-23 22:39 - 00000000 ____D C:\Users\Cody\AppData\Local\fontconfig
    2016-08-23 22:37 - 2016-08-23 22:37 - 00000000 ____D C:\Users\Cody\Downloads\gimp-dds-win64-3.0.1
    2016-08-23 22:36 - 2016-08-23 22:36 - 00000000 ____D C:\Users\Cody\Downloads\use own skin
    2016-08-22 23:49 - 2016-08-22 23:50 - 31096007 _____ C:\Users\Cody\Downloads\SOS - Schlongs of Skyrim - 3.00.004.7z
    2016-08-22 23:33 - 2016-08-22 23:34 - 00367593 _____ C:\Users\Cody\Downloads\PapyrusUtil_v32.zip
    2016-08-22 16:25 - 2016-08-22 16:26 - 24688762 _____ C:\Users\Cody\Downloads\Mod Organizer v1_3_11 installer-1334-1-3-11.exe
    2016-08-22 15:17 - 2016-08-22 15:17 - 123899131 _____ C:\Users\Cody\Downloads\MoreNastyCritters9_3_fomod.7z
    2016-08-21 23:55 - 2016-08-21 23:56 - 00000000 ____D C:\Users\Cody\Downloads\TES5Edit 3.1.3-25859-3-1-3
    2016-08-21 23:55 - 2016-08-21 23:55 - 02900822 _____ C:\Users\Cody\Downloads\TES5Edit 3.1.3-25859-3-1-3.7z
    2016-08-21 23:21 - 2016-08-21 23:21 - 07603889 _____ C:\Users\Cody\Downloads\2.17 archives.7z
    2016-08-21 23:18 - 2016-08-21 23:18 - 00000000 ____D C:\Users\Cody\Downloads\ERF Bodyslide Presets
    2016-08-21 23:17 - 2016-08-21 23:17 - 00000000 ____D C:\Users\Cody\Downloads\PSQ Transform Package - Animated Wings 1.2
    2016-08-21 23:14 - 2016-08-21 23:14 - 00000000 ____D C:\Users\Cody\Downloads\PSQ Transform Package - Horse Penis Addon 1.2
    2016-08-21 23:01 - 2016-08-21 23:01 - 00002513 _____ C:\Users\Cody\Downloads\PSQ RND.7z
    2016-08-21 22:59 - 2016-08-21 22:59 - 00001142 _____ C:\Users\Cody\Downloads\Transform Dummy Files.7z
    2016-08-21 22:47 - 2016-08-21 22:50 - 77796693 _____ C:\Users\Cody\Downloads\PSQ Transform Package 1.2.zip
    2016-08-21 22:47 - 2016-08-21 22:47 - 02761717 _____ C:\Users\Cody\Downloads\PSQ Transform Package - Horse Penis Addon 1.2.zip
    2016-08-21 22:46 - 2016-08-21 22:46 - 00581085 _____ C:\Users\Cody\Downloads\PSQ Transform Package - Animated Wings 1.2.zip
    2016-08-21 22:46 - 2016-08-21 22:46 - 00000569 _____ C:\Users\Cody\Downloads\PSQ Copy OrgBody Files Script.zip
    2016-08-21 22:45 - 2016-08-21 22:45 - 00007394 _____ C:\Users\Cody\Downloads\ERF Bodyslide Presets.zip
    2016-08-21 16:15 - 2016-08-21 16:15 - 00070738 _____ C:\Users\Cody\Downloads\SlaveTats-1.2.1.7z
    2016-08-21 15:46 - 2016-09-09 16:26 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    2016-08-21 15:46 - 2016-08-21 15:46 - 00000000 ____D C:\Program Files\GIMP 2
    2016-08-21 15:45 - 2016-08-21 15:45 - 00197483 _____ C:\Users\Cody\Downloads\gimp-dds-win64-3.0.1.zip
    2016-08-21 15:44 - 2016-08-21 15:46 - 77404656 _____ (The GIMP Team ) C:\Users\Cody\Downloads\gimp-2.8.18-setup.exe
    2016-08-21 15:09 - 2016-08-21 15:09 - 01605460 _____ C:\Users\Cody\Downloads\use own skin.7z
    2016-08-21 14:20 - 2016-08-21 14:20 - 00000000 ____D C:\Users\Cody\Downloads\NifSkope_2_0_2016-04-11-1
    2016-08-21 13:48 - 2016-08-21 13:48 - 00000000 ____D C:\Users\Cody\Downloads\fixed_textures
    2016-08-21 00:46 - 2016-08-21 02:45 - 00000000 ____D C:\Users\Cody\Downloads\BSAopt-247-1-6-3
    2016-08-21 00:46 - 2016-08-21 00:46 - 00983170 _____ C:\Users\Cody\Downloads\BSAopt-247-1-6-3.7z
    2016-08-21 00:22 - 2016-08-21 00:22 - 00000000 ____D C:\Users\Cody\Downloads\Copy Orgbody MO
    2016-08-21 00:14 - 2016-08-21 00:14 - 01622397 _____ C:\Users\Cody\Downloads\PSQ3.2.6.7z
    2016-08-20 14:54 - 2016-09-09 16:26 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
    2016-08-20 14:54 - 2016-09-09 16:25 - 00001020 _____ C:\Users\Public\Desktop\LOOT.lnk
    2016-08-20 14:54 - 2016-08-28 18:45 - 00000000 ____D C:\Users\Cody\AppData\Local\LOOT
    2016-08-20 14:54 - 2016-08-20 14:54 - 00000000 ____D C:\Program Files (x86)\LOOT
    2016-08-20 14:51 - 2016-08-20 14:53 - 25492241 _____ (LOOT Team ) C:\Users\Cody\Downloads\LOOT.Installer.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-12 11:14 - 2016-01-10 15:43 - 00000010 _____ C:\Users\Cody\AppData\Local\sponge.last.runtime.cache
    2016-09-12 11:11 - 2015-12-24 11:36 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-12 11:10 - 2016-07-26 15:44 - 00000000 ____D C:\Users\Cody\AppData\Local\DP_Tower_3.7
    2016-09-12 11:10 - 2016-05-18 22:43 - 00000568 _____ C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job
    2016-09-12 11:10 - 2016-03-20 14:18 - 00000568 _____ C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job
    2016-09-12 11:10 - 2015-12-24 14:34 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-09-12 11:10 - 2015-12-24 11:28 - 00000000 __SHD C:\Users\Cody\IntelGraphicsProfiles
    2016-09-12 10:57 - 2015-12-24 11:36 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-12 10:49 - 2016-08-05 21:49 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-09-12 10:38 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-09-11 23:26 - 2015-12-30 22:04 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Skype
    2016-09-11 23:25 - 2015-12-26 20:25 - 00000000 ____D C:\Users\Cody\AppData\Local\Battle.net
    2016-09-11 22:18 - 2016-01-19 19:15 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
    2016-09-11 22:16 - 2015-12-26 20:24 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2016-09-11 21:39 - 2016-06-12 12:53 - 00000000 ____D C:\Users\Cody\AppData\Roaming\.minecraft
    2016-09-11 18:00 - 2015-10-30 16:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-09-11 17:57 - 2015-12-23 18:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-09-11 17:57 - 2015-12-23 18:11 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-09-11 17:57 - 2015-10-30 16:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
    2016-09-11 17:39 - 2015-12-05 17:43 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-09-11 08:32 - 2013-08-23 01:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2016-09-10 19:52 - 2015-12-23 18:14 - 00000000 ____D C:\Users\Cody
    2016-09-10 12:18 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-09-09 20:58 - 2016-06-12 14:54 - 00000000 ____D C:\Users\Cody\AppData\Local\LogMeIn Hamachi
    2016-09-09 16:29 - 2015-12-23 18:21 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-09-09 16:29 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
    2016-09-09 16:26 - 2016-07-24 16:53 - 00001282 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
    2016-09-09 16:26 - 2016-06-22 16:07 - 00002097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
    2016-09-09 16:26 - 2016-06-22 16:07 - 00001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
    2016-09-09 16:26 - 2016-05-18 22:43 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015b.lnk
    2016-09-09 16:26 - 2016-04-30 18:46 - 00001873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
    2016-09-09 16:26 - 2016-04-30 18:46 - 00001611 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
    2016-09-09 16:26 - 2016-04-06 23:42 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-09-09 16:26 - 2016-03-20 14:19 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015a.lnk
    2016-09-09 16:26 - 2016-03-10 20:45 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
    2016-09-09 16:26 - 2016-02-08 23:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-09-09 16:26 - 2016-01-10 21:53 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
    2016-09-09 16:26 - 2015-12-26 15:57 - 00001284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    2016-09-09 16:26 - 2015-12-24 15:16 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2016-09-09 16:26 - 2015-12-24 11:37 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-09-09 16:26 - 2015-12-24 11:33 - 00001029 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
    2016-09-09 16:26 - 2015-12-23 19:44 - 00002407 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-09-09 16:26 - 2015-12-23 18:16 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-09-09 16:26 - 2013-10-22 13:10 - 00001392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    2016-09-09 16:26 - 2013-10-22 13:10 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2016-09-09 16:25 - 2016-07-24 16:54 - 00001150 _____ C:\Users\Public\Desktop\Overwolf.lnk
    2016-09-09 16:25 - 2016-06-22 16:07 - 00001327 _____ C:\Users\Public\Desktop\NCH Suite.lnk
    2016-09-09 16:25 - 2016-06-22 16:07 - 00001195 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk
    2016-09-09 16:25 - 2016-06-12 12:52 - 00001026 _____ C:\Users\Public\Desktop\Minecraft.lnk
    2016-09-09 16:25 - 2016-05-29 02:00 - 00000697 _____ C:\Users\Public\Desktop\DCP_Setup_Maker.lnk
    2016-09-09 16:25 - 2016-05-18 22:43 - 00001360 _____ C:\Users\Public\Desktop\MATLAB R2015b.lnk
    2016-09-09 16:25 - 2016-04-06 23:42 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-09-09 16:25 - 2016-03-20 14:19 - 00001360 _____ C:\Users\Public\Desktop\MATLAB R2015a.lnk
    2016-09-09 16:25 - 2016-03-10 20:45 - 00001048 _____ C:\Users\Public\Desktop\WinSCP.lnk
    2016-09-09 16:25 - 2016-03-02 17:09 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
    2016-09-09 16:25 - 2016-02-27 20:54 - 00000971 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2016-09-09 16:25 - 2016-02-08 23:01 - 00002120 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2016-09-09 16:25 - 2016-01-29 18:13 - 00001579 _____ C:\Users\Public\Desktop\League of Legends.lnk
    2016-09-09 16:25 - 2016-01-19 19:32 - 00001258 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
    2016-09-09 16:25 - 2016-01-15 15:25 - 00001160 _____ C:\Users\Public\Desktop\StarCraft II.lnk
    2016-09-09 16:25 - 2016-01-10 21:53 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
    2016-09-09 16:25 - 2015-12-30 22:04 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-09-09 16:25 - 2015-12-29 13:37 - 00001088 _____ C:\Users\Public\Desktop\Notepad++.lnk
    2016-09-09 16:25 - 2015-12-26 21:04 - 00001207 _____ C:\Users\Public\Desktop\Diablo III.lnk
    2016-09-09 16:25 - 2015-12-26 20:25 - 00001213 _____ C:\Users\Public\Desktop\Battle.net.lnk
    2016-09-09 16:25 - 2015-12-26 15:57 - 00001266 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    2016-09-09 16:25 - 2015-12-24 15:16 - 00001818 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-09-09 16:25 - 2015-12-24 14:34 - 00002038 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
    2016-09-09 16:25 - 2015-12-24 14:27 - 00001088 _____ C:\Users\Public\Desktop\iExplorer.lnk
    2016-09-09 16:25 - 2015-12-23 16:41 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2016-09-09 16:24 - 2016-08-08 18:08 - 00002277 _____ C:\Users\Cody\Desktop\Discord.lnk
    2016-09-09 16:24 - 2016-07-26 14:12 - 00001192 _____ C:\Users\Cody\Desktop\Syncios.lnk
    2016-09-09 16:24 - 2016-07-24 16:53 - 00001326 _____ C:\Users\Cody\Desktop\TeamSpeak 3 Client.lnk
    2016-09-09 16:24 - 2016-05-29 02:04 - 00002033 _____ C:\Users\Cody\Desktop\install4j.lnk
    2016-09-09 16:24 - 2016-04-06 13:01 - 00001204 _____ C:\Users\Cody\Desktop\SourceTree.lnk
    2016-09-09 16:24 - 2016-04-06 12:20 - 00002291 _____ C:\Users\Cody\Desktop\Git Shell.lnk
    2016-09-09 16:24 - 2016-04-02 14:29 - 00000776 _____ C:\Users\Cody\Desktop\Eclipse.lnk
    2016-09-09 16:24 - 2016-03-08 18:55 - 00001274 _____ C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice IV.lnk
    2016-09-09 16:24 - 2016-03-08 18:55 - 00001250 _____ C:\Users\Cody\Desktop\LTspice IV.lnk
    2016-09-09 16:24 - 2016-02-09 20:13 - 00002639 _____ C:\Users\Cody\Desktop\Windows 7 USB DVD Download Tool.lnk
    2016-09-09 16:24 - 2016-02-08 23:15 - 00002282 _____ C:\Users\Cody\Desktop\Dungeons & Dragons Online.lnk
    2016-09-09 16:24 - 2016-02-01 18:13 - 00001224 _____ C:\Users\Cody\Desktop\NavDesk 7.50.lnk
    2016-09-09 16:24 - 2016-01-10 21:53 - 00001040 _____ C:\Users\Cody\Desktop\OSFMount.lnk
    2016-09-09 16:24 - 2016-01-10 14:40 - 00001387 _____ C:\Users\Cody\Desktop\Trend Micro Maximum Security.lnk
    2016-09-09 16:23 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\Cursors
    2016-09-09 14:11 - 2015-12-26 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-09-07 20:08 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-09-07 18:00 - 2015-12-05 16:50 - 00000000 ____D C:\Users\Cody\Documents\Uni
    2016-09-07 16:08 - 2015-12-03 16:38 - 00000000 ____D C:\Users\Cody\AppData\Local\Packages
    2016-09-06 19:16 - 2016-01-11 21:01 - 00000196 _____ C:\Users\Cody\Desktop\New Text Document.txt
    2016-09-04 15:23 - 2015-12-23 17:20 - 00000000 ____D C:\Users\Cody\AppData\Local\CrashDumps
    2016-09-03 23:26 - 2016-01-15 14:52 - 00000000 ____D C:\Program Files (x86)\StarCraft II
    2016-09-03 20:33 - 2016-04-02 14:05 - 00000000 ____D C:\Users\Cody\.oracle_jre_usage
    2016-09-02 17:04 - 2016-04-08 22:28 - 00000000 ____D C:\Users\Cody\AppData\Roaming\SpaceEngineers
    2016-09-01 18:40 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-09-01 18:40 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-09-01 10:54 - 2016-07-24 16:54 - 00000000 ____D C:\Program Files (x86)\Overwolf
    2016-08-31 13:32 - 2016-01-10 21:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2016-08-29 23:31 - 2015-12-26 20:30 - 00000000 ____D C:\Program Files (x86)\Diablo III
    2016-08-29 20:12 - 2016-08-08 18:08 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
    2016-08-29 20:12 - 2016-08-08 18:08 - 00000000 ____D C:\Users\Cody\AppData\Roaming\discord
    2016-08-29 20:11 - 2016-08-08 18:07 - 00000000 ____D C:\Users\Cody\AppData\Local\Discord
    2016-08-22 23:54 - 2016-02-27 20:54 - 00000000 ____D C:\Users\Cody\Documents\Nexus Mod Manager
    2016-08-21 23:56 - 2016-02-27 14:35 - 00000000 ____D C:\Users\Cody\AppData\Local\Skyrim
    2016-08-17 11:16 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-08-17 11:15 - 2016-01-12 14:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-08-16 22:07 - 2016-07-24 16:53 - 00000000 ____D C:\Users\Cody\AppData\Roaming\TS3Client
    2016-08-16 13:45 - 2015-12-30 22:04 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-08-16 13:45 - 2015-12-30 22:04 - 00000000 ____D C:\ProgramData\Skype

    ==================== Files in the root of some directories =======

    2016-03-08 20:07 - 2016-05-30 17:17 - 0004622 _____ () C:\Users\Cody\AppData\Roaming\LTspiceIV.ini
    2016-03-11 01:06 - 2016-05-27 19:03 - 0000600 _____ () C:\Users\Cody\AppData\Roaming\winscp.rnd
    2016-01-10 14:35 - 2016-01-10 14:35 - 0000036 _____ () C:\Users\Cody\AppData\Local\housecall.guid.cache
    2016-03-31 17:25 - 2016-05-01 14:45 - 0000600 _____ () C:\Users\Cody\AppData\Local\PUTTY.RND
    2016-09-03 21:25 - 2016-09-03 21:25 - 0013914 _____ () C:\Users\Cody\AppData\Local\recently-used.xbel
    2016-01-10 15:43 - 2016-09-12 11:14 - 0000010 _____ () C:\Users\Cody\AppData\Local\sponge.last.runtime.cache
    2015-12-23 18:11 - 2015-12-23 18:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2013-10-22 13:07 - 2013-10-22 13:08 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2013-10-22 13:04 - 2013-10-22 13:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2013-10-22 13:05 - 2013-10-22 13:05 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2013-10-22 13:06 - 2013-10-22 13:07 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2013-10-22 13:04 - 2013-10-22 13:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Files to move or delete:
    ====================
    C:\Users\Cody\Q2BlockDiagram2.exe
    C:\Users\Cody\Q3Simulation.exe


    Some files in TEMP:
    ====================
    C:\Users\Cody\AppData\Local\Temp\0172691451345113mcinst.exe
    C:\Users\Cody\AppData\Local\Temp\59f3-ed9e-90bb-abe8.exe
    C:\Users\Cody\AppData\Local\Temp\COMAP.EXE
    C:\Users\Cody\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Cody\AppData\Local\Temp\Execute2App.exe
    C:\Users\Cody\AppData\Local\Temp\jansi-64-1810959505688073440.dll
    C:\Users\Cody\AppData\Local\Temp\jansi-64-3745218813016737628.dll
    C:\Users\Cody\AppData\Local\Temp\jansi-64-7499072956835013738.dll
    C:\Users\Cody\AppData\Local\Temp\jansi-64-7510082244880606345.dll
    C:\Users\Cody\AppData\Local\Temp\jansi-64-8795685801070610727.dll
    C:\Users\Cody\AppData\Local\Temp\jre-8u101-windows-au.exe
    C:\Users\Cody\AppData\Local\Temp\jre-8u91-windows-au.exe
    C:\Users\Cody\AppData\Local\Temp\libeay32.dll
    C:\Users\Cody\AppData\Local\Temp\McCSPInstall.dll
    C:\Users\Cody\AppData\Local\Temp\mccspuninstall.exe
    C:\Users\Cody\AppData\Local\Temp\msvcp90.dll
    C:\Users\Cody\AppData\Local\Temp\msvcr120.dll
    C:\Users\Cody\AppData\Local\Temp\msvcr90.dll
    C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
    C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
    C:\Users\Cody\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Cody\AppData\Local\Temp\nvSCPAPI64.dll
    C:\Users\Cody\AppData\Local\Temp\nvStInst.exe
    C:\Users\Cody\AppData\Local\Temp\sqlite3.dll
    C:\Users\Cody\AppData\Local\Temp\SynciosDeviceService.exe
    C:\Users\Cody\AppData\Local\Temp\TmDbgLog.dll
    C:\Users\Cody\AppData\Local\Temp\xmlUpdater.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-09-07 11:23

    ==================== End of FRST.txt ============================
     
  11. Azadai

    Azadai TS Rookie Topic Starter

    Addition.txt:
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
    Ran by Cody (12-09-2016 11:15:02)
    Running from C:\Users\Cody\Downloads
    Windows 10 Home Version 1511 (X64) (2015-12-23 09:39:46)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3313481241-1894715402-4189534921-500 - Administrator - Enabled) => C:\Users\Administrator
    Cody (S-1-5-21-3313481241-1894715402-4189534921-1004 - Administrator - Enabled) => C:\Users\Cody
    DefaultAccount (S-1-5-21-3313481241-1894715402-4189534921-503 - Limited - Disabled)
    Guest (S-1-5-21-3313481241-1894715402-4189534921-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3313481241-1894715402-4189534921-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Trend Micro Maximum Security (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Trend Micro Maximum Security (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Akamai NetSession Interface (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Akamai) (Version: - Akamai Technologies, Inc)
    Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.06020 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.06020 - Cisco Systems, Inc.) Hidden
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
    Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Discord (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
    DOOM 3 (HKLM\...\Steam App 9050) (Version: - id Software)
    DOOM 3: Resurrection of Evil (HKLM\...\Steam App 9070) (Version: - id Software)
    DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
    Dungeons & Dragons Online v2600.0045.4801.4249 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 2600.0045.4801.4249 - Atari, Inc.)
    Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
    GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
    GitHub (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\5f7eb300e2ea4ebf) (Version: 3.0.17.0 - GitHub, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    iExplorer 3.2.5.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
    install4j 6.1.1 (HKLM\...\6187-37938-2029-3898) (Version: 6.1.1 - ej-technologies GmbH)
    Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    IzPack 5.0.8 (HKLM\...\IzPack 5.0.8) (Version: - )
    Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    League Screensaver (HKLM-x32\...\LolScreenSaver) (Version: W0.1.19-0.11.13-beta - Riot Games)
    Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden
    LOOT version 0.9.2 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.2 - LOOT Team)
    LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MATLAB R2015a (HKLM\...\Matlab R2015a) (Version: 8.5 - MathWorks)
    MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Might & Magic: Heroes VI (HKLM\...\Steam App 48220) (Version: - Blackhole)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
    Mozilla Thunderbird 45.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.1.0 (x86 en-US)) (Version: 45.1.0 - Mozilla)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
    NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.15 - Black Tree Gaming)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.00 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
    NVIDIA Graphics Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA Miracast Virtual Audio 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.43 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software)
    Overwolf (HKLM-x32\...\Overwolf) (Version: 0.97.209.0 - Overwolf Ltd.)
    Python 3.5.1 (32-bit) (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
    Python 3.5.1 Add to Path (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Core Interpreter (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Core Interpreter (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Core Interpreter (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Development Libraries (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Development Libraries (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Documentation (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Executables (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Executables (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Executables (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
    Python 3.5.1 pip Bootstrap (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Standard Library (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Standard Library (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Standard Library (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Tcl/Tk Support (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Tcl/Tk Support (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Tcl/Tk Support (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Test Suite (32-bit debug) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Test Suite (32-bit symbols) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Test Suite (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Python 3.5.1 Utility Scripts (32-bit) (x32 Version: 3.5.1150.0 - Python Software Foundation) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
    RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
    Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
    Sanctum (HKLM\...\Steam App 91600) (Version: - Coffee Stain Studios)
    Sanctum 2 (HKLM\...\Steam App 210770) (Version: - Coffee Stain Studios)
    SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
    Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
    Skyrim Creation Kit (HKLM\...\Steam App 202480) (Version: - bgs.bethsoft.com)
    Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version: - The SKSE Team)
    SourceTree (HKLM-x32\...\SourceTree 1.8.3) (Version: 1.8.3 - Atlassian)
    SourceTree (x32 Version: 1.8.3 - Atlassian) Hidden
    Space Engineers (HKLM\...\Steam App 244850) (Version: - Keen Software House)
    StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
    SUPER © v2015.build.66+Recorder (2015/10/30) version v2015.buil (HKLM-x32\...\{8E2A29F2-96BF-8259-4CA7-4C16C91728A3}_is1) (Version: v2015.build.66+Recorder - eRightSoft)
    SUPER © v2016.Build.69+3D+Recorder (2016/04/02) version v2016.B (HKLM-x32\...\{CB93965C-C24C-437D-839B-285188F22F11}_is1) (Version: v2016.Build.69+3D+Recorder - eRightSoft)
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.02 - NCH Software)
    Syncios 5.0.6 (HKLM-x32\...\Syncios) (Version: 5.0.6 - Anvsoft)
    TeamSpeak 3 Client (HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
    The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    TomTom MyDrive Connect 4.1.1.2797 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.1.2797 - TomTom)
    Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
    Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.7.0.1075 - Trend Micro Inc.)
    Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
    Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
    WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
    Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
    X3 Albio Prelude Bonus Pack 5.1.0.0 (HKLM-x32\...\X3AP Bonus Pack_is1) (Version: 5.1.0.0 - Egosoft)
    X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version: - Egosoft)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Cody\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {0CA8690D-AB37-4F2A-B16E-8C0B14C35751} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
    Task: {0E45AFB6-E450-403B-BD83-DA4043A10184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
    Task: {34726F01-7385-4433-BB2F-2804E3F9F7A2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
    Task: {5878757E-0C48-4924-B243-B3DBAB029162} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {637C4646-000D-4A11-8518-F7B5B05A176E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: {644B9F54-3DCC-44F9-B8A5-140BC69E972B} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-08-30] (Overwolf LTD)
    Task: {6A041227-2399-4548-91CC-C9010A5B9FBB} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-10] (Dell, Inc.)
    Task: {7894DFAA-F794-402C-B9CF-CC055DDF878A} - System32\Tasks\MATLAB R2015a Startup Accelerator => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe [2014-12-29] ()
    Task: {7FC4820F-C243-41E4-B28B-B9A3B40F127F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-29] (Microsoft Corporation)
    Task: {825A6E9B-B251-45F6-A43E-E94A478DEDF2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
    Task: {887B87CD-41FD-4B97-89F7-A9149F7BF159} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-06-29] (Microsoft Corporation)
    Task: {A977D273-0777-462E-B2E4-1E4299246434} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()
    Task: {ABC6C0C1-AE6F-45CC-9008-D495FF304FB0} - \SystemToolsDailyTest -> No File <==== ATTENTION
    Task: {AE1A82E7-31E3-498D-80BE-AE7868BF04AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-05] (Adobe Systems Incorporated)
    Task: {B7402253-40F4-4D72-80A6-F3D6E2B05E7E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
    Task: {C250ADC3-70D8-4AE1-A387-C6A38AD76193} - \WPD\SqmUpload_S-1-5-21-3313481241-1894715402-4189534921-1001 -> No File <==== ATTENTION
    Task: {C352EE92-713C-4F06-81A4-277A3E84FBDA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
    Task: {C38429A3-91EE-40C4-BC95-BB5B09440BD4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
    Task: {CD8CD085-35ED-4D4C-84FC-D33D00BB5993} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-24] (Google Inc.)
    Task: {DC2DF0E1-D6ED-4155-A9A2-95F77B3013BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
    Task: {DE1ADDA9-92A9-455E-B423-2F8AE5138F3A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
    Task: {EDD27B22-CD7B-4ADC-9EE0-BEFB231D6388} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-05] (Microsoft Corporation)
    Task: {FC805CF4-6310-4A26-BAC3-29F6D23EEF2C} - \PCDEventLauncherTask -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe
    Task: C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Cody\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html

    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 17:17 - 2015-10-30 17:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
    2016-01-10 14:37 - 2015-03-31 21:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll
    2016-01-10 14:37 - 2015-03-31 21:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll
    2016-01-10 14:37 - 2015-03-31 21:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
    2016-01-10 14:37 - 2015-03-31 21:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll
    2016-01-10 14:37 - 2015-03-31 21:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll
    2016-01-10 14:37 - 2015-03-31 21:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
    2015-12-29 09:23 - 2015-07-17 04:31 - 00168544 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
    2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-03-31 04:25 - 2016-03-31 04:25 - 00707072 _____ () C:\Riot Games\LolScreenSaver\service\service.exe
    2016-01-12 14:01 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2016-01-10 14:37 - 2014-08-01 20:17 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll
    2016-01-10 14:39 - 2015-07-17 04:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
    2016-01-10 14:39 - 2015-07-17 04:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
    2016-01-10 14:39 - 2015-07-17 04:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
    2016-01-10 14:39 - 2015-07-17 04:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
    2016-03-02 16:12 - 2016-02-17 16:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2015-12-23 16:38 - 2016-02-17 16:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2016-03-02 16:12 - 2016-02-17 16:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-05-18 22:35 - 2015-07-30 18:57 - 00045056 _____ () C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe
    2016-03-20 14:01 - 2014-12-29 19:25 - 00045056 _____ () C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe
    2016-07-17 20:06 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-07-17 20:06 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-07-27 12:03 - 2016-05-25 02:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2015-12-24 11:54 - 2015-12-07 14:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-07-17 20:07 - 2016-07-01 13:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-10 14:37 - 2016-07-14 12:49 - 40970752 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
    2016-07-17 20:06 - 2016-07-01 13:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-07-17 20:06 - 2016-07-01 13:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-07-17 20:06 - 2016-07-01 13:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-07-17 20:06 - 2016-07-01 13:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-12-29 09:23 - 2015-07-17 04:31 - 00065520 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
    2015-03-07 10:07 - 2015-03-07 10:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2016-01-07 05:43 - 2016-01-07 05:43 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2015-03-07 10:07 - 2015-03-07 10:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2016-01-07 05:43 - 2016-01-07 05:43 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2015-09-24 03:53 - 2015-09-24 03:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2013-10-22 12:59 - 2013-08-09 22:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-12-23 16:38 - 2016-02-17 17:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2013-10-22 13:04 - 2013-03-05 13:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-03-06 04:41 - 2013-03-06 04:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\cpp.edu -> hxxp://www.cpp.edu
    IE trusted site: HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\trendmicro.com -> hxxps://pwm.trendmicro.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 23:25 - 2016-09-10 02:28 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Cody\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\abstract_blue_2-wide.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: Hamachi2Svc => 2
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
    HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
    HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
    HKLM\...\StartupApproved\Run32: => "Syncios device service"
    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3313481241-1894715402-4189534921-1004\...\StartupApproved\Run: => "Akamai NetSession Interface"
     
  12. Azadai

    Azadai TS Rookie Topic Starter

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{A9947E99-A1EF-4F26-9EFD-F87C0E964F2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{5F6A678E-CD6B-4ACB-8A49-8A3004ADCF4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{77D0F2C6-8EE2-4A17-A337-F00437EFBCB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{FE6B164A-F5F1-4717-B713-5122C6ABE70D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{8D95307E-19DF-426C-A372-26F207A8B9EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{9A0EEA54-D77D-4B3B-A7B4-2E2109525A89}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{16EB0374-956D-4FD6-BBEB-47D49A8BFB97}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{B3CB7CA5-FAA4-4FFA-BC91-A4458C4FFE40}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{77CCC0A3-32AB-47A7-A442-5E53A1787835}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{3BA82FA7-D5A2-4D8B-817F-B4BA913B606B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{222B695A-17A5-4214-BE9F-F43F633612D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{522E4307-3DE4-41C9-9966-FA01135C355A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1DE53467-7E0B-4E74-B286-655016B8BCF6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{D54F8AE3-B2A4-41C9-8D0D-D0830189FF72}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{0D6F5875-0034-4A8F-8D2B-229A8479C259}] => (Allow) LPort=1900
    FirewallRules: [{96622F71-4E28-424D-BA43-1ACD58541503}] => (Allow) LPort=2869
    FirewallRules: [{6596E0CE-57DD-4A46-85B4-22AB5DB05FF1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{A7FE2FA4-99FE-4E18-AE16-1507697E67EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{267DC37D-7AEB-44D3-94F3-E0F9DF5B22B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{110684A9-9987-4037-93F7-E0A3FA8BF4BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{44D837CB-B2D4-4C5A-984F-7BAA4D289853}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E47DB184-D86A-470B-AA1B-391C13A22608}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1A70B8E7-2CC1-4860-871B-E0B74364EFD5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1282EEC9-4F47-4BE1-BBAB-583DAA5722D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{A9B9004B-58BD-450F-AD14-4864CB8C30D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3AP.exe
    FirewallRules: [{15DDEDAF-C063-43F1-8D0B-8D5C98B56AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3AP.exe
    FirewallRules: [{B69E0C68-6702-4BEC-873C-BAF33839CB15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [{26ADF8C7-8444-454C-961A-B05D948E611E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [TCP Query User{E04E57A0-38B2-4E02-A58B-99B9E78505D0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
    FirewallRules: [UDP Query User{DD567391-4D5C-4152-AAC4-768994DCCB2D}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
    FirewallRules: [{D9D52B2F-5D7B-47B9-ACE4-A4D3EC639640}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
    FirewallRules: [{64FD604F-DA42-4C03-888A-E20111DA7EFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
    FirewallRules: [TCP Query User{F159914B-EE3F-46C1-85EC-23A6A92315E0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{1FCE66A2-05F1-4603-88DD-0CA56C838DC4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{EF3C0257-D45F-41D2-9689-88C2671B3A66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{6F060CE0-6382-4FDA-BC82-D00748DC22A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{049FBF91-B1F3-4712-A895-B77885AA831B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
    FirewallRules: [{9A45A3B5-3192-4E65-9053-2BF67F78ACEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
    FirewallRules: [{EEBDCBC5-2F04-43FD-9314-7E006C16F8D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{0E4B7A13-938C-4563-B937-30BCB4F2CB04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{01C5562B-48D0-45D8-823F-EDC54B9B75DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{1E1A07F8-4F25-44D1-983F-9363D43AAA6F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{BAA820F2-EA1C-43B1-A196-2E3CC85D986A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{91455FA5-6370-4553-9F46-E123093C78A2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{683C45A1-FA8B-47E3-A412-79A22205FE7F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{F6557CC3-1AD8-42B5-8932-F80FC2A093B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{05E99840-67E7-4C7E-B478-58BBAA3A8BC5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{27F26161-42BF-450C-9742-E05AD2C67374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
    FirewallRules: [{652E8502-7341-4B7D-BF9F-2968E6008408}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
    FirewallRules: [TCP Query User{0EB72472-483D-4BF4-A9DA-614BA23FD791}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
    FirewallRules: [UDP Query User{A9CD5D1A-095A-4058-94E7-8E3E4F6C329D}C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base39576\sc2_x64.exe
    FirewallRules: [TCP Query User{1B309030-7374-4F84-B158-0B5F330FECDC}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{40526C0A-1D12-488C-8197-E8044DA1D524}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{F3A0747E-C61C-43C1-8774-7221968CEEED}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
    FirewallRules: [UDP Query User{298B4449-614B-4A09-98E7-779AA65197F7}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
    FirewallRules: [TCP Query User{37756491-7EF2-4D52-8A70-6F66A7428085}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{1F223779-4408-4BA3-9343-D434A420DDF7}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [{5997C51A-BA5F-43B5-AD89-77C8EF2B1209}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
    FirewallRules: [{02F7E7EE-4843-47F5-97B9-4249BE392C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\portal 2\portal2.exe
    FirewallRules: [{B97946BE-C0AA-434E-BE89-25E6521B9DB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{50A3E8EB-14BC-4FD0-9C17-D05238DE06B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [TCP Query User{0E515C08-91E0-4280-B6A8-8874B3A58F63}C:\users\cody\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cody\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{4CD8EF3D-3FBF-42D4-8C60-2FDDEA31CF9A}C:\users\cody\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cody\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{90D51B5B-3D65-45B3-9911-59DB55424F13}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{6C85ED2D-87CD-46C4-A31A-20861F186374}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{14BCB45D-238D-4234-9F2B-89E34100B26B}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
    FirewallRules: [UDP Query User{5BE86246-0BE2-4B7A-8F2D-D578E1A68B6C}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
    FirewallRules: [{25B46F39-9EB6-496A-8741-355E0EC1F7E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{6F77B0FF-F3DD-499C-A807-A2871BCDB4ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{B3DB7049-1EDB-487B-B564-C78AF86F8C9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
    FirewallRules: [{636FCC9A-EE44-4B74-9484-668301E4E67B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
    FirewallRules: [{BDC69297-0BA9-4957-B054-37256D9F77BA}] => (Allow) C:\Program Files\NetDrive2\nd2svc.exe
    FirewallRules: [{D49EE5B7-C9C2-4751-9C89-2A2C1978F77E}] => (Allow) C:\Program Files\NetDrive2\NetDrive2.exe
    FirewallRules: [{26E9CCCC-2D6E-44C4-8860-86B682A0AD40}] => (Allow) C:\Program Files\NetDrive2\nd2cmd.exe
    FirewallRules: [{9D7FCC3C-5AE9-4D7C-BB75-DB30B001A815}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe
    FirewallRules: [{A5CC5BE0-3956-4415-8398-E05BF8C29FD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dawn of war ii - retribution\DOW2.exe
    FirewallRules: [TCP Query User{E31FA226-D80B-4D04-B8B0-1E9E4D0BAAF0}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
    FirewallRules: [UDP Query User{52D21E49-B16B-4F5F-9ECA-7DD89AF01E4C}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
    FirewallRules: [TCP Query User{F3241641-FE00-4172-8348-D99CD877B440}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{3CDB9F64-E845-452B-954D-A96CC3B99852}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{06B447F7-A6ED-4046-B455-0ABCB0E2453E}C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe
    FirewallRules: [UDP Query User{1A9D08F6-9171-4FC6-9E46-8FC3D7CED94F}C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base41743\sc2_x64.exe
    FirewallRules: [TCP Query User{D355F44D-2F9D-40ED-8F7E-510FCE05EB0C}C:\program files (x86)\python35-32\pythonw.exe] => (Allow) C:\program files (x86)\python35-32\pythonw.exe
    FirewallRules: [UDP Query User{663B42A7-69C1-4CB0-8BEF-EB255C0FF584}C:\program files (x86)\python35-32\pythonw.exe] => (Allow) C:\program files (x86)\python35-32\pythonw.exe
    FirewallRules: [{3AEFF351-671F-4966-9CD1-60C90E02C827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
    FirewallRules: [{8A3EE691-42AC-44CA-A7E9-4CF04764DB3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
    FirewallRules: [{F932FB5B-423E-42BC-BAD5-193DF01754B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{59FC7ED3-70AB-4955-B9BE-D3EDAA03AA59}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C3FC3765-44FD-4569-8930-7DCCF6094F6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
    FirewallRules: [{ECF64800-B24F-4D75-B9A6-B30815041DC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
    FirewallRules: [TCP Query User{9E600AD2-5C71-4CDC-821D-AACEA7C116B6}C:\users\cody\documents\eclipse\eclipse.exe] => (Allow) C:\users\cody\documents\eclipse\eclipse.exe
    FirewallRules: [UDP Query User{E1CD5BEC-C61B-4F65-B800-1E8DE38ADF14}C:\users\cody\documents\eclipse\eclipse.exe] => (Allow) C:\users\cody\documents\eclipse\eclipse.exe
    FirewallRules: [TCP Query User{ECC3D302-D645-4ADD-BB5C-732B8C35D7B1}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{E8785A6C-A4EA-4C69-ADFD-3EB2689FA9A7}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{39542793-7AF3-431D-8E4F-84AC1A96AC59}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe
    FirewallRules: [UDP Query User{4C05D73F-E651-494D-838C-7F5E09817FDB}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe
    FirewallRules: [TCP Query User{1876CD3D-F313-419F-B997-EC97FC9FDB9A}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{5E5B6466-7069-477D-8670-6337164CC952}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe
    FirewallRules: [{8647EDB1-9A7F-44AA-A455-1422BAB3C1DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
    FirewallRules: [{A6C738F4-6201-40F3-9E9E-606DB2FD5CA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum2\Binaries\Win32\SanctumGame-Win32-Shipping.exe
    FirewallRules: [TCP Query User{F20E730F-B223-44AD-970E-AB7537691464}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{A9EA59A8-B30E-416A-AEFF-D076167E9DBA}C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42506\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{5EB66BFA-829B-491B-8118-57FB33A0A313}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
    FirewallRules: [UDP Query User{42EDBBA7-8BA4-41FE-BA0D-483016B40367}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
    FirewallRules: [{0718C3C3-CA75-4D49-81B6-31F402D1FF73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
    FirewallRules: [{5B656C7D-2C0B-42EB-BE1D-AED9B70BC619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doom 3\Doom3.exe
    FirewallRules: [TCP Query User{2C285D7B-34A0-4F90-8D3E-9E8602A435DD}C:\program files\install4j6\bin\install4j.exe] => (Allow) C:\program files\install4j6\bin\install4j.exe
    FirewallRules: [UDP Query User{7A6A7CB9-D690-44BF-92C7-DDA7DE97F3CA}C:\program files\install4j6\bin\install4j.exe] => (Allow) C:\program files\install4j6\bin\install4j.exe
    FirewallRules: [{5B8C371A-9AAA-44BD-8613-1F8727044004}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe
    FirewallRules: [{171E700E-538F-40BF-B761-B2EE12F0D9BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe
    FirewallRules: [TCP Query User{93607D63-BFF1-4388-B643-87BFE54AAEEF}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{4312334E-F747-4355-80C1-2C1AD397BC30}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{11C2BF2A-F6E3-4091-AA9E-61B05B574584}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
    FirewallRules: [UDP Query User{1B4212E6-486D-4F22-B907-150476DAFD73}C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42932\sc2_x64.exe
    FirewallRules: [{1B5FDB0D-820A-4194-8D88-4F0AD45C12F7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
    FirewallRules: [{B144D89B-345C-46AF-B9CE-A25F6671C3FD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
    FirewallRules: [TCP Query User{1CCB3762-3766-4D4C-BFD2-FBA2129EEBAC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{5579875B-784D-4A22-9464-AF0C0CCE87A3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [TCP Query User{53B05ADF-5025-46E0-8CD4-80792430BC0C}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{3E72EA3C-A8A7-40D2-B6E6-774A2B43A0A1}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{3E0066E0-2808-449B-99C2-150127843537}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
    FirewallRules: [UDP Query User{88998446-CC83-4501-881D-68781EC85CD6}C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base43478\sc2_x64.exe
    FirewallRules: [TCP Query User{36D8D677-06AF-41BD-9E53-48B716966776}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{C5147C01-18DE-48C3-934F-58F48562C182}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [TCP Query User{E47D89E9-7D7A-44FE-B617-D5A65EF909E1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{F83B69D0-7302-4C29-A995-0F971CF80E7D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{6BD419A0-68C9-4A17-8456-2A67A2DCFAAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3TC.exe
    FirewallRules: [{D1D03B35-009D-4338-B32D-76C9FE7F678E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\X3 Terran Conflict\X3TC.exe
    FirewallRules: [TCP Query User{B4247BC6-22FA-4D02-8FAF-BE36BDEE2359}C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{CD2A4EFE-1AC9-4D3F-9009-032B64EA301A}C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
    FirewallRules: [{AFECF350-FF79-4C2F-A0C1-8FAE2053EF54}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
    FirewallRules: [{FDCE9949-FCF9-434C-A7E3-3C4308C238FA}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44797\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{669DD9AF-15BA-4003-92F2-024F5B165304}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{A330EE98-1B46-4E2B-972C-91417F071520}C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
    FirewallRules: [{C8634E7C-88B2-48F1-996A-D16225FC42A2}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
    FirewallRules: [{306561D3-0071-4ED3-8CA0-8CAD9BEF295E}] => (Block) C:\program files (x86)\heroes of the storm\versions\base44941\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{F2BBF05C-7969-45E7-BC72-48E4FD1DA3A7}C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe
    FirewallRules: [UDP Query User{559D5153-B402-4D04-9C96-AB079380586B}C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe
    FirewallRules: [{A648FDF1-B153-4FD7-8272-418FAFD1EF42}] => (Block) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe
    FirewallRules: [{8ED57D8E-EF78-4563-B27A-D2677E8D17A9}] => (Block) C:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe
    FirewallRules: [TCP Query User{ADD0F885-717F-4576-9EEE-3123A9D1C93C}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
    FirewallRules: [UDP Query User{66102041-2C64-483A-89F5-C20DB4489584}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
    FirewallRules: [{18D0ACC1-CCB0-4573-85FA-20206DC06702}] => (Block) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
    FirewallRules: [{ACD122B4-7C67-41DE-AB9A-2A9224249C79}] => (Block) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe
    FirewallRules: [{88B07424-E7D5-4E3C-BAF4-6D6DC3AC23AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{77719439-521D-4A32-B293-D126AD1871F2}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{DB11DF07-083C-4AD1-B493-13228B239FC1}C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
    FirewallRules: [{F66BFF1F-064D-4251-BB96-EC8A374B0AED}] => (Block) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
    FirewallRules: [{EBA61CD5-6EA4-4263-BC26-A8C8DB65B7AA}] => (Block) C:\program files (x86)\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
    FirewallRules: [{67DF9635-7A2F-4D43-9F51-35A193560F16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe
    FirewallRules: [{3E658949-0219-4047-A2CA-54BF0222BC7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe
    FirewallRules: [TCP Query User{9FF1295E-DB75-4619-9CCF-59BB868F14E9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{DF892856-8A60-4AF9-8EC5-3E733AF06980}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

    ==================== Restore Points =========================

    29-08-2016 11:05:32 Scheduled Checkpoint
    01-09-2016 18:39:19 Windows Update
    10-09-2016 02:23:39 Installed SpyHunter
    11-09-2016 18:08:11 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/12/2016 11:10:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 202516

    Error: (09/12/2016 11:10:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 202516

    Error: (09/12/2016 11:10:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (09/12/2016 10:29:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MAH-DESKTOP)
    Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (09/12/2016 10:28:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 39702578

    Error: (09/12/2016 10:28:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 39702578

    Error: (09/12/2016 10:28:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (09/11/2016 06:08:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (09/11/2016 08:33:20 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
    Description: Event-ID 2002

    Error: (09/11/2016 08:33:19 AM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
    Description: Event-ID 5000


    System errors:
    =============
    Error: (09/12/2016 11:13:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

    Error: (09/12/2016 11:06:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_1e0f387 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (09/12/2016 11:06:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_1e0f387 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (09/12/2016 11:06:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_1e0f387 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (09/12/2016 11:06:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_1e0f387 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (09/12/2016 10:57:21 AM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (09/12/2016 10:57:21 AM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (09/12/2016 10:32:10 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

    Error: (09/12/2016 10:30:48 AM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

    Error: (09/12/2016 10:30:48 AM) (Source: DCOM) (EventID: 10016) (User: MAH-DESKTOP)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user Mah-Desktop\Cody SID (S-1-5-21-3313481241-1894715402-4189534921-1004) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================
    Date: 2016-09-01 19:52:44.842
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-24 15:20:46.026
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-11 09:12:23.526
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-08-10 20:06:04.702
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-31 18:50:06.380
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-20 12:01:54.017
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-19 10:11:07.940
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-07-18 21:01:38.790
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-22 22:53:22.656
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-06-22 11:46:32.091
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
    Percentage of memory in use: 30%
    Total physical RAM: 8108.73 MB
    Available physical RAM: 5650.52 MB
    Total Virtual: 9644.73 MB
    Available Virtual: 7054.71 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:930.37 GB) (Free:81.27 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 403870F7)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  14. Azadai

    Azadai TS Rookie Topic Starter

    Fixlog.txt:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
    Ran by Cody (13-09-2016 11:38:11) Run:1
    Running from C:\Users\Cody\Desktop\FRST
    Loaded Profiles: Cody (Available Profiles: Cody & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    S2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive2\nd2svc.exe [X]
    S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
    S3 mfeapfk; system32\drivers\mfeapfk.sys [X]
    U2 TMAgent; no ImagePath
    2016-03-08 20:07 - 2016-05-30 17:17 - 0004622 _____ () C:\Users\Cody\AppData\Roaming\LTspiceIV.ini
    2016-03-11 01:06 - 2016-05-27 19:03 - 0000600 _____ () C:\Users\Cody\AppData\Roaming\winscp.rnd
    2016-01-10 14:35 - 2016-01-10 14:35 - 0000036 _____ () C:\Users\Cody\AppData\Local\housecall.guid.cache
    2016-03-31 17:25 - 2016-05-01 14:45 - 0000600 _____ () C:\Users\Cody\AppData\Local\PUTTY.RND
    2016-09-03 21:25 - 2016-09-03 21:25 - 0013914 _____ () C:\Users\Cody\AppData\Local\recently-used.xbel
    2016-01-10 15:43 - 2016-09-12 11:14 - 0000010 _____ () C:\Users\Cody\AppData\Local\sponge.last.runtime.cache
    2015-12-23 18:11 - 2015-12-23 18:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2013-10-22 13:07 - 2013-10-22 13:08 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2013-10-22 13:04 - 2013-10-22 13:05 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2013-10-22 13:05 - 2013-10-22 13:05 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2013-10-22 13:06 - 2013-10-22 13:07 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2013-10-22 13:04 - 2013-10-22 13:04 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    C:\Users\Cody\Q2BlockDiagram2.exe
    C:\Users\Cody\Q3Simulation.exe
    C:\Users\Cody\AppData\Local\Temp\0172691451345113mcinst.exe
    C:\Users\Cody\AppData\Local\Temp\59f3-ed9e-90bb-abe8.exe
    C:\Users\Cody\AppData\Local\Temp\COMAP.EXE
    C:\Users\Cody\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Cody\AppData\Local\Temp\Execute2App.exe
    C:\Users\Cody\AppData\Local\Temp\jansi-64-1810959505688073440.dll
    C:\Users\Cody\AppData\Local\Temp\jansi-64-3745218813016737628.dll
    C:\Users\Cody\AppData\Local\Temp\jansi-64-7499072956835013738.dll
    C:\Users\Cody\AppData\Local\Temp\jansi-64-7510082244880606345.dll
    C:\Users\Cody\AppData\Local\Temp\jansi-64-8795685801070610727.dll
    C:\Users\Cody\AppData\Local\Temp\jre-8u101-windows-au.exe
    C:\Users\Cody\AppData\Local\Temp\jre-8u91-windows-au.exe
    C:\Users\Cody\AppData\Local\Temp\libeay32.dll
    C:\Users\Cody\AppData\Local\Temp\McCSPInstall.dll
    C:\Users\Cody\AppData\Local\Temp\mccspuninstall.exe
    C:\Users\Cody\AppData\Local\Temp\msvcp90.dll
    C:\Users\Cody\AppData\Local\Temp\msvcr120.dll
    C:\Users\Cody\AppData\Local\Temp\msvcr90.dll
    C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
    C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
    C:\Users\Cody\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Cody\AppData\Local\Temp\nvSCPAPI64.dll
    C:\Users\Cody\AppData\Local\Temp\nvStInst.exe
    C:\Users\Cody\AppData\Local\Temp\sqlite3.dll
    C:\Users\Cody\AppData\Local\Temp\SynciosDeviceService.exe
    C:\Users\Cody\AppData\Local\Temp\TmDbgLog.dll
    C:\Users\Cody\AppData\Local\Temp\xmlUpdater.exe
    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
    C:\Program Files (x86)\Enigma Software Group
    R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
    2016-09-10 19:50 - 2016-09-10 19:50 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Cody\Downloads\SpyHunter-Installer.exe
    2016-09-10 02:25 - 2016-09-10 02:25 - 00003434 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
    2016-09-10 02:24 - 2016-09-10 02:24 - 00002361 _____ C:\Users\Cody\Desktop\SpyHunter.lnk
    2016-09-10 02:24 - 2016-09-10 02:24 - 00000000 ____D C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2016-09-10 02:21 - 2016-09-10 02:21 - 00000000 ____D C:\Users\Cody\Downloads\SpyHunter 4 + Crack
    2016-09-10 02:20 - 2016-09-10 02:21 - 15901755 _____ C:\Users\Cody\Downloads\SpyHunter 4 + Crack.zip
    Task: {0CA8690D-AB37-4F2A-B16E-8C0B14C35751} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
    Task: {ABC6C0C1-AE6F-45CC-9008-D495FF304FB0} - \SystemToolsDailyTest -> No File <==== ATTENTION
    Task: {C250ADC3-70D8-4AE1-A387-C6A38AD76193} - \WPD\SqmUpload_S-1-5-21-3313481241-1894715402-4189534921-1001 -> No File <==== ATTENTION
    Task: {FC805CF4-6310-4A26-BAC3-29F6D23EEF2C} - \PCDEventLauncherTask -> No File <==== ATTENTION

    *****************

    NetDrive2_Service_NetDrive2 => service removed successfully
    WsDrvInst => service removed successfully
    mfeapfk => service removed successfully
    TMAgent => service removed successfully
    C:\Users\Cody\AppData\Roaming\LTspiceIV.ini => moved successfully
    C:\Users\Cody\AppData\Roaming\winscp.rnd => moved successfully
    C:\Users\Cody\AppData\Local\housecall.guid.cache => moved successfully
    C:\Users\Cody\AppData\Local\PUTTY.RND => moved successfully
    C:\Users\Cody\AppData\Local\recently-used.xbel => moved successfully
    C:\Users\Cody\AppData\Local\sponge.last.runtime.cache => moved successfully
    C:\ProgramData\DP45977C.lfl => moved successfully
    C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
    C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
    C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
    C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log => moved successfully
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
    C:\Users\Cody\Q2BlockDiagram2.exe => moved successfully
    C:\Users\Cody\Q3Simulation.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\0172691451345113mcinst.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\59f3-ed9e-90bb-abe8.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\COMAP.EXE => moved successfully
    C:\Users\Cody\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\Execute2App.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\jansi-64-1810959505688073440.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\jansi-64-3745218813016737628.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\jansi-64-7499072956835013738.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\jansi-64-7510082244880606345.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\jansi-64-8795685801070610727.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\libeay32.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\McCSPInstall.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\mccspuninstall.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\msvcp90.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\msvcr120.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\msvcr90.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\nvStInst.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\sqlite3.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\SynciosDeviceService.exe => moved successfully
    C:\Users\Cody\AppData\Local\Temp\TmDbgLog.dll => moved successfully
    C:\Users\Cody\AppData\Local\Temp\xmlUpdater.exe => moved successfully
    [1492] C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe => process closed successfully.
    C:\Program Files (x86)\Enigma Software Group => moved successfully
    SpyHunter 4 Service => service removed successfully
    C:\Users\Cody\Downloads\SpyHunter-Installer.exe => moved successfully
    C:\WINDOWS\System32\Tasks\SpyHunter4Startup => moved successfully
    C:\Users\Cody\Desktop\SpyHunter.lnk => moved successfully
    C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter => moved successfully
    C:\Users\Cody\Downloads\SpyHunter 4 + Crack => moved successfully
    C:\Users\Cody\Downloads\SpyHunter 4 + Crack.zip => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CA8690D-AB37-4F2A-B16E-8C0B14C35751}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CA8690D-AB37-4F2A-B16E-8C0B14C35751}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABC6C0C1-AE6F-45CC-9008-D495FF304FB0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABC6C0C1-AE6F-45CC-9008-D495FF304FB0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C250ADC3-70D8-4AE1-A387-C6A38AD76193}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C250ADC3-70D8-4AE1-A387-C6A38AD76193}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3313481241-1894715402-4189534921-1001" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC805CF4-6310-4A26-BAC3-29F6D23EEF2C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC805CF4-6310-4A26-BAC3-29F6D23EEF2C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => key removed successfully

    ==== End of Fixlog 11:38:17 ====
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  16. Azadai

    Azadai TS Rookie Topic Starter

    Checkup.txt:
    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Trend Micro Maximum Security
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 101
    Java version 32-bit out of Date!
    Adobe Flash Player 23.0.0.162
    Mozilla Firefox (47.0.1)
    Mozilla Thunderbird (45.1.0)
    Google Chrome (51.0.2704.103)
    Google Chrome (52.0.2743.116)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    Trend Micro AMSP coreServiceShell.exe
    Trend Micro UniClient UiFrmWrk uiWatchDog.exe
    Trend Micro Titanium plugin Pt\PtSvcHost.exe
    Trend Micro AMSP coreFrameworkHost.exe
    Trend Micro Titanium plugin Pt\PtWatchDog.exe
    Trend Micro TMIDS PwmSvc.exe
    Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
    Trend Micro Titanium plugin Pt\PtSessionAgent.exe
    Trend Micro TMIDS tower PwmTower.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    FSS.txt:
    Farbar Service Scanner Version: 27-01-2016
    Ran by Cody (administrator) on 14-09-2016 at 11:57:48
    Running from "C:\Users\Cody\Downloads"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    Sophos Free Virus Removal Tool came up clean and didn't have a log
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  18. Azadai

    Azadai TS Rookie Topic Starter

    Thanks for your help with this. The hijacker appears to have been removed and I can do normal searches again (yay). Also I appreciate the Mr Clean image xD
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...