Jump to content

Recommended Posts

A site named l.mediaaserver.org continues to be blocked by Malwarebytes, and it is a site which I believe has been causing me problems anyway. However, the notifications that it has been blocked are getting annoying and I would like to block or remove it from my computer completely. I was wondering how to do this or what I should do in this situation.

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Tweaking.com Registry Backup
 
  • Download Tweaking.com Registry Backup from here, and save tweaking.com_registry_backup_portable.zip to your desktop.
  • Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All".
  • Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button.
  • Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract".
  • From the newly extracted files, right click on hPxdDvj.png and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup.(Windows Vista/7/8/10 users: Accept UAC warning if it is enabled.)
  • A screen like this should appear:
    user posted image
     
  • Type a custom name in Backup Name if you want, then choose Backup Now.
  • If backup is successful, a message will appear at the lower half of the screen with an option to view logs.
  • The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings.
  • Close Tweaking.com Registry Backup when done.


Next,
Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

or,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your next reply....


Thank you,

Kevin...
Link to post
Share on other sites

I am currently scanning but I will post the rkill log because that is done. The registry backup is also done (but obviously no log is required).

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/30/2016 03:55:31 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\Windows\AppPatch\spbin => C:\PROGRA~2\SearchProtect\SearchProtect\bin [Dir]

Checking Windows Service Integrity: 

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

 * WinDefend [Missing Service]

Searching for Missing Digital Signatures: 

 * C:\Windows\System32\user32.dll : 1,008,640 : 04/25/2015 08:35 PM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig]
 +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 04/25/2015 08:35 PM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/20/2010 08:27 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
 +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/20/2010 07:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

Checking HOSTS File: 

 * HOSTS file entries found: 

  0.0.0.0 pubads.g.doubleclick.net
  0.0.0.0 securepubads.g.doubleclick.net
  0.0.0.0 www.googletagservices.com
  0.0.0.0 gads.pubmatic.com
  0.0.0.0 ads.pubmatic.com
  0.0.0.0 spclient.wg.spotify.com

Program finished at: 07/30/2016 03:56:42 PM
Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)
 

Link to post
Share on other sites

Malwarebytes got nothing, however notifications continue to come up saying "malicious website blocked" domain is l.mediaadserver.org and the port varies with each block. Log from scan is:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/30/2016
Scan Time: 4:07 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.30.13
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Connell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311100
Time Elapsed: 22 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Here are the last two:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Connell (administrator) on CONNELL-PC (30-07-2016 16:36:38)
Running from C:\Users\Connell\Desktop
Loaded Profiles: Connell (Available Profiles: Connell)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Connell\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Micro-Star International Co.,Ltd.) C:\Program Files (x86)\S-Bar\S-Bar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1566344 2014-04-08] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [S-Bar] => C:\Program Files (x86)\S-Bar\S-Bar.exe [5504416 2012-12-03] (Micro-Star International Co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [GoogleChromeAutoLaunch_9CACE28C2316D302DA197A798CC292BC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [Ijtsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Connell\AppData\Local\Ufmedia\qhpqefng.dll
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [Spotify Web Helper] => C:\Users\Connell\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-09] (Spotify Ltd)
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [BluetoothManage] => rundll32.exe "%appdata%\Microsoft\btstack.dll",init
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\MountPoints2: {c6a6da86-7f81-11e5-aebe-685d4307e1e3} - F:\OnePlus_setup.exe /s
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\MountPoints2: {d151366b-c037-11e4-aee0-685d4307e1e3} - E:\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-08-10] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-10-29] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  No File
CHR HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8B1A40AA-06C3-4D8A-9494-3340F14D60DA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B99DE71E-CD0F-4D2C-BA2E-9AA063082EBF}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Connell\AppData\Roaming\Mozilla\Firefox\Profiles\x30hhdct.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf0NjqIAq_u7mGIGaoqOU7bB0poivK6FlvbX0g1PTW9xDSnf3a-XBRI_xiObg11ItU0aL3oplT533h6tiFot8jsJxu8DnBpLlP045uU6FdKyCQp749AMPeBBAx-f7UVnaZaR03snbyzZYpDPcpMepi_cpxnyu9rPYW5cR4GP5JpA_
CHR Profile: C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (uBlock Origin) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-26]
CHR Extension: (Netflix) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-08-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-17]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29]
CHR HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-09] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-11-25] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2013-12-09] (Qualcomm Atheros) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 caMyciloP; no ImagePath
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [80080 2013-11-08] (Qualcomm Atheros, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-30] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 ipadtst; \??\C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-30 16:36 - 2016-07-30 16:37 - 00017130 _____ C:\Users\Connell\Desktop\FRST.txt
2016-07-30 16:35 - 2016-07-30 16:36 - 00000000 ____D C:\FRST
2016-07-30 16:34 - 2016-07-30 16:34 - 02394112 _____ (Farbar) C:\Users\Connell\Downloads\FRST64.exe
2016-07-30 16:34 - 2016-07-30 16:34 - 02394112 _____ (Farbar) C:\Users\Connell\Desktop\FRST64.exe
2016-07-30 16:01 - 2016-07-30 16:01 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CONNELL-PC-Windows-7-Ultimate-(64-bit).dat
2016-07-30 16:01 - 2016-07-30 16:01 - 00000000 ____D C:\RegBackup
2016-07-30 16:00 - 2016-07-30 16:00 - 00000000 ____D C:\Users\Connell\Desktop\Regbackup
2016-07-30 15:59 - 2016-07-30 15:59 - 03251071 _____ C:\Users\Connell\Desktop\tweaking.com_registry_backup_portable.zip
2016-07-30 15:58 - 2016-07-30 15:59 - 03251071 _____ C:\Users\Connell\Downloads\tweaking.com_registry_backup_portable.zip
2016-07-30 15:55 - 2016-07-30 15:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Connell\Downloads\rkill.exe
2016-07-30 15:55 - 2016-07-30 15:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Connell\Desktop\rkill.exe
2016-07-30 15:54 - 2016-07-30 15:56 - 00004364 _____ C:\Users\Connell\Desktop\Rkill.txt
2016-07-30 15:54 - 2016-07-30 15:54 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Connell\Downloads\rkill.com
2016-07-25 20:52 - 2016-07-25 20:52 - 00000000 ____D C:\Users\Connell\Downloads\Big.Brother.US.S18E11.HDTV.x264-FUM[ettv]
2016-07-23 19:50 - 2016-07-23 19:50 - 00000000 ____D C:\Users\Connell\Downloads\Catch.Me.If.You.Can[ENG][DVDRip]
2016-07-22 21:48 - 2016-07-22 21:48 - 00000000 ____D C:\Users\Connell\Downloads\Big.Brother.US.S18E10.HDTV.x264-FUM[ettv]
2016-07-20 22:50 - 2016-07-20 22:50 - 00000007 _____ C:\Users\Connell\Documents\peyton.txt
2016-07-17 21:40 - 2016-07-17 22:28 - 00000000 ____D C:\Users\Connell\AppData\Local\Urban Trial Freestyle
2016-07-14 23:31 - 2016-07-14 23:31 - 06079168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-05 13:22 - 2016-07-05 13:22 - 00000221 _____ C:\Users\Connell\Desktop\LIMBO.url
2016-07-05 13:21 - 2016-07-05 13:21 - 00000222 _____ C:\Users\Connell\Desktop\Urban Trial Freestyle.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-30 16:34 - 2009-07-13 23:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-30 16:34 - 2009-07-13 23:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-30 16:31 - 2014-09-10 15:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-30 16:07 - 2014-08-11 16:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-30 15:44 - 2015-08-15 21:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-29 22:10 - 2015-08-15 21:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-28 23:48 - 2014-08-11 14:54 - 00000000 ____D C:\Users\Connell\AppData\Local\Spotify
2016-07-28 22:02 - 2014-08-11 14:54 - 00000000 ____D C:\Users\Connell\AppData\Roaming\Spotify
2016-07-28 21:39 - 2015-08-15 21:10 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 21:39 - 2015-08-15 21:10 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 21:39 - 2014-08-07 20:42 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-28 21:39 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-28 21:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-28 01:28 - 2016-05-20 16:50 - 00005621 _____ C:\Users\Connell\Desktop\EZBlocker-log.txt
2016-07-28 01:24 - 2015-10-25 11:47 - 00000316 _____ C:\Windows\Tasks\ATIZN.job
2016-07-28 01:24 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-28 01:23 - 2014-09-16 16:46 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-07-28 00:03 - 2014-08-11 16:03 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-28 00:03 - 2014-08-11 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-28 00:03 - 2014-08-11 16:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-25 22:13 - 2014-08-10 20:22 - 00000000 ____D C:\Users\Connell\AppData\Roaming\BitTorrent
2016-07-25 20:47 - 2015-09-19 20:37 - 00000000 ____D C:\Users\Connell\AppData\LocalLow\BitTorrent
2016-07-22 22:35 - 2014-08-08 22:23 - 00000000 ____D C:\Users\Connell\AppData\Roaming\vlc
2016-07-17 19:25 - 2014-08-07 22:16 - 00000000 ____D C:\Users\Connell\AppData\Roaming\.minecraft
2016-07-15 00:13 - 2014-11-21 21:13 - 00000000 ____D C:\Users\Connell\AppData\Roaming\Skype
2016-07-14 23:31 - 2014-09-10 15:49 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 23:31 - 2014-09-10 15:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 23:31 - 2014-09-10 15:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 23:15 - 2015-05-28 19:36 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 23:15 - 2015-05-28 19:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-14 23:13 - 2014-09-10 15:49 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-14 23:13 - 2014-08-20 19:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-05 13:26 - 2014-08-07 19:43 - 00000000 ____D C:\Users\Connell\AppData\Local\Deployment
2016-06-30 13:00 - 2014-08-08 22:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-30 13:00 - 2014-08-08 22:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2015-07-12 10:41 - 2016-01-28 23:11 - 0000020 _____ () C:\Users\Connell\AppData\Roaming\appdataFr2.bin
2015-07-13 10:53 - 2015-07-17 19:38 - 0000024 _____ () C:\Users\Connell\AppData\Roaming\appdataFr25.bin
2012-05-03 06:12 - 2012-05-03 06:12 - 0000532 _____ () C:\Users\Connell\AppData\Local\datos.txt
2014-09-03 19:34 - 2014-09-03 19:34 - 0000000 _____ () C:\Users\Connell\AppData\Local\Driver_LOM_8161Present.flag
2014-09-03 15:11 - 2014-09-03 15:11 - 0003072 _____ () C:\Users\Connell\AppData\Local\file__0.localstorage
2014-02-05 15:08 - 2014-02-05 15:08 - 0193744 _____ () C:\Users\Connell\AppData\Local\lateral1.bmp
2010-11-12 04:10 - 2010-11-12 04:10 - 0193744 _____ () C:\Users\Connell\AppData\Local\lateral2.bmp
2014-02-05 15:10 - 2014-02-05 15:10 - 0195108 _____ () C:\Users\Connell\AppData\Local\lateral3.bmp
2014-02-05 16:50 - 2014-02-05 16:50 - 0043976 _____ () C:\Users\Connell\AppData\Local\save_en.bmp
2014-02-05 16:49 - 2014-02-05 16:49 - 0043976 _____ () C:\Users\Connell\AppData\Local\save_es.bmp
2015-04-11 13:14 - 2015-04-25 21:24 - 0011766 _____ () C:\Users\Connell\AppData\Local\Temp-log.txt
2015-05-28 19:02 - 2015-05-28 19:02 - 0000000 _____ () C:\Users\Connell\AppData\Local\Temp.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2014-08-09 17:59] - [2015-04-25 20:35] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2014-08-09 17:59] - [2015-04-25 20:35] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-20 19:53

==================== End of FRST.txt ============================

And here is Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Connell (2016-07-30 16:37:21)
Running from C:\Users\Connell\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-07 23:34:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3462628204-2175220548-686733109-500 - Administrator - Disabled)
Connell (S-1-5-21-3462628204-2175220548-686733109-1000 - Administrator - Enabled) => C:\Users\Connell
Guest (S-1-5-21-3462628204-2175220548-686733109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3462628204-2175220548-686733109-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BitTorrent (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version:  - Treyarch)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canyon Capers (HKLM-x32\...\Steam App 275490) (Version:  - Crazy Moo Games)
Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Crash Time II (HKLM-x32\...\Steam App 11390) (Version:  - RTL interactive)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
Duck Game (HKLM-x32\...\Steam App 312530) (Version:  - Landon Podbielski)
foobar2000 v1.3.4 (HKLM-x32\...\foobar2000) (Version: 1.3.4 - Peter Pawlowski)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IdleMaster (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Just Cause (HKLM-x32\...\Steam App 6880) (Version:  - Avalanche Studios)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1403.2801 - Application)
KLM (x32 Version: 1.0.1403.2801 - Application) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
LIMBO (HKLM\...\Steam App 48000) (Version:  - Playdead)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version:  - Freakinware Studios)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
NBTExplorer (HKLM-x32\...\{70417A42-7BA4-4801-BE5E-2C095BDC3048}) (Version: 2.7.1.0 - Justin Aquadro)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{70352071-9C2B-4EF0-88E6-9F16FEBAEB36}) (Version: 1.1.38.1281 - Qualcomm Atheros)
Race The Sun (HKLM-x32\...\Steam App 253030) (Version:  - Flippfly LLC)
Racer 8 (HKLM-x32\...\Steam App 292380) (Version:  - 30.06 Studios Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
S-Bar (HKLM-x32\...\{EA37105B-24BD-4B05-8D4A-3CA5945CBD40}) (Version: 21.012.12039 -  )
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Simply Chess (HKLM-x32\...\Steam App 312280) (Version:  - BlueLine Games)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Spotify (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Spotydl 0.9.36.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.36.0 - spotydl.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
Surgeon Simulator 2013 Steam Edition 1.0 (HKLM-x32\...\Surgeon Simulator 2013 Steam Edition 1.0) (Version: 1.0 - Cat-A-Cat)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac - Rebirth version 1.0 (HKLM-x32\...\The Binding of Isaac - Rebirth_is1) (Version: 1.0 - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Urban Trial Freestyle (HKLM\...\Steam App 243450) (Version:  - Tate Multimedia)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EF177E3-FE5A-4A4A-83F2-1EA508EC95AE} - System32\Tasks\{4512EBBE-E3F5-4CA1-9C3C-321CAF84A626} => C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War/CoDWaWmp.exe [2014-11-24] (Activision Blizzard, Inc.)
Task: {11AF17C8-F7E8-499A-BFAE-A45C6D873BE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-15] (Google Inc.)
Task: {21CEB2D0-4501-42FE-81CD-D95F20221FC1} - System32\Tasks\{34CAA14B-6748-46D3-A10C-F2BFB6CA779E} => pcalua.exe -a C:\Users\Connell\Downloads\pinnacle-setup.exe -d C:\Users\Connell\Downloads
Task: {49D33E60-C850-4432-A7C4-21AE2DA95122} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {692C3DA6-BF22-439B-AA46-3247F757FF13} - System32\Tasks\Opera scheduled Autoupdate 1450630056 => C:\Program Files (x86)\Opera\launcher.exe
Task: {694012BD-1C5B-463B-A2B4-AA7419237F6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-15] (Google Inc.)
Task: {7E201D76-ADA6-419E-9CD2-D4A0E3705832} - System32\Tasks\e4wjqahj => C:\Program Files\Common Files\uywb2fn2\68b4d0yrm4eih.exe <==== ATTENTION
Task: {B252709E-CF35-4D98-9BDB-EC6FAAC03528} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {CCE94F75-99CA-4A97-B80B-85174BFBB562} - System32\Tasks\downioadwi => C:\Windows\system32\config\systemprofile\AppData\Local\Vivasoncore <==== ATTENTION
Task: {EA942C78-914B-43B4-86F6-969C7A959C3C} - System32\Tasks\443l40kz => C:\Program Files\Common Files\sq1x44oe\49ca6uqnrfle4.exe <==== ATTENTION
Task: {F2F83BC2-7905-4698-85AE-1D19F9C87094} - System32\Tasks\ATIZN => Rundll32.exe "C:\Windows\SysWOW64\AudioEngw.dll",QDXXQJRM

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ATIZN.job => rundll32.exe  C:\Windows\SysWOW64\AudioEngw.dll
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Connell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Connell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c5292fd00b53b4d5\Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=knipolnnllmklapflnccelgolnpehhpl

==================== Loaded Modules (Whitelisted) ==============

2014-08-07 19:34 - 2014-10-29 23:53 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-07 19:35 - 2014-10-29 21:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-25 15:14 - 2014-11-25 15:14 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-09-28 13:51 - 2012-09-28 13:51 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-07 19:34 - 2014-10-29 23:53 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-07-28 01:25 - 2016-07-28 01:25 - 00098816 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32api.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00110080 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pywintypes27.dll
2016-07-28 01:25 - 2016-07-28 01:25 - 00364544 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pythoncom27.dll
2016-07-28 01:25 - 2016-07-28 01:25 - 00045568 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_socket.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 01161216 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_ssl.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00320512 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32com.shell.shell.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00713216 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_hashlib.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 01175040 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._core_.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00805888 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._gdi_.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00811008 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._windows_.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 01062400 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._controls_.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00735232 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._misc_.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00682496 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pysqlite2._sqlite.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00087552 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_ctypes.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00119808 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32file.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00108544 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32security.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00007168 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\hashobjs_ext.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00026624 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\usb_ext.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00167936 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32gui.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00018432 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32event.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00128512 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_elementtree.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00127488 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pyexpat.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00013824 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\common.time34.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00036864 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_psutil_windows.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00038912 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32inet.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00011264 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32crypt.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00070656 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._html2.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00027136 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_multiprocessing.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00020480 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_yappi.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00035840 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32process.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00686080 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\unicodedata.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00122368 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._wizard.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00024064 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32pipe.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00010240 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\select.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00025600 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32pdh.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00525640 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\windows._lib_cacheinvalidation.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00017408 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32profile.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00022528 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32ts.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00078336 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._animate.pyd
2014-08-07 20:42 - 2016-04-29 15:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 22:42 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 22:42 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 22:42 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-07 20:42 - 2016-07-08 20:06 - 02317904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-10 17:43 - 2016-02-08 18:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-10 17:43 - 2016-02-08 18:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-10 17:43 - 2016-02-08 18:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-10 17:43 - 2016-02-08 18:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-10 17:43 - 2016-02-08 18:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-08-07 20:42 - 2016-07-08 20:06 - 00829520 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-27 17:26 - 2016-07-06 17:00 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2014-08-07 20:42 - 2016-06-14 14:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-11 12:34 - 2015-03-27 22:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-06-18 16:21 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 16:21 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-05-21 00:17 - 00001019 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3462628204-2175220548-686733109-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Connell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Connell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Connell\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Connell\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DA38E8D6-CF8D-4702-90E8-31D3C617A789}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B288F5A6-F345-4A5A-8BCE-88785C5D325D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EDCB319F-0BFA-4AB5-A485-4E8C54729D78}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9822A39C-F817-49B7-B3AA-13BB93EEA7CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B5B32267-715D-41FB-8F9C-07EEBD3B753A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F27EF451-CCEE-4273-9D68-E92073FEDD55}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DBB4A172-7F23-4200-BEF7-D3F7ED2978FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2418F017-3085-4AF6-BC97-BF889CBBB1EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5C7F2F81-E4EF-4B9B-BC2A-F2E9EE67274E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7566B47E-7EB3-42BD-90DE-90C907C6F741}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{68C4B628-E38B-4DE5-BC19-9155CEDAD424}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{B3B7B59A-8151-49B6-9C68-1C91F9425DE8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{9A2F713C-5D9C-4A75-9EC7-ABE598A97ADD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{1A585DE8-6B64-4E08-9144-A370E7D5CAB4}] => (Allow) C:\Users\Connell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8EC17148-63EA-4088-80AD-BDF1F4956001}] => (Allow) C:\Users\Connell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{C503CD3A-C311-49A5-9AF5-9B78A9113D10}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1014A946-9336-4DFA-9B0F-F50FD98A2A79}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{822AD24A-3D7D-4A78-BDE3-C6864D578CFE}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{A10E3EF9-7D96-4A58-B796-C13ED2CD124D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{FA9B9903-0CFA-47AC-891F-6AF63EDD28ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{911FC725-79CA-494B-916D-AC0E82F63A08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{E0F2606C-710D-43B9-95D9-3EF0F740C55B}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C1B1D582-2805-4131-899F-B6D6C1BD3724}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F971ED3F-828C-4075-ADAB-2E3E028CFD7D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4961EE55-1CB6-45C0-BC06-B07D52908FDA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99200F14-6421-49FF-ADF9-AE37D736D634}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{3E24DE2F-3FDF-4D65-8699-52DE675D6DE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{9143D219-C571-4419-93D7-DDC8EAF79420}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{F649E9AC-E628-49CA-9B32-56DF03EA4A3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{397EFBFC-22CD-4DCA-BE71-97342FCBFF7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{70D9EFDF-4037-4B8A-A0F1-FA85569D0F5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{E53F3298-38CF-4CF6-AF8D-CEB2402ACE08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{3B0E0A43-A444-4A9B-94C7-C65A1B30EB1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{26993953-8EC3-4827-B668-25BC645DF6E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{2DEC0395-6E0A-4475-B685-0C41D5968678}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{5759A086-36C5-4E04-AC81-3C0549322FAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{1FC76D11-08EC-444D-B68E-6339279C1447}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [TCP Query User{9E05A0E4-85FD-49C5-B683-72569836FE7E}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe
FirewallRules: [UDP Query User{13DEAB03-E9A0-476E-864E-763EB96D75DD}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe
FirewallRules: [{AA206736-7B00-4D06-BF07-7D0ACDC641C1}] => (Allow) D:\RouterSetup\QISWizard.exe
FirewallRules: [{DE9E6FE8-6DDB-44B3-9F4E-BCD092E2E896}] => (Allow) D:\RouterSetup\QISWizard.exe
FirewallRules: [{1EF06C8A-7D49-4A21-BD7B-B799FC959945}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crash Time II\BurningWheels.exe
FirewallRules: [{8256509E-B95C-452F-A5E3-95B7A2E4783F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crash Time II\BurningWheels.exe
FirewallRules: [{87D1289C-6035-405B-9811-44B05E30914A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{10152DB8-1D73-40A5-BB75-D567B377463B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{DCE5AD3B-9077-4D80-A6C5-6CE0948B01F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{B28F2A1D-A2F0-49C7-98D2-B1538D042EB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{401F5FB0-3CA0-4896-BD7F-3A54509A51F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A57A9E6D-A09F-4E6E-8D4C-CA583FCB6AE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{6873FA36-3AF4-48A9-BF7A-E817E1FA6FE9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{2DC76630-8811-410E-8BB4-CEEB2B9819CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{28648D93-F59A-4267-BBAD-2B9A90E51578}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{1DC656EA-0E91-457E-8E98-3CB369E63D39}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9E3CE783-FA67-4D59-9D19-6BB1198F29CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E58B98D2-4953-4F0D-A4D1-36DEA7AFD4C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8F67A79D-1983-4BA0-87B4-8445423DE972}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{05B1767F-0C9E-40A5-A23A-2D36615C59FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{75E43D68-0CC9-46DC-A971-D0635E0CA8E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7802756D-469A-438B-BB61-D0E6A269B1E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{00FF530E-9827-4F40-B6DB-28B79F786EA1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [TCP Query User{989366AF-4887-468F-A13F-27DDF65BCB95}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E206568E-7EA8-4861-9CBA-53B33C116215}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{C503F79C-AD27-4F77-BC98-2FB18F9D9CF2}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{07979529-45B3-4C5E-9C0C-DDB169DE5FF5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E13E22A0-E8F2-4D11-BD3F-7DBC2B85AB75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JustCause.exe
FirewallRules: [{6D01B396-DCDE-4878-8B7D-01D013E8C5B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JustCause.exe
FirewallRules: [{F175529B-4187-4338-9248-88126DD40050}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JCSetup.exe
FirewallRules: [{D2F070E2-BCFA-49A4-90C9-62D1010662CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JCSetup.exe
FirewallRules: [{33389AAC-C64D-4787-B856-356ABB02346F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{E8104FBB-1A91-46DD-B00B-2096210E277B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{916CA019-4E68-4175-9C3D-454F126FD86A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DF0D5935-EB0F-4D70-9F58-CF073100BB27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF343B15-678C-4985-85CD-507E769FF9CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4627C0BD-B1AE-44EB-9507-7AF1D94C701B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09C7426A-BDD9-44BB-B3CA-0A34A1FE1B64}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{3931894C-7C2D-4350-BE89-DD09E005074C}] => (Allow) C:\Users\Connell\AppData\Local\Temp\nsd2BC9.tmp\CnetInstaller-75337986.exe
FirewallRules: [{DE998420-D7BB-478B-AB0D-69852DB7CE70}] => (Allow) C:\Users\Connell\AppData\Local\Temp\nsd2BC9.tmp\CnetInstaller-75337986.exe
FirewallRules: [{622B5D74-BBB3-4AED-8724-5F4C2550923D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{78E54645-9C95-4296-8E00-E0E7DDC73F13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{1E2B4075-7E51-4ECC-8649-1266EAC99D44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{C13BA585-3636-48B5-9350-5AEE5D6E1866}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{FB4D899D-41D7-4E0A-B139-470963D6D1F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2E8BD465-1C82-406F-B2B4-52820F545CBA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3E765821-FF82-4AC9-B506-55A71E3E0AF1}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe
FirewallRules: [{1AA21B0D-CB3C-4C44-9CBE-BB7DB7442F64}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe
FirewallRules: [{5909D34A-6914-4702-AE0A-6CAB057B324E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Racer 8\Racer8.exe
FirewallRules: [{FB2170E4-E22F-48D3-ACD9-5B0C21E7B854}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Racer 8\Racer8.exe
FirewallRules: [{7D3E41B9-52B7-4AC9-84EE-08795F36569E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Canyon Capers\CanyonCapers.exe
FirewallRules: [{7A28065C-5931-440A-90FE-2E184D2DB216}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Canyon Capers\CanyonCapers.exe
FirewallRules: [{E10B8A30-4E1B-4DBA-874F-40CB3D4AFB82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe
FirewallRules: [{222BE021-0FD1-4EDF-8C62-68FFBA11BA36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe
FirewallRules: [{A225856B-26CD-426A-BEC7-8D8D67A0E918}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{264725EB-3E68-417A-891F-F59B28D98661}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{497DFB50-ACE7-430C-8275-45A781462A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{C51E1C5E-C12F-48C2-9B61-637932945C9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [TCP Query User{745CA023-D195-48BB-B07F-1FE743F3AAE3}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B98FF422-B68F-4E25-86B8-726AC1BD656C}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{95ED4F95-E045-48C7-9818-B00C3AD3C6E2}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3EB31DAB-522D-4BD2-9582-2A8200FF0EA1}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{78C3627E-9651-481A-9936-B683E8B65464}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{81CD46D1-9ADD-43A7-97DA-64D9570A8BF7}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{5A5D4654-F2BB-436D-984F-E65159CB2A4D}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{3A1AE821-4F63-4DBF-B571-2EB8F1252B2E}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{64A1241C-6E72-45B9-9C3D-A62509E687CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chess\Chess.exe
FirewallRules: [{B82C31CC-9A4A-4317-B111-4ABB415A9F08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chess\Chess.exe
FirewallRules: [{0EBA18E6-EBAF-40E7-AA76-7E8EF3E055DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{8B421FC0-B0F1-489A-94EC-9BF07F225D93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{262BE0E5-C3A4-4119-8BC2-1F393555432D}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{EA545A1E-BBC4-44DD-BBA0-A8E614BD96F6}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{100B6A78-1994-4A9B-B1C9-5378C571B1EC}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{9BFCD5FF-B020-4235-84AC-AD4C4E86155E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{908714A8-67DB-4FA8-858D-ED61BF9F9010}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{6CC9702F-CB0B-4A80-AB60-DC32518B5BC4}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{3A8F07B5-DA4E-4D93-B67C-ADD9F70E7778}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{A60DF1C7-0D87-478A-AC7D-5BA284D3672F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{1595350D-03C8-40B9-AEA0-3B48301B1242}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
FirewallRules: [{EE2E7BC6-3850-4757-8CC3-4A4A7C5621F6}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e
FirewallRules: [{E8F3DC98-64AA-4FCE-9501-A5A5F1DC67F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{9123BBD7-9EC3-40C0-976C-DAFD9F179DFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [TCP Query User{2CE70EBE-7CD4-4B16-95E7-FCA52A123AB4}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{33407C7F-A238-4788-86F2-58715DF4995A}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{0E8FE513-2CFF-4064-9A9E-A5DB74F4003B}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{2C031B8D-989C-44F4-90D4-AF9664E8FC90}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{E72CF3FB-19F4-4061-B438-01BA85C75FAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{02F9B5A5-7A81-40C2-9122-196F93B7C986}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCD8DDA2-1F37-4AD6-BA18-C4D0FDF03A23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{02E0149A-2CC8-4139-AD49-DC2F7E42D9D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{23A826FA-CB27-4DA4-A3CF-7384F91811D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{4A24FFDC-0F52-4AE9-9240-556B6BCF9CF0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe
FirewallRules: [{E4351C2C-5FF3-44FB-A9C7-DB8D979E422D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe
FirewallRules: [{56BCEFE1-38C1-404D-97A6-5E11338691AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe
FirewallRules: [{45E67988-1D53-4BB1-979D-7ED14E3D0081}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe
FirewallRules: [{DBD15F69-B23E-4E69-BE15-4B96CCBA753D}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
FirewallRules: [{776DBFF3-C482-4101-AE6E-0FB92E12790A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{582C442C-73A5-487D-B2E1-EC3191CF1066}] => (Allow) C:\Windows\SysWOW64\rundll32.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2016 04:12:26 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (07/30/2016 03:49:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 124629

Error: (07/30/2016 03:49:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 124629

Error: (07/30/2016 03:49:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/30/2016 03:49:36 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (07/30/2016 03:10:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (07/30/2016 02:10:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (07/30/2016 01:10:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (07/30/2016 12:34:54 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (07/29/2016 11:33:35 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154


System errors:
=============
Error: (07/30/2016 04:36:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/30/2016 04:36:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.

CodeIntegrity:
===================================
  Date: 2015-04-23 18:49:22.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-23 18:49:22.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 19:46:07.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 19:46:07.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-20 21:11:08.740
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-20 21:11:08.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-20 21:09:32.739
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-20 21:09:32.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-16 20:48:38.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-16 20:48:38.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 34%
Total physical RAM: 11426.75 MB
Available physical RAM: 7457.82 MB
Total Virtual: 22851.71 MB
Available Virtual: 18335.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:687.61 GB) (Free:356.08 GB) NTFS
Drive e: (Sims3) (CDROM) (Total:5.56 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E0305439)
Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=687.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also give an update on any remaining issues or concerns...

Thank you,

Kevin....

Fixlist.txt

Link to post
Share on other sites

FRST.txt:

aAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Connell (2016-07-31 11:51:14)
Running from C:\Users\Connell\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-07 23:34:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3462628204-2175220548-686733109-500 - Administrator - Disabled)
Connell (S-1-5-21-3462628204-2175220548-686733109-1000 - Administrator - Enabled) => C:\Users\Connell
Guest (S-1-5-21-3462628204-2175220548-686733109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3462628204-2175220548-686733109-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BitTorrent (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version:  - Treyarch)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canyon Capers (HKLM-x32\...\Steam App 275490) (Version:  - Crazy Moo Games)
Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Crash Time II (HKLM-x32\...\Steam App 11390) (Version:  - RTL interactive)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
Duck Game (HKLM-x32\...\Steam App 312530) (Version:  - Landon Podbielski)
foobar2000 v1.3.4 (HKLM-x32\...\foobar2000) (Version: 1.3.4 - Peter Pawlowski)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
IdleMaster (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
IdleMaster (HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1d85483b1c982d8c) (Version: 1.4.0.0 - IdleMaster)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Just Cause (HKLM-x32\...\Steam App 6880) (Version:  - Avalanche Studios)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1403.2801 - Application)
KLM (x32 Version: 1.0.1403.2801 - Application) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
LIMBO (HKLM\...\Steam App 48000) (Version:  - Playdead)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version:  - Freakinware Studios)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
NBTExplorer (HKLM-x32\...\{70417A42-7BA4-4801-BE5E-2C095BDC3048}) (Version: 2.7.1.0 - Justin Aquadro)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.38.1281 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{70352071-9C2B-4EF0-88E6-9F16FEBAEB36}) (Version: 1.1.38.1281 - Qualcomm Atheros)
Race The Sun (HKLM-x32\...\Steam App 253030) (Version:  - Flippfly LLC)
Racer 8 (HKLM-x32\...\Steam App 292380) (Version:  - 30.06 Studios Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6549 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
S-Bar (HKLM-x32\...\{EA37105B-24BD-4B05-8D4A-3CA5945CBD40}) (Version: 21.012.12039 -  )
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Simply Chess (HKLM-x32\...\Steam App 312280) (Version:  - BlueLine Games)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Spotify (HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Spotify (HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Spotydl 0.9.36.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.36.0 - spotydl.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super Meat Boy v1.5 (HKLM-x32\...\Super Meat Boy v1.5_is1) (Version:  - Team Meat)
Surgeon Simulator 2013 Steam Edition 1.0 (HKLM-x32\...\Surgeon Simulator 2013 Steam Edition 1.0) (Version: 1.0 - Cat-A-Cat)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac - Rebirth version 1.0 (HKLM-x32\...\The Binding of Isaac - Rebirth_is1) (Version: 1.0 - )
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Urban Trial Freestyle (HKLM\...\Steam App 243450) (Version:  - Tate Multimedia)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3462628204-2175220548-686733109-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Connell\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EF177E3-FE5A-4A4A-83F2-1EA508EC95AE} - System32\Tasks\{4512EBBE-E3F5-4CA1-9C3C-321CAF84A626} => C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War/CoDWaWmp.exe [2014-11-24] (Activision Blizzard, Inc.)
Task: {11AF17C8-F7E8-499A-BFAE-A45C6D873BE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-15] (Google Inc.)
Task: {21CEB2D0-4501-42FE-81CD-D95F20221FC1} - System32\Tasks\{34CAA14B-6748-46D3-A10C-F2BFB6CA779E} => pcalua.exe -a C:\Users\Connell\Downloads\pinnacle-setup.exe -d C:\Users\Connell\Downloads
Task: {49D33E60-C850-4432-A7C4-21AE2DA95122} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {692C3DA6-BF22-439B-AA46-3247F757FF13} - System32\Tasks\Opera scheduled Autoupdate 1450630056 => C:\Program Files (x86)\Opera\launcher.exe
Task: {694012BD-1C5B-463B-A2B4-AA7419237F6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-15] (Google Inc.)
Task: {7E201D76-ADA6-419E-9CD2-D4A0E3705832} - System32\Tasks\e4wjqahj => C:\Program Files\Common Files\uywb2fn2\68b4d0yrm4eih.exe <==== ATTENTION
Task: {B252709E-CF35-4D98-9BDB-EC6FAAC03528} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {CCE94F75-99CA-4A97-B80B-85174BFBB562} - System32\Tasks\downioadwi => C:\Windows\system32\config\systemprofile\AppData\Local\Vivasoncore <==== ATTENTION
Task: {EA942C78-914B-43B4-86F6-969C7A959C3C} - System32\Tasks\443l40kz => C:\Program Files\Common Files\sq1x44oe\49ca6uqnrfle4.exe <==== ATTENTION
Task: {F2F83BC2-7905-4698-85AE-1D19F9C87094} - System32\Tasks\ATIZN => Rundll32.exe "C:\Windows\SysWOW64\AudioEngw.dll",QDXXQJRM

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ATIZN.job => rundll32.exe  C:\Windows\SysWOW64\AudioEngw.dll
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Connell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Connell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c5292fd00b53b4d5\Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=knipolnnllmklapflnccelgolnpehhpl

==================== Loaded Modules (Whitelisted) ==============

2014-08-07 19:34 - 2014-10-29 23:53 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-07 19:35 - 2014-10-29 21:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-25 15:14 - 2014-11-25 15:14 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-09-28 13:51 - 2012-09-28 13:51 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-07-31 11:46 - 2016-07-31 11:46 - 03712064 _____ () C:\Users\Connell\Downloads\AdwCleaner (1).exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-07 19:34 - 2014-10-29 23:53 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-07-28 01:25 - 2016-07-28 01:25 - 00098816 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32api.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00110080 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pywintypes27.dll
2016-07-28 01:25 - 2016-07-28 01:25 - 00364544 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pythoncom27.dll
2016-07-28 01:25 - 2016-07-28 01:25 - 00045568 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_socket.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 01161216 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_ssl.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00320512 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32com.shell.shell.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00713216 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_hashlib.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 01175040 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._core_.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00805888 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._gdi_.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00811008 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._windows_.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 01062400 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._controls_.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00735232 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._misc_.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00682496 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pysqlite2._sqlite.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00087552 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_ctypes.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00119808 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32file.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00108544 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32security.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00007168 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\hashobjs_ext.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00026624 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\usb_ext.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00167936 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32gui.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00018432 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32event.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00128512 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_elementtree.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00127488 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\pyexpat.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00013824 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\common.time34.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00036864 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_psutil_windows.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00038912 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32inet.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00011264 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32crypt.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00070656 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._html2.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00027136 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_multiprocessing.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00020480 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\_yappi.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00035840 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32process.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00686080 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\unicodedata.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00122368 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._wizard.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00024064 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32pipe.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00010240 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\select.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00025600 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32pdh.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00525640 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\windows._lib_cacheinvalidation.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00017408 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32profile.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00022528 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\win32ts.pyd
2016-07-28 01:25 - 2016-07-28 01:25 - 00078336 _____ () C:\Users\Connell\AppData\Local\Temp\_MEI4642\wx._animate.pyd
2014-08-07 20:42 - 2016-04-29 15:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 22:42 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 22:42 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 22:42 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-08-07 20:42 - 2016-07-08 20:06 - 02317904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-10 17:43 - 2016-02-08 18:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-10 17:43 - 2016-02-08 18:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-10 17:43 - 2016-02-08 18:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-10 17:43 - 2016-02-08 18:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-10 17:43 - 2016-02-08 18:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-08-07 20:42 - 2016-07-08 20:06 - 00829520 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-27 17:26 - 2016-07-06 17:00 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2014-08-07 20:42 - 2016-06-14 14:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-11 12:34 - 2015-03-27 22:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-06-18 16:21 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 16:21 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-05-21 00:17 - 00001019 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 pubads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 www.googletagservices.com
0.0.0.0 gads.pubmatic.com
0.0.0.0 ads.pubmatic.com
0.0.0.0 spclient.wg.spotify.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3462628204-2175220548-686733109-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Connell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3462628204-2175220548-686733109-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Connell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Connell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Connell\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Connell\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DA38E8D6-CF8D-4702-90E8-31D3C617A789}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B288F5A6-F345-4A5A-8BCE-88785C5D325D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EDCB319F-0BFA-4AB5-A485-4E8C54729D78}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9822A39C-F817-49B7-B3AA-13BB93EEA7CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B5B32267-715D-41FB-8F9C-07EEBD3B753A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F27EF451-CCEE-4273-9D68-E92073FEDD55}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DBB4A172-7F23-4200-BEF7-D3F7ED2978FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2418F017-3085-4AF6-BC97-BF889CBBB1EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5C7F2F81-E4EF-4B9B-BC2A-F2E9EE67274E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7566B47E-7EB3-42BD-90DE-90C907C6F741}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{68C4B628-E38B-4DE5-BC19-9155CEDAD424}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{B3B7B59A-8151-49B6-9C68-1C91F9425DE8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{9A2F713C-5D9C-4A75-9EC7-ABE598A97ADD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{1A585DE8-6B64-4E08-9144-A370E7D5CAB4}] => (Allow) C:\Users\Connell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8EC17148-63EA-4088-80AD-BDF1F4956001}] => (Allow) C:\Users\Connell\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{C503CD3A-C311-49A5-9AF5-9B78A9113D10}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1014A946-9336-4DFA-9B0F-F50FD98A2A79}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{822AD24A-3D7D-4A78-BDE3-C6864D578CFE}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{A10E3EF9-7D96-4A58-B796-C13ED2CD124D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{FA9B9903-0CFA-47AC-891F-6AF63EDD28ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{911FC725-79CA-494B-916D-AC0E82F63A08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [TCP Query User{E0F2606C-710D-43B9-95D9-3EF0F740C55B}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C1B1D582-2805-4131-899F-B6D6C1BD3724}C:\users\connell\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\connell\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F971ED3F-828C-4075-ADAB-2E3E028CFD7D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4961EE55-1CB6-45C0-BC06-B07D52908FDA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99200F14-6421-49FF-ADF9-AE37D736D634}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{3E24DE2F-3FDF-4D65-8699-52DE675D6DE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{9143D219-C571-4419-93D7-DDC8EAF79420}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{F649E9AC-E628-49CA-9B32-56DF03EA4A3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{397EFBFC-22CD-4DCA-BE71-97342FCBFF7B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{70D9EFDF-4037-4B8A-A0F1-FA85569D0F5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{E53F3298-38CF-4CF6-AF8D-CEB2402ACE08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{3B0E0A43-A444-4A9B-94C7-C65A1B30EB1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{26993953-8EC3-4827-B668-25BC645DF6E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{2DEC0395-6E0A-4475-B685-0C41D5968678}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{5759A086-36C5-4E04-AC81-3C0549322FAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{1FC76D11-08EC-444D-B68E-6339279C1447}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [TCP Query User{9E05A0E4-85FD-49C5-B683-72569836FE7E}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe
FirewallRules: [UDP Query User{13DEAB03-E9A0-476E-864E-763EB96D75DD}C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe] => (Allow) C:\program files (x86)\dsdcs\ds4tool\ds4tool.exe
FirewallRules: [{AA206736-7B00-4D06-BF07-7D0ACDC641C1}] => (Allow) D:\RouterSetup\QISWizard.exe
FirewallRules: [{DE9E6FE8-6DDB-44B3-9F4E-BCD092E2E896}] => (Allow) D:\RouterSetup\QISWizard.exe
FirewallRules: [{1EF06C8A-7D49-4A21-BD7B-B799FC959945}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crash Time II\BurningWheels.exe
FirewallRules: [{8256509E-B95C-452F-A5E3-95B7A2E4783F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Crash Time II\BurningWheels.exe
FirewallRules: [{87D1289C-6035-405B-9811-44B05E30914A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{10152DB8-1D73-40A5-BB75-D567B377463B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{DCE5AD3B-9077-4D80-A6C5-6CE0948B01F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{B28F2A1D-A2F0-49C7-98D2-B1538D042EB0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{401F5FB0-3CA0-4896-BD7F-3A54509A51F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A57A9E6D-A09F-4E6E-8D4C-CA583FCB6AE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{6873FA36-3AF4-48A9-BF7A-E817E1FA6FE9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{2DC76630-8811-410E-8BB4-CEEB2B9819CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{28648D93-F59A-4267-BBAD-2B9A90E51578}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{1DC656EA-0E91-457E-8E98-3CB369E63D39}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9E3CE783-FA67-4D59-9D19-6BB1198F29CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E58B98D2-4953-4F0D-A4D1-36DEA7AFD4C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8F67A79D-1983-4BA0-87B4-8445423DE972}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{05B1767F-0C9E-40A5-A23A-2D36615C59FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{75E43D68-0CC9-46DC-A971-D0635E0CA8E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7802756D-469A-438B-BB61-D0E6A269B1E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{00FF530E-9827-4F40-B6DB-28B79F786EA1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [TCP Query User{989366AF-4887-468F-A13F-27DDF65BCB95}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E206568E-7EA8-4861-9CBA-53B33C116215}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{C503F79C-AD27-4F77-BC98-2FB18F9D9CF2}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{07979529-45B3-4C5E-9C0C-DDB169DE5FF5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E13E22A0-E8F2-4D11-BD3F-7DBC2B85AB75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JustCause.exe
FirewallRules: [{6D01B396-DCDE-4878-8B7D-01D013E8C5B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JustCause.exe
FirewallRules: [{F175529B-4187-4338-9248-88126DD40050}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JCSetup.exe
FirewallRules: [{D2F070E2-BCFA-49A4-90C9-62D1010662CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause\JCSetup.exe
FirewallRules: [{33389AAC-C64D-4787-B856-356ABB02346F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{E8104FBB-1A91-46DD-B00B-2096210E277B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{916CA019-4E68-4175-9C3D-454F126FD86A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DF0D5935-EB0F-4D70-9F58-CF073100BB27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF343B15-678C-4985-85CD-507E769FF9CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4627C0BD-B1AE-44EB-9507-7AF1D94C701B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09C7426A-BDD9-44BB-B3CA-0A34A1FE1B64}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{3931894C-7C2D-4350-BE89-DD09E005074C}] => (Allow) C:\Users\Connell\AppData\Local\Temp\nsd2BC9.tmp\CnetInstaller-75337986.exe
FirewallRules: [{DE998420-D7BB-478B-AB0D-69852DB7CE70}] => (Allow) C:\Users\Connell\AppData\Local\Temp\nsd2BC9.tmp\CnetInstaller-75337986.exe
FirewallRules: [{622B5D74-BBB3-4AED-8724-5F4C2550923D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{78E54645-9C95-4296-8E00-E0E7DDC73F13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{1E2B4075-7E51-4ECC-8649-1266EAC99D44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{C13BA585-3636-48B5-9350-5AEE5D6E1866}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{FB4D899D-41D7-4E0A-B139-470963D6D1F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2E8BD465-1C82-406F-B2B4-52820F545CBA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3E765821-FF82-4AC9-B506-55A71E3E0AF1}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe
FirewallRules: [{1AA21B0D-CB3C-4C44-9CBE-BB7DB7442F64}] => (Allow) C:\Program Files (x86)\Isoplex\Isoplex.exe
FirewallRules: [{5909D34A-6914-4702-AE0A-6CAB057B324E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Racer 8\Racer8.exe
FirewallRules: [{FB2170E4-E22F-48D3-ACD9-5B0C21E7B854}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Racer 8\Racer8.exe
FirewallRules: [{7D3E41B9-52B7-4AC9-84EE-08795F36569E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Canyon Capers\CanyonCapers.exe
FirewallRules: [{7A28065C-5931-440A-90FE-2E184D2DB216}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Canyon Capers\CanyonCapers.exe
FirewallRules: [{E10B8A30-4E1B-4DBA-874F-40CB3D4AFB82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe
FirewallRules: [{222BE021-0FD1-4EDF-8C62-68FFBA11BA36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe
FirewallRules: [{A225856B-26CD-426A-BEC7-8D8D67A0E918}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{264725EB-3E68-417A-891F-F59B28D98661}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{497DFB50-ACE7-430C-8275-45A781462A6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{C51E1C5E-C12F-48C2-9B61-637932945C9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [TCP Query User{745CA023-D195-48BB-B07F-1FE743F3AAE3}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B98FF422-B68F-4E25-86B8-726AC1BD656C}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{95ED4F95-E045-48C7-9818-B00C3AD3C6E2}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3EB31DAB-522D-4BD2-9582-2A8200FF0EA1}C:\users\connell\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\connell\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{78C3627E-9651-481A-9936-B683E8B65464}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{81CD46D1-9ADD-43A7-97DA-64D9570A8BF7}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{5A5D4654-F2BB-436D-984F-E65159CB2A4D}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{3A1AE821-4F63-4DBF-B571-2EB8F1252B2E}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{64A1241C-6E72-45B9-9C3D-A62509E687CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chess\Chess.exe
FirewallRules: [{B82C31CC-9A4A-4317-B111-4ABB415A9F08}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chess\Chess.exe
FirewallRules: [{0EBA18E6-EBAF-40E7-AA76-7E8EF3E055DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{8B421FC0-B0F1-489A-94EC-9BF07F225D93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [TCP Query User{262BE0E5-C3A4-4119-8BC2-1F393555432D}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{EA545A1E-BBC4-44DD-BBA0-A8E614BD96F6}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{100B6A78-1994-4A9B-B1C9-5378C571B1EC}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{9BFCD5FF-B020-4235-84AC-AD4C4E86155E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{908714A8-67DB-4FA8-858D-ED61BF9F9010}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{6CC9702F-CB0B-4A80-AB60-DC32518B5BC4}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{3A8F07B5-DA4E-4D93-B67C-ADD9F70E7778}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{A60DF1C7-0D87-478A-AC7D-5BA284D3672F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Duck Game\DuckGame.exe
FirewallRules: [{1595350D-03C8-40B9-AEA0-3B48301B1242}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
FirewallRules: [{EE2E7BC6-3850-4757-8CC3-4A4A7C5621F6}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e
FirewallRules: [{E8F3DC98-64AA-4FCE-9501-A5A5F1DC67F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{9123BBD7-9EC3-40C0-976C-DAFD9F179DFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [TCP Query User{2CE70EBE-7CD4-4B16-95E7-FCA52A123AB4}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{33407C7F-A238-4788-86F2-58715DF4995A}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{0E8FE513-2CFF-4064-9A9E-A5DB74F4003B}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{2C031B8D-989C-44F4-90D4-AF9664E8FC90}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{E72CF3FB-19F4-4061-B438-01BA85C75FAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{02F9B5A5-7A81-40C2-9122-196F93B7C986}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCD8DDA2-1F37-4AD6-BA18-C4D0FDF03A23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{02E0149A-2CC8-4139-AD49-DC2F7E42D9D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{23A826FA-CB27-4DA4-A3CF-7384F91811D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{4A24FFDC-0F52-4AE9-9240-556B6BCF9CF0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe
FirewallRules: [{E4351C2C-5FF3-44FB-A9C7-DB8D979E422D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Urban Trial Freestyle\UrbanTrialFreestyle.exe
FirewallRules: [{56BCEFE1-38C1-404D-97A6-5E11338691AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe
FirewallRules: [{45E67988-1D53-4BB1-979D-7ED14E3D0081}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe
FirewallRules: [{DBD15F69-B23E-4E69-BE15-4B96CCBA753D}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
FirewallRules: [{776DBFF3-C482-4101-AE6E-0FB92E12790A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{582C442C-73A5-487D-B2E1-EC3191CF1066}] => (Allow) C:\Windows\SysWOW64\rundll32.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2016 11:27:25 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (07/30/2016 06:22:49 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (07/30/2016 05:50:23 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (07/30/2016 04:12:26 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (07/30/2016 03:49:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 124629

Error: (07/30/2016 03:49:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 124629

Error: (07/30/2016 03:49:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/30/2016 03:49:36 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (07/30/2016 03:10:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (07/30/2016 02:10:38 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154


System errors:
=============
Error: (07/31/2016 11:37:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/31/2016 11:27:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/31/2016 11:27:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error: 
%%2 = The system cannot find the file specified.

CodeIntegrity:
===================================
  Date: 2015-04-23 18:49:22.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-23 18:49:22.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 19:46:07.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-21 19:46:07.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-20 21:11:08.740
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-20 21:11:08.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-20 21:09:32.739
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-20 21:09:32.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-16 20:48:38.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-16 20:48:38.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 30%
Total physical RAM: 11426.75 MB
Available physical RAM: 7984.55 MB
Total Virtual: 22851.71 MB
Available Virtual: 18282.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:687.61 GB) (Free:356.03 GB) NTFS
Drive e: (Sims3) (CDROM) (Total:5.56 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E0305439)
Partition 1: (Not Active) - (Size=10.9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=687.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Malwarebytes Scan Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/31/2016
Scan Time: 11:45 AM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.31.04
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Connell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311098
Time Elapsed: 22 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

AdwCleaner[C1].txt:

# AdwCleaner v5.201 - Logfile created 31/07/2016 at 12:10:22
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-31.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Connell - CONNELL-PC
# Running from : C:\Users\Connell\Downloads\AdwCleaner (1).exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : caMyciloP

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\PraiceDownlooiadeR
[#] Folder Deleted : C:\ProgramData\Application Data\PraiceDownlooiadeR

***** [ Files ] *****

[-] File Deleted : C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File Deleted : C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Connell\AppData\Roaming\appdataFr2.bin

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B08006D8-1D22-458E-9370-F459542E5AF2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B7298E57-3046-4F2A-B8C6-78CC8A60020C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CB747D69-2EE7-40C0-BE35-BA6ED3EEA8A3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB559C6A-03B9-4961-9BC3-80D769710C2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : HKCU\Software\winmnt
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markit.co
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net

***** [ Web browsers ] *****

[-] [C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcgnigmofekcllgbiejhmigggmgehkip
[-] [C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf0NjqIAq_u7mGIGaoqOU7bB0poivK6FlvbX0g1PTW9xDSnf3a-XBRI_xiObg11ItU0aL3oplT533h6tiFot8jsJxu8DnBpLlP045uU6FdKyCQp749AMPeBBAx-f7UVnaZaR03snbyzZYpDPcpMepi_cpxnyu9rPYW5cR4GP5JpA_

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3210 bytes] - [31/07/2016 12:10:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [3824 bytes] - [31/07/2016 11:46:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3356 bytes] ##########
 

Link to post
Share on other sites

Sophos log:

2016-07-31 17:22:05.318    Sophos Virus Removal Tool version 2.5.5
2016-07-31 17:22:05.318    Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-07-31 17:22:05.318    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-07-31 17:22:05.318    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-07-31 17:22:05.318    Checking for updates...
2016-07-31 17:22:05.583    Update progress: proxy server not available
2016-07-31 17:22:14.064    Option all = no
2016-07-31 17:22:14.064    Option recurse = yes
2016-07-31 17:22:14.064    Option archive = no
2016-07-31 17:22:14.064    Option service = yes
2016-07-31 17:22:14.064    Option confirm = yes
2016-07-31 17:22:14.064    Option sxl = yes
2016-07-31 17:22:14.064    Option max-data-age = 35
2016-07-31 17:22:14.064    Option EnableSafeClean = yes
2016-07-31 17:22:15.624    Option vdl-logging = yes
2016-07-31 17:22:15.639    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-07-31 17:22:15.639    Machine ID:    47146c858dcc40659593adc5dd3e002b
2016-07-31 17:22:15.639    Component SVRTcli.exe version 2.5.5
2016-07-31 17:22:15.639    Component control.dll version 2.5.5
2016-07-31 17:22:15.639    Component SVRTservice.exe version 2.5.5
2016-07-31 17:22:15.639    Component engine\osdp.dll version 1.44.1.2250
2016-07-31 17:22:15.639    Component engine\veex.dll version 3.65.0.2250
2016-07-31 17:22:15.639    Component engine\savi.dll version 9.0.1.2250
2016-07-31 17:22:15.639    Component rkdisk.dll version 1.5.30.0
2016-07-31 17:22:15.639    Version info:    Product version    2.5.5
2016-07-31 17:22:15.639    Version info:    Detection engine    3.65.0
2016-07-31 17:22:15.639    Version info:    Detection data    5.26
2016-07-31 17:22:15.639    Version info:    Build date    4/5/2016
2016-07-31 17:22:15.639    Version info:    Data files added    716
2016-07-31 17:22:15.639    Version info:    Last successful update    (not yet updated)
2016-07-31 17:22:39.328    Downloading updates...
2016-07-31 17:22:39.343    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2016-07-31 17:22:39.343    Update progress: [I49502] Found supplement SAVIW32 LATEST 
2016-07-31 17:22:39.343    Update progress: [I49502] Found supplement IDE527 LATEST 
2016-07-31 17:22:39.343    Update progress: [I49502] Found supplement IDE528 LATEST 
2016-07-31 17:22:39.343    Update progress: [I49502] Found supplement IDE529 LATEST 
2016-07-31 17:22:39.343    Update progress: [I49502] Found supplement IDE530 LATEST 
2016-07-31 17:22:39.343    Update progress: [I49502] Found supplement IDE531 LATEST 
2016-07-31 17:22:39.343    Update progress: [I49502] Found supplement IDE532 LATEST 
2016-07-31 17:22:39.343    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-07-31 17:22:39.343    Update progress: [I19463] Syncing product SAVIW32 70
2016-07-31 17:22:43.032    Update progress: [I19463] Syncing product IDE527 142
2016-07-31 17:22:43.906    Installing updates...
2016-07-31 17:22:44.514    Error level 1
2016-07-31 17:22:44.530    Update progress: [I19463] Syncing product IDE528 127
2016-07-31 17:22:44.530    Update progress: [I19463] Syncing product IDE529 135
2016-07-31 17:22:44.530    Update progress: [I19463] Syncing product IDE530 214
2016-07-31 17:22:44.530    Update progress: [I19463] Syncing product IDE531 105
2016-07-31 17:22:44.530    Update progress: [I19463] Syncing product IDE532 1
2016-07-31 17:22:56.887    Update successful
2016-07-31 17:23:08.352    Option all = no
2016-07-31 17:23:08.352    Option recurse = yes
2016-07-31 17:23:08.352    Option archive = no
2016-07-31 17:23:08.352    Option service = yes
2016-07-31 17:23:08.352    Option confirm = yes
2016-07-31 17:23:08.352    Option sxl = yes
2016-07-31 17:23:08.352    Option max-data-age = 35
2016-07-31 17:23:08.352    Option EnableSafeClean = yes
2016-07-31 17:23:08.477    Option vdl-logging = yes
2016-07-31 17:23:08.477    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-07-31 17:23:08.477    Machine ID:    47146c858dcc40659593adc5dd3e002b
2016-07-31 17:23:08.477    Component SVRTcli.exe version 2.5.5
2016-07-31 17:23:08.477    Component control.dll version 2.5.5
2016-07-31 17:23:08.477    Component SVRTservice.exe version 2.5.5
2016-07-31 17:23:08.477    Component engine\osdp.dll version 1.44.1.2250
2016-07-31 17:23:08.477    Component engine\veex.dll version 3.65.0.2250
2016-07-31 17:23:08.477    Component engine\savi.dll version 9.0.1.2250
2016-07-31 17:23:08.477    Component rkdisk.dll version 1.5.30.0
2016-07-31 17:23:08.477    Version info:    Product version    2.5.5
2016-07-31 17:23:08.477    Version info:    Detection engine    3.65.0
2016-07-31 17:23:08.477    Version info:    Detection data    5.26
2016-07-31 17:23:08.477    Version info:    Build date    4/5/2016
2016-07-31 17:23:08.477    Version info:    Data files added    716
2016-07-31 17:23:08.477    Version info:    Last successful update    7/31/2016 12:22:56 PM

2016-07-31 17:41:52.191    >>> Virus 'Troj/MSIL-GHN' found in file C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$R2FHOJV\run.exe
2016-07-31 17:42:07.979    >>> Virus 'Troj/MSIL-FUU' found in file C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$RSHX299\bin\84a6b820-8e08-4c23-913f-16c8f775a027\xtc.exe
2016-07-31 17:42:13.760    Could not open C:\hiberfil.sys
2016-07-31 17:42:20.515    Could not open C:\pagefile.sys
2016-07-31 17:51:48.365    Could not open C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-07-31 17:51:48.365    Could not open C:\Users\Connell\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-07-31 19:00:05.640    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-07-31 19:00:05.641    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-07-31 19:00:10.725    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-07-31 19:00:10.725    Could not open C:\Windows\System32\config\RegBack\SAM
2016-07-31 19:00:10.726    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-07-31 19:00:10.726    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-07-31 19:00:10.727    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-07-31 19:14:25.315    The following items will be cleaned up:
2016-07-31 19:14:25.315    Troj/MSIL-GHN
2016-07-31 19:14:25.315    Troj/MSIL-FUU
2016-08-01 00:27:23.173    Threat 'Troj/MSIL-GHN' has been cleaned up.
2016-08-01 00:27:23.173    File "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$R2FHOJV\run.exe" belongs to 'Troj/MSIL-GHN'.
2016-08-01 00:27:23.173    File "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$R2FHOJV\run.exe" has been cleaned up.
2016-08-01 00:27:23.189    Removal successful
2016-08-01 00:27:24.905    Threat 'Troj/MSIL-FUU' has been cleaned up.
2016-08-01 00:27:24.905    File "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$RSHX299\bin\84a6b820-8e08-4c23-913f-16c8f775a027\xtc.exe" belongs to 'Troj/MSIL-FUU'.
2016-08-01 00:27:24.905    File "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$RSHX299\bin\84a6b820-8e08-4c23-913f-16c8f775a027\xtc.exe" has been cleaned up.
2016-08-01 00:27:24.905    Removal successful
2016-08-01 00:27:24.920    Contents of SafeClean bin directory:
2016-08-01 00:27:24.920    {
2016-08-01 00:27:24.920        RecordID   : "0000000000000001",
2016-08-01 00:27:24.920        ItemType   : "1",
2016-08-01 00:27:24.920        Location   : "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$R2FHOJV\",
2016-08-01 00:27:24.920        FileName   : "run.exe",
2016-08-01 00:27:24.920        ThreatName : "Troj/MSIL-GHN",
2016-08-01 00:27:24.920        Checksum   : "8b31a54112317d62fabb7fe3024070b233b4d545f6468a0a695e36b04f0236c7",
2016-08-01 00:27:24.920        TimeStamp  : "Sun Jul 31 19:27:19 2016"
2016-08-01 00:27:24.920    }
2016-08-01 00:27:24.920    {
2016-08-01 00:27:24.920        RecordID   : "0000000000000002",
2016-08-01 00:27:24.920        ItemType   : "1",
2016-08-01 00:27:24.920        Location   : "C:\$Recycle.Bin\S-1-5-21-3462628204-2175220548-686733109-1000\$RSHX299\bin\84a6b820-8e08-4c23-913f-16c8f775a027\",
2016-08-01 00:27:24.920        FileName   : "xtc.exe",
2016-08-01 00:27:24.920        ThreatName : "Troj/MSIL-FUU",
2016-08-01 00:27:24.920        Checksum   : "5cb75475c0ed7ca9de62fa6ad951b63e287b31d766f1e0de9b3b57e378b0b15b",
2016-08-01 00:27:24.920        TimeStamp  : "Sun Jul 31 19:27:23 2016"
2016-08-01 00:27:24.920    }
2016-08-01 00:27:25.435    Error level 0
 I will let you know if the website continues to come up. Thanks so much for your help!

Link to post
Share on other sites

I'm very sorry I definitely did not read the directions carefully enough I clicked clean instead of fix. Here is Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Connell (2016-07-31 19:40:40) Run:1
Running from C:\Users\Connell\Desktop
Loaded Profiles: Connell (Available Profiles: Connell)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\Run: [Ijtsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Connell\AppData\Local\Ufmedia\qhpqefng.dll
C:\Users\Connell\AppData\Local\Ufmedia\qhpqefng.dll
C:\Users\Connell\AppData\Local\Ufmedia
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\MountPoints2: {c6a6da86-7f81-11e5-aebe-685d4307e1e3} - F:\OnePlus_setup.exe /s
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\...\MountPoints2: {d151366b-c037-11e4-aee0-685d4307e1e3} - E:\Autorun.exe
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  No File
CHR HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
Tcpip\..\Interfaces\{B99DE71E-CD0F-4D2C-BA2E-9AA063082EBF}: [DhcpNameServer] 172.20.10.1 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf0NjqIAq_u7mGIGaoqOU7bB0poivK6FlvbX0g1PTW9xDSnf3a-XBRI_xiObg11ItU0aL3oplT533h6tiFot8jsJxu8DnBpLlP045uU6FdKyCQp749AMPeBBAx-f7UVnaZaR03snbyzZYpDPcpMepi_cpxnyu9rPYW5cR4GP5JpA_
S2 caMyciloP; no ImagePath
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] 
S3 ipadtst; \??\C:\Program Files (x86)\MSI\SUPER CHARGER\ipadtst_64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X] 
Task: {7E201D76-ADA6-419E-9CD2-D4A0E3705832} - System32\Tasks\e4wjqahj => C:\Program Files\Common Files\uywb2fn2\68b4d0yrm4eih.exe <==== ATTENTION
C:\Program Files\Common Files\uywb2fn2\68b4d0yrm4eih.exe
C:\Program Files\Common Files\uywb2fn2
Task: {CCE94F75-99CA-4A97-B80B-85174BFBB562} - System32\Tasks\downioadwi => C:\Windows\system32\config\systemprofile\AppData\Local\Vivasoncore <==== ATTENTION
C:\Windows\system32\config\systemprofile\AppData\Local\Vivasoncore
Task: {EA942C78-914B-43B4-86F6-969C7A959C3C} - System32\Tasks\443l40kz => C:\Program Files\Common Files\sq1x44oe\49ca6uqnrfle4.exe <==== ATTENTION
C:\Program Files\Common Files\sq1x44oe\49ca6uqnrfle4.exe
C:\Program Files\Common Files\sq1x44oe
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] 
㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowLegacyWebView => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowUnhashedWebView => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
HKU\S-1-5-21-3462628204-2175220548-686733109-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ijtsoft => value removed successfully
"C:\Users\Connell\AppData\Local\Ufmedia\qhpqefng.dll" => not found.
C:\Users\Connell\AppData\Local\Ufmedia => moved successfully
"HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6a6da86-7f81-11e5-aebe-685d4307e1e3}" => key removed successfully
HKCR\CLSID\{c6a6da86-7f81-11e5-aebe-685d4307e1e3} => key not found. 
"HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d151366b-c037-11e4-aee0-685d4307e1e3}" => key removed successfully
HKCR\CLSID\{d151366b-c037-11e4-aee0-685d4307e1e3} => key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully
HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found. 
"HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Google" => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B99DE71E-CD0F-4D2C-BA2E-9AA063082EBF}\\DhcpNameServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3462628204-2175220548-686733109-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Chrome HomePage => removed successfully
caMyciloP => service not found.
TrustedInstaller => service removed successfully
ipadtst => service removed successfully
NTIOLib_1_0_3 => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E201D76-ADA6-419E-9CD2-D4A0E3705832}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E201D76-ADA6-419E-9CD2-D4A0E3705832}" => key removed successfully
C:\Windows\System32\Tasks\e4wjqahj => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e4wjqahj" => key removed successfully
"C:\Program Files\Common Files\uywb2fn2\68b4d0yrm4eih.exe" => not found.
"C:\Program Files\Common Files\uywb2fn2" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CCE94F75-99CA-4A97-B80B-85174BFBB562}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCE94F75-99CA-4A97-B80B-85174BFBB562}" => key removed successfully
C:\Windows\System32\Tasks\downioadwi => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\downioadwi" => key removed successfully
"C:\Windows\system32\config\systemprofile\AppData\Local\Vivasoncore" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA942C78-914B-43B4-86F6-969C7A959C3C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA942C78-914B-43B4-86F6-969C7A959C3C}" => key removed successfully
C:\Windows\System32\Tasks\443l40kz => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\443l40kz" => key removed successfully
"C:\Program Files\Common Files\sq1x44oe\49ca6uqnrfle4.exe" => not found.
"C:\Program Files\Common Files\sq1x44oe" => not found.
"C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
"C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數 => Error: No automatic fix found for this entry.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End ofCMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6462458 B
Java, Flash, Steam htmlcache => 185596792 B
Windows/system/drivers => 720649718 B
Edge => 0 B
Chrome => 527944581 B
Firefox => 14646903 B
Opera => 12024256 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55275797 B
systemprofile32 => 73348 B
LocalService => 66228 B
NetworkService => 382830 B
Connell => 315035331 B

RecycleBin => 9986401757 B
EmptyTemp: => 11 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:40:58 ====

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/1/2016
Scan Time: 1:32 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.01.10
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Connell

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 310311
Time Elapsed: 21 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Can you either attach or copy/paste the last couple of Protection logs from Malwarebytes...

Open Malwarebytes..
 
  • Click on the History tab > Application Logs.
  • Double click on the Protection Log which shows the most recent Date and time..
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

Link to post
Share on other sites

Yeah here it is

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 8/3/2016 3:18 PM, SYSTEM, CONNELL-PC, Scheduler, Failed, No Internet connection detected, 
Update, 8/3/2016 3:18 PM, SYSTEM, CONNELL-PC, Scheduler, Failed, No Internet connection detected, 
Update, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Scheduler, Remediation Database, 2016.8.2.1, 2016.8.3.1, 
Update, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Scheduler, IP Database, 2016.8.3.1, 2016.8.3.2, 
Update, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Scheduler, Domain Database, 2016.8.2.7, 2016.8.3.9, 
Update, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Scheduler, Malware Database, 2016.8.3.1, 2016.8.3.11, 
Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Refresh, Starting, 
Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Refresh, Success, 
Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, Starting, 
Protection, 8/3/2016 3:22 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, Started, 
Scan, 8/3/2016 3:31 PM, SYSTEM, CONNELL-PC, Context, Start:8/3/2016 3:18 PM, Duration:12 min 29 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Detection, 8/3/2016 3:32 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 52299, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:32 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 52299, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:33 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 52411, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:33 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 52533, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:33 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 52657, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:34 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53082, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:36 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53404, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:36 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53582, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:36 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53588, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:36 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53633, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:37 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53694, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:37 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53761, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:37 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53811, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:37 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 53860, Outbound, C:\Windows\SysWOW64\rundll32.exe, 
Detection, 8/3/2016 3:38 PM, SYSTEM, CONNELL-PC, Protection, Malicious Website Protection, IP, 192.133.137.104, l.mediaadserver.org, 54032, Outbound, C:\Windows\SysWOW64\rundll32.exe, 

(end)

Link to post
Share on other sites

Run the following:

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...

Let me see those logs....

Thank you,

Kevin...
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Connell (Administrator) on Wed 08/03/2016 at 17:11:18.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 9 

Successfully deleted: C:\Users\Connell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WOLDZ42 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Connell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFS4V2DN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Connell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5WVOTIN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Connell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGZZ6GJN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Connell\AppData\Roaming\appdataFr25.bin (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WOLDZ42 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFS4V2DN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5WVOTIN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGZZ6GJN (Temporary Internet Files Folder) 

Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9CACE28C2316D302DA197A798CC292BC (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/03/2016 at 17:13:25.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Zemana AntiMalware 2.21.2.247 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/8/3
Operating System       : Windows 7 64-bit
Processor              : 8X Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
BIOS Mode              : Legacy
CUID                   : 12A38E73DB4B2BD4E0D9BC
Scan Type              : Scheduled Scan
Duration               : 3m 10s
Scanned Objects        : 20831
Detected Objects       : 7
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Chrome Shortcut
Status             : Scanned
Object             : --app-id=knipolnnllmklapflnccelgolnpehhpl
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut

Chrome Homepage
Status             : Scanned
Object             : http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf0NjqIAq_u7mGIGaoqOU7bB0poivK6FlvbX0g1PTW9xDSnf3a-XBRI_xiObg11ItU0aL3oplT533h6tiFot8jsJxu8DnBpLlP045uU6FdKyCQp749AMPeBBAx-f7UVnaZaR03snbyzZYpDPcpMepi_cpxnyu9rPYW5cR4GP5JpA_
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Homepage

Isaac.exe
Status             : Scanned
Object             : %userprofile%\downloads\thebindingofisaacwrathofthelamb\the binding of isaac - wrath of the lamb\the binding of isaac\isaac.exe
MD5                : 57903EE13BEF8405E8D45D950CE0DBDA
Publisher          : -
Size               : 4679168
Version            : 1.0.0.0
Detection          : Malware:Win32/Multi.Generic!Eeel
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\thebindingofisaacwrathofthelamb\the binding of isaac - wrath of the lamb\the binding of isaac\isaac.exe

ainjectr.exe
Status             : Scanned
Object             : %userprofile%\downloads\ainjectr.exe
MD5                : C0006A137991A018B19D308635B81DFF
Publisher          : Proinstall Applications SRL
Size               : 231808
Version            : 1.1.0.4
Detection          : Adware:Win32/AdBundle.Generic!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\ainjectr.exe

AudioEngw.dll
Status             : Scanned
Object             : %systemroot%\syswow64\audioengw.dll
MD5                : 1D94CC534E56D458B52168532063474E
Publisher          : -
Size               : 184320
Version            : -
Detection          : Trojan:Win32/Vorniac.A!Rmml
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\syswow64\audioengw.dll
                Scheduled Task - C:\Windows\System32\Tasks\ATIZN
                Scheduled Task - ATIZN.job

SuperMeatBoySetup.exe
Status             : Scanned
Object             : %userprofile%\downloads\supermeatboysetup.exe
MD5                : FCE2126CD28BB853A1ABBDADC4E636FE
Publisher          : -
Size               : 54272
Version            : 0.0.0.0
Detection          : Malware:Win32/Tazzi.A!Amte
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\supermeatboysetup.exe

p0sixspwnv1.0.8_setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\p0sixspwnv1.0.8_setup.exe
MD5                : C5B3CA42AD5D06CF6E40D9B2AB685DD3
Publisher          : Joltlogic
Size               : 364400
Version            : 3.7.1.0
Detection          : Adware:Win32/AutoBulk.46ce2e!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\p0sixspwnv1.0.8_setup.exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 7
Reported as safe      : 0
Failed                : 0
 

 

Looks like it found the issue based upon the scans in Win32 and System32... I'll know in a little while once I restart Malwarebytes

Link to post
Share on other sites

Thanks for the update, let me know if the issue is cleared..... If it has clean up as follows:

Use the following Uninstaller tool to remove Zemana and Sophos:

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Edited by kevinf80
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.