Jump to content

Computer freezes mouse still moves


Recommended Posts

Hello,

recently i've been experiencing an issue where my screen will freeze and my mouse will still move yet can either not interact with the programs or just cause them to stop responding upon clicking them.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

These are my scan results:

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by Michael (administrator) on MICHAEL-PC (11-08-2016 01:07:24)
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
() C:\Program Files (x86)\Corsair\Corsair Link\CorsairLink.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Malwarebytes) E:\Progam Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K50 Keyboard\K50Hid.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K50 Keyboard\CorsTra.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Electronic Arts) E:\Progam Files (x86)\Origin\Origin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7601.18257_none_785f019b37b05b1c\sppsvc.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Corsair K50] => C:\Program Files (x86)\Corsair\K50 Keyboard\K50Hid.exe [1787904 2013-08-06] (Corsair Components  Inc)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-06-10] (QFX Software Corporation)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-08-09] (Plays.tv, LLC)
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [2424320 2016-06-25] (RemoteMouse.net)
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2143.dll No File
ShellIconOverlayIdentifiers: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2143.dll No File
ShellIconOverlayIdentifiers: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} => C:\Program Files\Cloudfogger\CfShellEx64_1.4.2143.dll No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ 0Cloudfogger] -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2143.dll No File
ShellIconOverlayIdentifiers-x32: [ 1Cloudfogger] -> {14A3EC74-D852-416A-9691-AC3096EE1953} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2143.dll No File
ShellIconOverlayIdentifiers-x32: [ 2Cloudfogger] -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} => C:\Program Files\Cloudfogger\CfShellEx_1.4.2143.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0226C24D-EFE9-4570-BC0D-CB1B3E229C51}: [NameServer] 46.166.179.49 46.166.179.51
Tcpip\..\Interfaces\{402E7A08-6077-4CBC-BC5A-A33892FBB3BE}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzerdYFMs_IS3XSeCzDTM1jI_ehTQyBB6lioBwIFXI1OPtl77bg-tHyGSuXYfDfDnlWcMs-uB9KIrnvkpNRqw0-aIA4GdQ,,
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzenU_whGBQZDXxNqJxqttFPyxgp33eiNbmQPQFX1i7MMH0JJDOBpIdmeIdZ9aj8XxIp-_NyuiMClgwZUYPAGNGhEBIkng,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKU\S-1-5-21-1422531221-2240199893-14684636-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\S-1-5-21-1422531221-2240199893-14684636-1000 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-07-11] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-10] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-07-11] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-10] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1422531221-2240199893-14684636-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default
FF DefaultSearchEngine: viceice
FF SelectedSearchEngine: viceice
FF Homepage: hxxp://www.viceice.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-07-21] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-21] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-06-22] (DivX, LLC)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1422531221-2240199893-14684636-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-06] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1422531221-2240199893-14684636-1000: SkypePlugin -> C:\Users\Michael\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi.dll [2015-09-23] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1422531221-2240199893-14684636-1000: SkypePlugin64 -> C:\Users\Michael\AppData\Local\SkypePlugin\7.7.0.219\npGatewayNpapi-x64.dll [2015-09-23] (Skype Technologies S.A.)
FF user.js: detected! => C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\user.js [2016-05-22]
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\findit.xml [2016-06-14]
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-1.xml [2016-06-15]
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-2.xml [2016-06-15]
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-3.xml [2016-06-22]
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-4.xml [2016-07-02]
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-5.xml [2016-07-09]
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-6.xml [2016-07-10]
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-7.xml [2016-07-14]
FF SearchPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter.xml [2016-05-22]
FF Extension: Edit Cookies - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2015-11-04]
FF Extension: Cookies Manager+ - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2016-01-14]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-07-21]

Chrome: 
=======
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "search.mpc.am"
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-24]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-24]
CHR Extension: (AdBlock) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-21]
CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
CHR Extension: (That's Pretty Good (iDubbbzTV)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnidecdngnainebcfbmebgpkmnmljdng [2016-05-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
S3 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1405448 2016-07-29] ()
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [240416 2016-05-05] (EasyAntiCheat Ltd)
R2 MBAMScheduler; E:\Progam Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; E:\Progam Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Origin Client Service; E:\Progam Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-08] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-08-09] (Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-08-08] ()
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [913832 2016-07-11] (QIHU 360 SOFTWARE CO. LIMITED)
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-07-11] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2016-07-11] (360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2016-07-11] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-07-11] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-12-31] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [370768 2016-07-11] (360.cn)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 b84f747322ad09b1c7ec8c8f34cac63b; C:\Windows\system32\drivers\b84f747322ad09b1c7ec8c8f34cac63b.sys [84992 2016-06-13] (VK2XFQ)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [182352 2016-07-11] (360.cn)
R3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
R3 CORK50; C:\Windows\System32\drivers\CORK50.sys [25600 2012-08-10] ( )
R3 cpuz138; C:\Users\Michael\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-08-11] (CPUID)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-20] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224208 2015-06-03] (QFX Software Corporation)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2016-04-27] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-14] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 RTCore64; E:\Progam Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-06-28] (Anchorfree Inc.)
S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-11 01:07 - 2016-08-11 01:07 - 00027434 _____ C:\Users\Michael\Desktop\FRST.txt
2016-08-11 01:07 - 2016-08-11 01:07 - 00000000 ____D C:\FRST
2016-08-11 01:06 - 2016-08-11 01:06 - 02393600 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2016-08-11 01:06 - 2016-08-11 01:06 - 02393600 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2016-08-10 22:56 - 2016-08-10 22:56 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Raptr
2016-08-10 21:24 - 2016-08-10 21:24 - 00371001 _____ C:\Users\Michael\Downloads\vmt.bin.1.7.116.zip
2016-08-10 20:53 - 2016-08-10 20:53 - 04910152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-10 20:53 - 2016-08-10 20:53 - 00065696 _____ C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-08 21:32 - 2016-08-11 00:31 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-08-08 21:32 - 2016-08-11 00:31 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-08-07 23:44 - 2016-08-07 23:44 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Boneloaf
2016-08-06 22:56 - 2016-08-06 22:56 - 00232017 _____ C:\Users\Michael\Downloads\download.htm
2016-08-05 19:02 - 2016-08-05 19:02 - 00110735 _____ C:\Users\Michael\Downloads\rules (1).htm
2016-08-05 19:02 - 2016-08-05 19:02 - 00075831 _____ C:\Users\Michael\Downloads\srules.htm
2016-08-05 15:33 - 2016-08-05 15:33 - 00123471 _____ C:\Users\Michael\Downloads\rules.htm
2016-08-05 14:54 - 2016-08-05 14:54 - 00205260 _____ C:\Users\Michael\Downloads\4323063.htm
2016-08-05 14:54 - 2016-08-05 14:54 - 00115063 _____ C:\Users\Michael\Downloads\26075288-inactivity-format.htm
2016-08-03 01:44 - 2016-08-03 01:44 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Weappy
2016-08-03 01:42 - 2016-08-03 01:42 - 00000690 _____ C:\Users\Michael\Desktop\This Is the Police.lnk
2016-08-03 01:42 - 2016-08-03 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This Is the Police
2016-08-02 17:53 - 2016-08-02 17:53 - 00000131 _____ C:\Users\Michael\Downloads\forum.htm
2016-08-01 23:45 - 2016-08-01 23:45 - 00018003 _____ C:\Users\Michael\Downloads\indexfb2c.html
2016-07-30 14:16 - 2016-08-01 21:49 - 00002172 _____ C:\Users\Michael\Desktop\Discord.lnk
2016-07-30 14:16 - 2016-08-01 21:49 - 00000000 ____D C:\Users\Michael\AppData\Local\Discord
2016-07-30 14:15 - 2016-07-30 14:16 - 50209976 _____ (Hammer & Chisel, Inc.) C:\Users\Michael\Downloads\DiscordSetup.exe
2016-07-29 02:50 - 2016-07-29 02:50 - 00003561 _____ C:\Users\Michael\AppData\LocalLow\lpm.dat
2016-07-29 02:43 - 2016-07-29 02:43 - 00000000 ____D C:\Program Files\DivX
2016-07-29 02:41 - 2016-07-29 02:41 - 02421192 _____ (DivX, LLC) C:\Users\Michael\Downloads\DivXInstaller (1).exe
2016-07-28 03:41 - 2016-07-28 03:41 - 00000000 ____D C:\dev
2016-07-27 21:38 - 2016-07-27 21:38 - 00000673 _____ C:\Users\Public\Desktop\Dishonored .lnk
2016-07-27 21:38 - 2016-07-27 21:38 - 00000673 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dishonored .lnk
2016-07-26 02:07 - 2016-07-29 02:43 - 00001087 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2016-07-26 02:07 - 2016-07-29 02:43 - 00001062 _____ C:\Users\Public\Desktop\DivX Player.lnk
2016-07-26 01:58 - 2016-07-29 02:44 - 00001613 _____ C:\Users\Michael\Desktop\DivX Movies.lnk
2016-07-26 01:58 - 2016-07-29 02:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-07-26 01:49 - 2016-07-29 02:44 - 00000000 ____D C:\Program Files (x86)\DivX
2016-07-26 01:46 - 2016-07-26 01:46 - 02421192 _____ (DivX, LLC) C:\Users\Michael\Downloads\DivXInstaller.exe
2016-07-26 00:17 - 2016-07-26 00:17 - 00000221 _____ C:\Users\Michael\Desktop\Deus Ex Human Revolution - Director's Cut.url
2016-07-25 18:07 - 2016-07-28 03:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-07-25 18:07 - 2016-07-25 18:07 - 00000762 _____ C:\Users\Public\Desktop\Mushroom 11.lnk
2016-07-25 12:38 - 2016-07-25 12:38 - 00000221 _____ C:\Users\Michael\Desktop\Floating Point.url
2016-07-23 14:00 - 2016-07-23 14:00 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-07-22 18:33 - 2016-07-22 18:33 - 00420492 _____ C:\Users\Michael\Downloads\C_S_Best_Savegame__money_skills_without_DLCs_.zip
2016-07-22 18:28 - 2016-07-22 18:28 - 00764964 _____ C:\Users\Michael\Downloads\savegame124.rar
2016-07-22 16:51 - 2016-07-22 16:51 - 00000679 _____ C:\Users\Public\Desktop\Euro Truck Simulator 2 Multiplayer.lnk
2016-07-22 16:51 - 2016-07-22 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP
2016-07-22 16:47 - 2016-07-22 16:48 - 43082163 _____ C:\Users\Michael\Downloads\client_21001.zip
2016-07-22 14:07 - 2016-07-22 14:07 - 00348376 _____ (Spotify Ltd) C:\Users\Michael\Downloads\SpotifySetup (1).exe
2016-07-21 16:22 - 2016-08-10 20:34 - 00003244 _____ C:\Windows\System32\Tasks\IORRT
2016-07-21 16:22 - 2016-08-10 20:34 - 00000000 ____D C:\Users\Michael\AppData\Local\Spotify
2016-07-21 16:22 - 2016-07-21 16:22 - 00001817 _____ C:\Users\Michael\Desktop\Spotify.lnk
2016-07-21 16:22 - 2016-07-21 16:22 - 00001803 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-07-21 16:22 - 2016-07-21 16:22 - 00000000 ___HD C:\IORRT
2016-07-21 16:21 - 2016-08-10 20:39 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Spotify
2016-07-21 16:21 - 2016-07-21 16:21 - 00348376 _____ (Spotify Ltd) C:\Users\Michael\Downloads\SpotifySetup.exe
2016-07-21 16:11 - 2016-07-21 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-07-21 16:11 - 2016-07-21 16:11 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2016-07-21 16:10 - 2016-07-21 16:10 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-07-21 16:09 - 2016-07-21 16:10 - 00000000 ____D C:\Program Files\Microsoft Office
2016-07-21 16:09 - 2016-07-21 16:09 - 00000000 __RHD C:\MSOCache
2016-07-21 16:09 - 2016-07-21 16:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-20 07:37 - 2016-07-20 07:37 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-07-20 07:37 - 2016-07-20 07:37 - 00000000 ____D C:\Program Files\Bonjour
2016-07-20 07:37 - 2016-07-20 07:37 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-07-20 07:37 - 2016-07-20 07:37 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-07-20 07:34 - 2016-07-20 07:36 - 170488136 _____ (Apple Inc.) C:\Users\Michael\Downloads\iTunes6464Setup.exe
2016-07-14 16:48 - 2016-07-22 14:07 - 00000000 ____D C:\Program Files (x86)\hide.me VPN
2016-07-14 16:47 - 2016-07-14 16:47 - 05765608 _____ (eVenture Limited ) C:\Users\Michael\Downloads\Hide.me-Setup-1.2.4.exe
2016-07-14 07:48 - 2016-07-14 07:49 - 12496168 _____ C:\Users\Michael\Downloads\HSS-5.4.5-install-hss-816-ext.exe
2016-07-13 19:05 - 2016-06-11 07:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 19:05 - 2016-06-11 05:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-13 19:05 - 2016-06-10 22:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-13 19:05 - 2016-06-10 22:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-13 19:05 - 2016-06-10 22:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-13 19:05 - 2016-06-10 22:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-13 19:05 - 2016-06-10 22:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-13 19:05 - 2016-06-10 22:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 19:05 - 2016-06-10 22:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-13 19:05 - 2016-06-10 22:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 19:05 - 2016-06-10 22:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-13 19:05 - 2016-06-10 22:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-13 19:05 - 2016-06-10 22:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 19:05 - 2016-06-10 22:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-13 19:05 - 2016-06-10 22:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-13 19:05 - 2016-06-10 22:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-13 19:05 - 2016-06-10 22:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 19:05 - 2016-06-10 22:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-13 19:05 - 2016-06-10 21:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-13 19:05 - 2016-06-10 21:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-13 19:05 - 2016-06-10 21:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 19:05 - 2016-06-10 21:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 19:05 - 2016-06-10 21:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-13 19:05 - 2016-06-10 21:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-13 19:05 - 2016-06-10 21:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 19:05 - 2016-06-10 21:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 19:05 - 2016-06-10 21:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-13 19:05 - 2016-06-10 21:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 19:05 - 2016-06-10 21:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 19:05 - 2016-06-10 21:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 19:05 - 2016-06-10 21:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-13 19:05 - 2016-06-10 21:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 19:05 - 2016-06-10 20:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 19:05 - 2016-06-10 20:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 19:05 - 2016-06-10 20:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 19:05 - 2016-06-10 20:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 19:05 - 2016-06-10 20:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-13 19:05 - 2016-06-10 19:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-13 19:05 - 2016-06-10 19:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-13 19:05 - 2016-06-10 19:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-13 19:05 - 2016-06-10 19:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-13 19:05 - 2016-06-10 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-13 19:05 - 2016-06-10 19:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-13 19:05 - 2016-06-10 19:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-13 19:05 - 2016-06-10 19:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-13 19:05 - 2016-06-10 19:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-13 19:05 - 2016-06-10 19:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-13 19:05 - 2016-06-10 19:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-13 19:05 - 2016-06-10 19:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-13 19:05 - 2016-06-10 19:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-13 19:05 - 2016-06-10 19:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-13 19:05 - 2016-06-10 19:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 19:05 - 2016-06-10 19:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-13 19:05 - 2016-06-10 19:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-13 19:05 - 2016-06-10 19:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-13 19:05 - 2016-06-10 19:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-13 19:05 - 2016-06-10 19:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-13 19:05 - 2016-06-10 19:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-13 19:05 - 2016-06-10 19:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-13 19:05 - 2016-06-10 19:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-13 19:05 - 2016-06-10 19:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-13 19:05 - 2016-06-10 19:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-13 19:05 - 2016-06-10 18:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-13 19:05 - 2016-06-10 18:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-13 19:05 - 2016-06-10 18:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-13 19:05 - 2016-06-10 18:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-13 19:04 - 2016-06-26 01:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-13 19:04 - 2016-06-26 01:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-13 19:04 - 2016-06-26 01:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 19:04 - 2016-06-26 01:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 19:04 - 2016-06-26 01:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 19:04 - 2016-06-26 01:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 19:04 - 2016-06-26 01:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 19:04 - 2016-06-25 20:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-13 19:04 - 2016-06-25 20:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 19:04 - 2016-06-25 20:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 19:04 - 2016-06-25 20:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 19:04 - 2016-06-25 20:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-13 19:04 - 2016-06-22 14:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-13 19:04 - 2016-06-17 19:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-13 19:04 - 2016-06-17 19:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-13 19:04 - 2016-06-17 19:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-13 19:04 - 2016-06-17 19:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-13 19:04 - 2016-06-17 19:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-13 19:04 - 2016-06-17 19:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-13 19:04 - 2016-06-14 16:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-12 22:32 - 2016-07-27 21:21 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-11 00:56 - 2009-07-14 05:45 - 00026336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-11 00:56 - 2009-07-14 05:45 - 00026336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-11 00:55 - 2009-07-14 06:13 - 00006234 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-11 00:50 - 2014-06-12 16:51 - 00000000 ____D C:\ProgramData\Origin
2016-08-11 00:48 - 2016-07-03 13:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\PlaysTV
2016-08-11 00:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-10 22:56 - 2016-01-15 20:06 - 00000000 _RSHD C:\360SANDBOX
2016-08-10 21:34 - 2014-06-14 20:38 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-08-10 20:50 - 2014-06-20 18:55 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2016-08-10 20:50 - 2014-06-09 17:04 - 00000000 ____D C:\Users\Michael\AppData\Roaming\uTorrent
2016-08-10 20:49 - 2016-01-15 20:55 - 00000000 __SHD C:\$360Section
2016-08-10 20:49 - 2016-01-15 20:07 - 00000000 ____D C:\ProgramData\360Quarant
2016-08-10 20:49 - 2015-10-18 14:13 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Notepad++
2016-08-10 20:46 - 2016-01-15 20:06 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\360WD
2016-08-10 20:42 - 2016-06-20 20:44 - 00003350 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-08-10 20:35 - 2016-04-07 13:16 - 00000540 __RSH C:\ProgramData\ntuser.pol
2016-08-10 20:34 - 2016-06-06 16:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\discord
2016-08-09 17:54 - 2016-05-11 03:07 - 00000901 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2016-08-09 17:54 - 2014-06-07 14:07 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-09 06:55 - 2015-08-19 10:14 - 00000000 ____D C:\Users\Michael\AppData\Local\TSVNCache
2016-08-08 22:17 - 2014-06-13 18:45 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2016-08-08 21:40 - 2014-12-27 22:28 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2016-08-08 17:41 - 2016-04-17 20:32 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\uTorrent
2016-08-05 15:06 - 2015-07-12 14:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Audacity
2016-08-03 00:25 - 2015-04-07 17:53 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TS3Client
2016-08-01 21:49 - 2016-06-06 16:35 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-01 21:00 - 2016-04-16 13:32 - 00000000 ____D C:\Users\Michael\AppData\Local\Windows Live
2016-08-01 08:05 - 2016-02-14 23:03 - 00000000 ____D C:\Users\Michael\AppData\Roaming\obs-studio
2016-08-01 01:48 - 2014-06-13 18:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-01 01:48 - 2014-06-13 18:45 - 00000000 ____D C:\ProgramData\Skype
2016-07-30 14:16 - 2016-06-06 16:35 - 00000000 ____D C:\Users\Michael\AppData\Local\SquirrelTemp
2016-07-29 22:20 - 2015-08-18 21:52 - 01950720 ___SH C:\Users\Michael\Downloads\Thumbs.db
2016-07-29 02:44 - 2014-12-14 03:09 - 00000000 ____D C:\ProgramData\DivX
2016-07-29 02:43 - 2014-12-14 03:13 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DivX
2016-07-29 01:13 - 2015-06-28 23:18 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Kodi
2016-07-28 03:39 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-27 19:23 - 2015-07-04 20:38 - 00000000 ____D C:\Users\Michael\AppData\Local\dxhr
2016-07-26 14:24 - 2010-11-21 04:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-26 13:59 - 2016-01-20 17:53 - 00003642 _____ C:\Windows\System32\Tasks\DivXUpdate
2016-07-26 01:58 - 2016-01-08 19:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-22 21:08 - 2014-06-08 14:46 - 00000000 ____D C:\Users\Michael\Documents\Euro Truck Simulator 2
2016-07-22 18:29 - 2016-01-12 20:45 - 00000000 ____D C:\Users\Michael\Documents\ETS2MP
2016-07-22 16:52 - 2014-06-07 23:09 - 00000221 _____ C:\Users\Michael\Desktop\Euro Truck Simulator 2.url
2016-07-22 14:05 - 2016-01-15 20:07 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-07-21 16:11 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-21 13:33 - 2014-06-13 19:36 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-21 13:33 - 2014-06-13 19:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-21 13:33 - 2014-06-13 19:36 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-21 13:31 - 2016-01-15 20:06 - 00001149 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-07-21 13:31 - 2016-01-15 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-07-21 13:21 - 2015-09-15 22:23 - 00000000 ____D C:\Users\Michael\AppData\Roaming\FileZilla
2016-07-20 22:36 - 2016-03-04 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse
2016-07-20 22:36 - 2015-02-25 01:09 - 00000000 ____D C:\Program Files (x86)\Remote Mouse
2016-07-20 07:37 - 2015-09-28 22:13 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-20 07:37 - 2015-09-28 22:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-07-16 22:42 - 2016-01-15 20:22 - 00003100 _____ C:\Windows\System32\Tasks\Start Corsair Link
2016-07-14 07:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-07-14 04:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-07-14 03:22 - 2016-01-16 10:55 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 03:22 - 2011-04-12 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 03:17 - 2014-12-23 18:38 - 00000000 ____D C:\Users\Michael\AppData\Local\Battle.net
2016-07-14 03:06 - 2014-06-14 17:57 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 03:02 - 2016-01-16 10:14 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-10-30 01:28 - 2016-06-20 01:26 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-06-14 22:08 - 2016-06-14 22:08 - 6867968 _____ () C:\Users\Michael\AppData\Roaming\agent.dat
2016-06-14 22:08 - 2016-06-14 22:08 - 0054272 _____ () C:\Users\Michael\AppData\Roaming\ApplicationHosting.dat
2016-06-14 22:08 - 2016-06-14 22:08 - 0069072 _____ () C:\Users\Michael\AppData\Roaming\Config.xml
2016-06-14 22:08 - 2016-06-14 22:08 - 1760384 _____ () C:\Users\Michael\AppData\Roaming\Faxlax.tst
2016-06-14 22:08 - 2016-06-14 22:08 - 0018432 _____ () C:\Users\Michael\AppData\Roaming\InstallationConfiguration.xml
2016-06-14 22:08 - 2016-06-14 22:08 - 0128512 _____ () C:\Users\Michael\AppData\Roaming\Installer.dat
2016-06-14 22:08 - 2016-06-14 22:08 - 0848437 _____ () C:\Users\Michael\AppData\Roaming\Labbam.bin
2016-05-22 10:51 - 2016-05-22 10:51 - 240398848 _____ () C:\Users\Michael\AppData\Roaming\Launcher.dat
2016-06-14 22:08 - 2016-06-14 22:08 - 0126464 _____ () C:\Users\Michael\AppData\Roaming\lobby.dat
2016-06-14 22:08 - 2016-06-14 22:08 - 0018432 _____ () C:\Users\Michael\AppData\Roaming\Main.dat
2016-06-14 22:08 - 2016-06-14 22:08 - 0005568 _____ () C:\Users\Michael\AppData\Roaming\md.xml
2016-06-14 22:08 - 2016-06-14 22:08 - 0126464 _____ () C:\Users\Michael\AppData\Roaming\noah.dat
2016-06-14 22:08 - 2016-06-14 22:08 - 2279413 _____ () C:\Users\Michael\AppData\Roaming\TanRantech.bin
2014-07-05 17:17 - 2014-07-05 17:17 - 0001181 _____ () C:\Users\Michael\AppData\Roaming\trace_FilterInstaller.1.txt
2014-07-05 17:17 - 2014-07-05 17:27 - 0000919 _____ () C:\Users\Michael\AppData\Roaming\trace_FilterInstaller.txt
2014-07-05 17:17 - 2014-07-05 17:27 - 0000000 _____ () C:\Users\Michael\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-06-14 22:08 - 2016-06-14 22:08 - 0032038 _____ () C:\Users\Michael\AppData\Roaming\uninstall_temp.ico
2016-05-22 10:51 - 2016-05-22 10:52 - 0000009 _____ () C:\Users\Michael\AppData\Roaming\update.dat
2015-02-24 00:30 - 2015-03-12 09:00 - 0000129 _____ () C:\Users\Michael\AppData\Roaming\WB.CFG
2016-06-14 22:08 - 2016-06-14 22:08 - 0072704 _____ () C:\Users\Michael\AppData\Roaming\ZaamLatdox.tst
2015-02-15 23:10 - 2015-05-11 19:50 - 0000005 ___SH () C:\Users\Michael\AppData\Roaming\Microsoft\attacks.txt
2016-05-22 10:52 - 2016-05-23 16:00 - 0000004 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\notaut.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-07 09:20

==================== End of FRST.txt ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by Michael (2016-08-11 01:07:45)
Running from C:\Users\Michael\Desktop
Windows 7 Enterprise Service Pack 1 (X64) (2016-01-14 20:05:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1422531221-2240199893-14684636-500 - Administrator - Disabled)
Guest (S-1-5-21-1422531221-2240199893-14684636-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1422531221-2240199893-14684636-1009 - Limited - Enabled)
Michael (S-1-5-21-1422531221-2240199893-14684636-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Disabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Disabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1422531221-2240199893-14684636-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.6.0.1158 - 360 Security Center)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
ArmA3Sync 1.5.80 (HKLM-x32\...\{F097E7D7-D093-4394-9EED-43AFCCD12B7A}_is1) (Version: 1.5.80 - The [S.o.E] team)
ASRock eXtreme Tuner v0.1.121 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Carmageddon Mod version 3.1.3 (HKLM-x32\...\{0FF4BBB6-B94A-4462-B50F-CF21828944F4}_is1) (Version: 3.1.3 - GiphtWorks)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Catalyst Control Center Next Localization BR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Christmas Shopper Simulator 2 version 1.03 (HKLM-x32\...\{074F1221-5D13-4B0D-AC2E-11C802566A92}_is1) (Version: 1.03 - GAME)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version:  - Vertigo Gaming)
CoreVorbis Audio Decoder (remove only) (HKLM-x32\...\CoreVorbis Audio Decoder) (Version:  - )
Corsair Hydro Series 7289 USB Device (Driver Removal) (HKLM-x32\...\HYDROS7289&1B1C&0C02) (Version:  - Corsair Components, Inc.)
Corsair K50 Gaming Keyboard Driver V1.0 (HKLM-x32\...\{5F80696B-8F74-4A67-9830-EC2DBA79AD7A}_is1) (Version: 1.00.00.15 - )
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 3.2.5742 - Corsair)
Corsair Link(TM) USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deus Ex: Human Revolution - Director's Cut (HKLM\...\Steam App 238010) (Version:  - Eidos Montreal)
Discord (HKU\S-1-5-21-1422531221-2240199893-14684636-1000\...\Discord) (Version: 0.0.295 - Hammer & Chisel, Inc.)
Dishonored  Game of the Year Edition (HKLM-x32\...\RGlzaG9ub3JlZA==_is1) (Version: 1 - )
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.68 - DivX, LLC)
Doc Reader 2.0 (HKLM-x32\...\Doc Reader 2.0) (Version:  - )
Elite Dangerous (HKLM\...\Steam App 359320) (Version:  - Frontier Developments)
Elite Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version:  - Kyle Seeley)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.2.0.5.2 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.0.5.2 Alpha - ETS2MP Team)
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
FileZilla Client 3.18.0 (HKLM-x32\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
Firewatch (HKLM-x32\...\Firewatch_is1) (Version:  - )
Floating Point (HKLM\...\Steam App 302380) (Version:  - Suspicious Developments)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Frontier Launchpad version 1.0.2 (HKLM-x32\...\{8916D4AB-BBCB-4FBC-A203-B4C3144CF89B}_is1) (Version: 1.0.2 - Frontier Developments plc)
FXAA Post Process Injector (HKLM-x32\...\FXAA Post Process Injector) (Version:  - )
Game Dev Tycoon version 1.3.2 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.3.2 - Greenheart Games Pty. Ltd.)
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hack 'n' Slash (HKLM-x32\...\Steam App 246070) (Version:  - Double Fine Productions)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Just Cause 3 (HKLM-x32\...\Steam App 225540) (Version:  - Avalanche Studios)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.7.0.0 - QFX Software Corporation)
Kodi (HKU\S-1-5-21-1422531221-2240199893-14684636-1000\...\Kodi) (Version:  - XBMC-Foundation)
L.A. Noire (HKLM\...\Steam App 110800) (Version:  - Team Bondi)
L.A. Noire: The Complete Edition (HKLM-x32\...\L.A. Noire: The Complete Edition_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Little Inferno 1.2 (HKLM-x32\...\{D3D39D29-432D-4151-BA0E-77FB6A115CD3}) (Version: 1.2.0 - Tomorrow Corporation)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
LuaEdit 2010 (x86 - 3.0.10.0) (HKLM-x32\...\LuaEdit 2010_is1) (Version:  - Open Source)
Lucius II (HKLM-x32\...\Lucius II_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MKV File Player (HKLM-x32\...\{C2CDB6A0-9E2D-4E4E-8776-2D92F2F0FB3D}_is1) (Version:  - mkvfileplayer.com)
Mortal Kombat X (HKLM-x32\...\Steam App 307780) (Version:  - NetherRealm Studios)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
Mushroom 11 (HKLM-x32\...\1443615249_is1) (Version: 2.0.0.2 - GOG.com)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.13.1 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Overgrowth (HKLM-x32\...\Steam App 25000) (Version:  - Wolfire)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plague Inc v0.8.6.7 (HKLM-x32\...\Plague Inc v0.8.6.70.8.6.7) (Version: 0.8.6.7 - Friends in War)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.13.1-r115223-release - Plays.tv, LLC)
POSTAL 2 (HKLM\...\Steam App 223470) (Version:  - Running With Scissors)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
Reign Of Kings (HKLM\...\Steam App 344760) (Version:  - Code}{atch)
Reign Of Kings (HKLM-x32\...\Steam App 344760) (Version:  - Code}{atch)
Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{0F7D4832-16AE-4857-A6FA-2B141D75A59B}) (Version: 7.7.0.219 - Skype Technologies S.A.)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1422531221-2240199893-14684636-1000\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Culling (HKLM\...\Steam App 437220) (Version:  - Xaviant)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Escapists (HKLM-x32\...\Steam App 298630) (Version:  - Mouldy Toof Studios)
The Expendabros (HKLM-x32\...\Steam App 312990) (Version:  - Free Lives)
The Ship (HKLM\...\Steam App 2400) (Version:  - Outerlight Ltd.)
The Ship Single Player (HKLM\...\Steam App 2420) (Version:  - Outerlight Ltd.)
The Ship Tutorial (HKLM\...\Steam App 2430) (Version:  - Outerlight)
The Ship: Remasted (HKLM\...\Steam App 383790) (Version:  - Blazing Griffin)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher 3 Wild Hunt v.1.0.3 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version:  - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
Thinking with Time Machine (HKLM-x32\...\Steam App 286080) (Version:  - Stridemann)
This Is the Police (HKLM-x32\...\This Is the Police_is1) (Version:  - )
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Toribash (HKLM-x32\...\Steam App 248570) (Version:  - Nabi Studios)
TortoiseSVN 1.9.3.27038 (64 bit) (HKLM\...\{2114A96B-51D7-4C45-B2E1-003562464D99}) (Version: 1.9.27038 - TortoiseSVN)
TruckersMP 0.2.1.0.1 Alpha (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.1.0.1 Alpha - ETS2MP Team)
Turbo Dismount (HKLM-x32\...\Steam App 263760) (Version:  - Secret Exit Ltd.)
Unity Web Player (HKU\S-1-5-21-1422531221-2240199893-14684636-1000\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
We Happy Few (HKLM-x32\...\1296814897_is1) (Version: 2.0.0.2 - GOG.com)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
WWE 2K16 (HKLM-x32\...\WWE 2K16_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AD9DEEA-6B34-4545-92EF-FD161BBEC88F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0DD2BD73-BD54-4973-B0D1-0C50227E673C} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2016-07-21] ()
Task: {12400637-3CEB-420B-8F58-E620E0133FFB} - System32\Tasks\{8C489852-AB1B-4388-9CDB-04D2C34011A7} => pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\$PowerISO$\Fairlight\install.exe -d E:\Games\Prototype_2-FLT
Task: {14A94D59-C3A2-4A01-B9AF-150EBBD57098} - \Hybrid -> No File <==== ATTENTION
Task: {3905E2E1-DE5E-44B9-A80D-CDCA14706C50} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-06-20] (Enigma Software Group USA, LLC.)
Task: {398ACAEB-B4B1-4186-BCC0-18007A113E3B} - System32\Tasks\{240A6E28-6F17-4F89-AAF5-DC240FC17B4B} => pcalua.exe -a "E:\Games\Sniper Elite 3\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "E:\Games\Sniper Elite 3\_CommonRedist\vcredist\2010"
Task: {500D82DA-4287-44A5-B875-72D1C4D0D301} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec [Argument = /RestartRecording]
Task: {5FC4C2AF-E30C-4C8A-AB76-870C018801C0} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {7A748917-DA58-44EF-9C35-AA66CBD2B126} - System32\Tasks\{59220F18-8399-4A7C-B2B8-8AA8AC748AD4} => pcalua.exe -a "E:\Progam Files (x86)\Steam\SteamApps\common\Gunpoint\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "E:\Progam Files (x86)\Steam\SteamApps\common\Gunpoint\_CommonRedist\vcredist\2010"
Task: {7AAC4065-A4F4-4177-A833-465C8B7B8919} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-21] (Adobe Systems Incorporated)
Task: {865446B6-A2E0-47EE-B3E0-F8D88AA2B0BB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {86DCB496-452D-4E44-B722-E7B4D80795A4} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {89A3CB11-2466-49A6-94C6-0DE6B6F03ACF} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {97638F08-FBD0-41D4-AB92-3CC8B069C8BF} - System32\Tasks\{A962FB2E-32F0-4AF2-97BB-2D1AD9A02349} => pcalua.exe -a C:\Windows\cadkasdeinst01e.exe -c "E:\Program Files\text to speak\Text 2 Speech 1\"
Task: {A14CD379-5ADE-432B-BEC9-3F372B1F0AD6} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-06-03] (DivX, LLC)
Task: {A3F81068-F594-4CBD-AE95-4D0291BF97C9} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe [2015-09-21] ()
Task: {A9730416-7420-48D0-A8C6-9E57F864BFDA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec [Argument = /StartRecording]
Task: {BE736C13-6511-47C6-8816-BD1E39372663} - System32\Tasks\{6BD8D916-81A7-43FC-948D-FFE8F1FD048F} => pcalua.exe -a "C:\Program Files (x86)\Frieven_s_Prox_1.8\Uninstall.exe" -c /fcp=1
Task: {CDA5476B-7217-4BFB-A382-1731FE5331FF} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D7916D2E-63E9-471A-B6B0-5189E642A0A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate [Argument = -crl -hms -pscn 15]
Task: {E2980D3D-FE76-4C49-8111-E9A75D9C13C9} - \0d98e608da5c08d1fa4dbc2dffe23fdd -> No File <==== ATTENTION
Task: {EB752DF2-0673-4FAF-9F57-823DD8D9CD81} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate [Argument = $(Arg0)]
Task: {F753B196-9330-4C75-B799-6FF70783D7A0} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-03] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Go to OpenIV web site.lnk -> hxxp://openiv.com/

ShortcutWithArgument: C:\Users\Michael\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cut the Rope.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jfbadlndcminbkfojhlimnkgaackjmdo
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2015-12-13 17:10 - 2015-12-13 17:10 - 00094080 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-27 13:19 - 2016-05-27 13:19 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-01-15 20:22 - 2015-09-21 17:13 - 03160384 _____ () C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-12-27 22:28 - 2016-08-08 21:40 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2016-07-20 22:36 - 2016-06-25 08:52 - 00018432 _____ () C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
2016-01-15 20:06 - 2016-07-11 10:50 - 00098736 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2010-05-18 16:54 - 2010-05-18 16:54 - 00395776 _____ () C:\Program Files (x86)\Enigma Software Group\SpyHunter\ExecutionGuard.dll
2016-01-15 20:22 - 2015-09-21 17:03 - 00147968 _____ () C:\Program Files (x86)\Corsair\Corsair Link\UsbRobbins.dll
2016-01-15 20:22 - 2015-09-21 17:03 - 00081920 _____ () C:\Program Files (x86)\Corsair\Corsair Link\UsbClink.dll
2015-02-25 01:09 - 2015-05-26 19:54 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll
2014-12-25 10:20 - 2012-05-14 13:39 - 00043008 _____ () C:\Program Files (x86)\Corsair\K50 Keyboard\hidGetKey.dll
2015-11-24 21:48 - 2015-11-24 21:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 21:46 - 2015-11-24 21:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 21:48 - 2015-11-24 21:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 21:48 - 2015-11-24 21:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 21:48 - 2015-11-24 21:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 21:48 - 2015-11-24 21:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 21:48 - 2015-11-24 21:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 21:46 - 2015-11-24 21:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 21:48 - 2015-11-24 21:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 21:57 - 2015-12-07 21:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_sqlite3.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00387072 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sqlite3.dll
2015-10-21 21:29 - 2015-10-21 21:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlc.dll
2015-10-21 21:29 - 2015-10-21 21:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlccore.dll
2015-11-24 21:48 - 2015-11-24 21:48 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32file.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 00216064 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKitWidgets.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 00118784 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKit.pyd
2015-11-24 21:47 - 2015-11-24 21:47 - 00199680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtPrintSupport.pyd
2015-06-27 00:09 - 2015-06-27 00:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\amd_ags.dll
2015-11-24 21:47 - 2015-11-24 21:47 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32com.shell.shell.pyd
2015-11-24 21:43 - 2015-11-24 21:43 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\unicodedata.pyd
2015-10-21 21:29 - 2015-10-21 21:29 - 00027667 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libdirectsound_plugin.dll
2015-10-21 21:29 - 2015-10-21 21:29 - 00031251 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libwaveout_plugin.dll
2015-10-21 21:29 - 2015-10-21 21:29 - 00066579 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\video_output\libdirectdraw_plugin.dll
2016-08-04 17:49 - 2016-08-04 17:49 - 02619144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\ltc_host_ex.DLL
2015-11-24 21:47 - 2015-11-24 21:47 - 00030208 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\simplejson._speedups.pyd
2015-11-24 21:45 - 2015-11-24 21:45 - 00324608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PIL._imaging.pyd
2014-06-12 16:52 - 2016-08-08 21:24 - 01016832 _____ () E:\Progam Files (x86)\Origin\platforms\qwindows.dll
2014-06-12 16:52 - 2016-08-08 21:24 - 00028160 _____ () E:\Progam Files (x86)\Origin\imageformats\qgif.dll
2014-06-12 16:52 - 2016-08-08 21:24 - 00029696 _____ () E:\Progam Files (x86)\Origin\imageformats\qico.dll
2014-06-12 16:52 - 2016-08-08 21:24 - 00256000 _____ () E:\Progam Files (x86)\Origin\imageformats\qjpeg.dll
2014-06-12 16:52 - 2016-08-08 21:24 - 00266240 _____ () E:\Progam Files (x86)\Origin\imageformats\qmng.dll
2014-06-12 16:52 - 2016-08-08 21:24 - 00023552 _____ () E:\Progam Files (x86)\Origin\imageformats\qtga.dll
2014-06-12 16:52 - 2016-08-08 21:24 - 00346112 _____ () E:\Progam Files (x86)\Origin\imageformats\qtiff.dll
2014-06-12 16:52 - 2016-08-08 21:24 - 00023552 _____ () E:\Progam Files (x86)\Origin\imageformats\qwbmp.dll
2014-06-12 16:52 - 2016-08-08 21:24 - 00243200 _____ () E:\Progam Files (x86)\Origin\mediaservice\wmfengine.dll
2016-06-30 19:25 - 2016-06-23 16:08 - 01747784 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-30 19:25 - 2016-06-23 16:07 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1422531221-2240199893-14684636-1000\...\localhost -> hxxps://localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-03-12 18:32 - 2016-07-22 14:07 - 00000275 ____A C:\Windows\system32\Drivers\etc\hosts

0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1422531221-2240199893-14684636-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 70a6f62cf5b788b7fc65c0bbd4e7a978 => 2
MSCONFIG\Services: backlh => 2
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: EADM => "E:\Progam Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: PWRISOVM.EXE => E:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [UDP Query User{4058E4F7-545B-4B21-A2CB-A2964825F344}E:\progam files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{67E1D637-C6B2-4D52-882E-83357634D80E}E:\progam files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{E76A980E-E396-4473-B222-20410FD752CD}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{B8D90415-C988-40E5-A67B-76B78E93551F}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{8CEBE49B-D6C9-4292-933B-934AB219DBA5}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{F7EC1D0F-882D-4884-AAF4-B0C7C78DBE96}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x64\server.exe
FirewallRules: [{D533FE46-0C98-47D3-BBBB-357BC3AB30E7}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{E8B5ADF4-712F-4693-BE09-7E4EBEDF42A9}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{F6C81506-510E-43A0-9CE5-8F8B6D29A693}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{06810D85-D975-4A0B-A9C1-1933446FD630}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x64\crashupload.exe
FirewallRules: [{A40592EB-0DA2-4097-8F48-F2A561385EEB}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{1D5B5B60-1014-4658-9997-A1C0E0E76481}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{8DF7B6FC-2D0B-499A-BD1E-B7F1FFFC82AA}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{08287F94-5FBE-4860-AA67-04DEF322377E}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x86\crashupload.exe
FirewallRules: [{B4CCD8B1-825B-428E-9C97-3818E43CB299}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{D37C4F2C-B0B9-45D9-AE84-C23396088112}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x86\PA.exe
FirewallRules: [{D5BCC3A3-D4C7-4743-823B-DBA14FE536B8}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Emily is Away\emily is away.exe
FirewallRules: [{B6B64D65-D193-4F7B-BE81-84BA7C26E221}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Emily is Away\emily is away.exe
FirewallRules: [UDP Query User{9E10EE9C-2771-4CB2-82FF-9522A1F290AB}E:\games\dying light\dying light\dyinglightgame.exe] => (Allow) E:\games\dying light\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{30D0ABB9-B2C2-479E-902F-3C6CC8B0954E}E:\games\dying light\dying light\dyinglightgame.exe] => (Allow) E:\games\dying light\dying light\dyinglightgame.exe
FirewallRules: [{0EAC5823-7893-4AC2-BE3B-5B1D3DAED087}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\portal2.exe
FirewallRules: [{289F44BA-850C-4868-B2D9-2F3A774CB96F}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\portal2.exe
FirewallRules: [{619B221D-D142-42D5-AD27-159C5F470A23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F97AF42-4EE9-475F-AFD2-9ADF030D605D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{B4D06B0B-B99F-4BBC-98C0-148EFE9EEE04}C:\users\michael\appdata\local\temp\rar$exa0.353\broforce.brofessional\broforce_beta.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.353\broforce.brofessional\broforce_beta.exe
FirewallRules: [TCP Query User{C21533BA-C70C-4F55-9D73-E2AA8A17A749}C:\users\michael\appdata\local\temp\rar$exa0.353\broforce.brofessional\broforce_beta.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.353\broforce.brofessional\broforce_beta.exe
FirewallRules: [UDP Query User{EC29EB3C-FC1E-403D-A66E-6205BA63AA04}C:\users\michael\appdata\local\temp\rar$exa0.212\broforce.brofessional\broforce_beta.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.212\broforce.brofessional\broforce_beta.exe
FirewallRules: [TCP Query User{41EB0634-9B88-4EE1-A8A2-1A9BAF48BF55}C:\users\michael\appdata\local\temp\rar$exa0.212\broforce.brofessional\broforce_beta.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.212\broforce.brofessional\broforce_beta.exe
FirewallRules: [{5ED5F137-3F80-4B41-AC1C-5E445CC55B18}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{EF26E04B-11B4-43E7-9B91-761340CD9578}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{A52DE319-15A3-4C5C-9FE0-979F6B09E65B}] => (Allow) E:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [{7532B6E3-308E-4F95-A1FA-AC42298FD25D}] => (Allow) E:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe
FirewallRules: [UDP Query User{811D7CF7-996F-4B1C-85F8-5B57EC76712C}E:\sinusbot\ts3bot.exe] => (Allow) E:\sinusbot\ts3bot.exe
FirewallRules: [TCP Query User{87F56A72-DDB9-49FE-B0C7-275287827AC7}E:\sinusbot\ts3bot.exe] => (Allow) E:\sinusbot\ts3bot.exe
FirewallRules: [{CE844FA2-D08C-40BC-9905-97114E4B99F5}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{DA773C61-79ED-4F73-8191-00A38BB10C58}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{60D4DA1F-A2D5-4E33-A345-CEFEA0212786}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{FEC3D63D-75B4-46CC-9280-3695276ACFC1}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{3ACF2FF3-9E08-4F2F-AC99-A34D6C0694B0}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{8E61269B-D181-41A1-9BB4-32BB3790959E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{04D2B723-5BC7-4E46-A2AF-D1C1410332F5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{F42BA708-8E79-40AE-961F-7B804F629032}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [UDP Query User{DCDC317E-8C5E-483C-BAC5-8EE205F09DB3}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Block) C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [TCP Query User{BCA3EA3F-FCFF-4517-89BE-E4A1061F8969}C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Block) C:\users\michael\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{BEC94BD0-217D-4B28-97A8-0CC71D2AE7F9}E:\games\dishonored\binaries\win32\dishonored.exe] => (Block) E:\games\dishonored\binaries\win32\dishonored.exe
FirewallRules: [TCP Query User{8CF8AE90-7382-4623-8B93-FD1CD58017C0}E:\games\dishonored\binaries\win32\dishonored.exe] => (Block) E:\games\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{12818C11-3090-4EF4-879C-24776F077054}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{158B9321-2A98-404D-B0B9-1021F01DC46F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{232DEE15-A969-4EB6-B906-C4C71489F3C7}E:\games\prototype 2\prototype2.exe] => (Allow) E:\games\prototype 2\prototype2.exe
FirewallRules: [TCP Query User{1609A53B-83AA-45D5-8B6F-4D362503B0B8}E:\games\prototype 2\prototype2.exe] => (Allow) E:\games\prototype 2\prototype2.exe
FirewallRules: [UDP Query User{868539D5-9CF4-465A-81F4-332CAD76A2BD}E:\games\eve\bin\exefile.exe] => (Allow) E:\games\eve\bin\exefile.exe
FirewallRules: [TCP Query User{98AA57EC-E07C-4F46-BF63-6F4B6B7F2108}E:\games\eve\bin\exefile.exe] => (Allow) E:\games\eve\bin\exefile.exe
FirewallRules: [{AB8F4083-092A-43ED-A8FD-224727120079}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B0602612-B57C-47FE-B2D1-058484AD2751}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{D54A9FBE-42D9-4CCB-BBB1-426313ADDBF7}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{EB1C360F-7EB9-4A7C-8B84-CE211C659297}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{1F2658F4-1E2A-484D-89F8-7B3FB52AD7FA}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{7414224B-55B3-4A04-8632-6171B1BC3CA7}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{C8CC00AB-2236-4574-9AD9-349E42CA1C45}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{1CE3BAD7-018D-4037-8E44-C76C5C9ECEA7}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{A142D8BD-7C5B-4BCC-A220-3894705D107D}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7CDD8939-0DD7-4B24-A3A4-2A3E16D46D35}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{501717B0-56C7-4EDB-8C1A-1D86D354CF66}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{630872D9-6FA3-4B15-BE86-544E8B9B4B36}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{E303D487-1655-452B-97BE-AF136412BCC7}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{B29D998D-521C-4865-A147-DA5B9234CC3D}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{3FF50FD2-7AC0-4165-9B56-8209C74BC997}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{464ECBF3-D40A-401F-B42E-A1886106FF6B}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{5E986AAC-338E-467C-A947-305BD9358D2B}] => (Allow) E:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{4D72718B-8E9B-4B81-B333-53E512EA2145}] => (Allow) E:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{F47F1008-50EB-480D-AAB5-79261161DBF4}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Reign Of Kings\Reign of Kings.exe
FirewallRules: [{8569E9C0-FCFD-4351-8736-9B948241DB56}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Reign Of Kings\Reign of Kings.exe
FirewallRules: [UDP Query User{0C9208E8-B14B-454C-A039-8188D20400CC}E:\program files\rockstar\gtav\gta5.exe] => (Allow) E:\program files\rockstar\gtav\gta5.exe
FirewallRules: [TCP Query User{5B2D1DF9-382D-4CB9-93C4-FDD051E865A4}E:\program files\rockstar\gtav\gta5.exe] => (Allow) E:\program files\rockstar\gtav\gta5.exe
FirewallRules: [{52B6927B-094C-4F8A-8047-5494EE58D5BD}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{72027040-6CCC-4D69-871C-9A8B06A9436D}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{52867FA9-5B0D-4262-9D99-C1EA5A902BFC}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{526216E0-E6AC-409C-AA85-57C733D619CD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{C47989C4-586F-4E09-AC58-6AD0EFBD5103}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BBB633B6-1CB3-4019-AD64-55630A9CE8AF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [UDP Query User{073588B8-FFA3-461E-B793-F1FBD36413CC}C:\users\michael\appdata\roaming\faceless llc\faceless internet connection\facelessinternetconnection.exe] => (Allow) C:\users\michael\appdata\roaming\faceless llc\faceless internet connection\facelessinternetconnection.exe
FirewallRules: [TCP Query User{6F82A53F-EF65-4EAF-958B-D36C115AC040}C:\users\michael\appdata\roaming\faceless llc\faceless internet connection\facelessinternetconnection.exe] => (Allow) C:\users\michael\appdata\roaming\faceless llc\faceless internet connection\facelessinternetconnection.exe
FirewallRules: [UDP Query User{ECABE94C-060E-4A2E-8305-0BBE5B3F8761}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F906A498-275B-4749-B630-D51D712990D3}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{7AAF99AB-DB04-4EDD-87EF-9E3E2046DCDC}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{1174ABD3-D58A-47B8-BFB4-883722E1EEC0}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{FE590FB3-669E-40FB-ABD1-F4E8D09402A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{34ACA58D-3A47-4A27-AC8E-6206D88766EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{B4ACAD33-7690-4D9D-A17B-6FFAD51D4C88}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{74882830-E304-4EA1-A687-A17D02DB2C94}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{30B1E033-BB26-472D-81F2-B91951678F82}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{A5760D26-E359-41F0-8BA5-F94CD3042433}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{042957B8-EEE9-40C8-8A7D-A393A2E12CB5}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{9DCBB359-C925-4F3A-A3DA-DBB1944944B6}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{C4591A4C-F5F6-43F6-B60D-EFFEF4A19D9B}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{C046F0E9-C075-48FF-99D4-1F7C855AC7D1}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{C003881B-F3AA-4538-8187-11AB1D2E4D78}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Escapists\TheEscapists.exe
FirewallRules: [{F9998CC9-B73F-4A84-B246-A7980D784AD7}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Escapists\TheEscapists.exe
FirewallRules: [{7BB09376-DF7A-4A58-8CA1-685CEE6A3566}] => (Allow) E:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{5C5B82CF-26EF-4DED-985A-55B3DB966F1E}] => (Allow) E:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{4E5E8E2E-EB77-4E2B-BCC3-BBD5AA22BCCB}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{F282780E-D942-487A-A2AE-B7AC6194F2FE}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{0D68B0B7-2143-4A5B-8C80-3FFE5D40007A}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{A301E46B-4020-451E-ACA3-73C8DC5CABD0}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{0C6936A3-8CA4-47E7-8677-9D4EA61015A4}] => (Allow) E:\Progam Files (x86)\Origin\Origin.exe
FirewallRules: [{F56F07FB-4569-4185-B676-F18929751ABB}] => (Allow) E:\Progam Files (x86)\Origin\Origin.exe
FirewallRules: [{24BEB86E-DDBB-4EA3-B2D8-82933A9C6B15}] => (Allow) E:\Progam Files (x86)\Origin\Origin.exe
FirewallRules: [{F94928D5-C73C-444E-B297-9D82D9652522}] => (Allow) E:\Progam Files (x86)\Origin\Origin.exe
FirewallRules: [{6CDF2E68-25E1-4347-8DF2-CAF31B695B25}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{48FE6702-C62C-4BAF-B6E4-CBF280611472}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{3C2DDB70-C7AA-45E5-B51B-488D4B6EAF3D}] => (Allow) E:\Games\Battle.net\Battle.net.exe
FirewallRules: [{406931A9-010B-49D1-9730-FE0B61F62AF7}] => (Allow) E:\Games\Battle.net\Battle.net.exe
FirewallRules: [{0C9147C5-D1C7-4EB1-9132-C4171D426DA6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{C29AA9D4-A4FD-4E86-9E30-1E5638622A21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{88897D51-A096-474B-BECA-C3E3760F49CD}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{B4FB8C13-235F-4506-9FC1-78BE7B3E6696}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{238DDCC0-7BB5-4BC1-B898-B5C1C21FB50B}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{7CB435D3-D5B3-4F7D-AF3A-45631D81FFED}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{58BBB2A5-5C9F-4814-868E-A0CD8B44E753}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{82956FE4-B585-477D-BAEC-DF407B85D049}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{A38A1050-68D5-49D2-B398-A294B0DB61EA}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{86F0ED86-FADD-4F38-AF59-2F5B5EF48B80}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Broforce The Expendables Missions\Expendabros.exe
FirewallRules: [{3A11B678-984F-41F3-8DEE-374ED46D5807}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\HacknSlash\Hack.exe
FirewallRules: [{FC1AEB42-CB1B-475D-A9BC-BE513FCD3A9D}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\HacknSlash\Hack.exe
FirewallRules: [{F29E9CA1-5106-4530-86D0-74AEFCEC21A7}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{4587B721-A8CD-45E6-80DF-F44C2264703F}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Planetary Annihilation\PA.exe
FirewallRules: [{F2E01075-2BEE-4FB9-AA8E-E3630117745A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9A2383D6-47AB-4CC2-8CA9-7E43560ABE47}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\bin\p2map_publish.exe
FirewallRules: [{0B01FEBF-604B-4504-891F-305DF195F5AD}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\bin\p2map_publish.exe
FirewallRules: [{6FF3E1E8-65E1-4519-962E-BF23E9F11339}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\bin\SDKLauncher.exe
FirewallRules: [{B14DA214-67B3-4F9F-B814-A5EE10C2C7E8}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\bin\SDKLauncher.exe
FirewallRules: [{181EF94A-9DA2-498E-A1BB-839847FBD33C}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{462CA497-5E6E-4D33-81E2-D1D01A18BE18}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{0C1FFF2C-3738-462E-AB84-3D2CCB6B6A39}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{0557070A-FD05-4FE5-998D-D63D9D5384B9}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{FE0A928E-6497-48B9-B29F-B04EEC692F43}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{B6CE20DB-D551-4785-9E59-44218D43E6B0}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{ECBBF534-8EAB-4A61-9BDA-8598BBA4B7C5}] => (Allow) E:\Progam Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4402374A-D6AC-4729-8740-23FF33886875}] => (Allow) E:\Progam Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FBDA00A6-2B69-4108-85AB-8ACFE5B9504C}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{B1EB7DCD-6E31-4CCA-BAB4-5558DEBB71B1}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{0619B00F-E314-4935-87B8-B4265FA86A54}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{2145E5B6-2C88-4BD9-B9F2-C09A55887FE6}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{2C873A5B-3BC8-4EC1-A1B6-4E9673891109}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{3DB68FE9-6E7F-48E9-BCE7-C678C4CF31BE}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{3541237B-C538-417D-9F45-4DA0E54DA54D}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{ED1EB08D-2B03-4F0C-83B6-161D7CBFD7EB}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{1B84F0BE-F0E6-42DB-9F66-909AA4E12DA9}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{E870F1B7-8A82-4114-9744-28D8B9352C95}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{2E82A31A-D91A-4AA2-9B49-AAC793E6B8DB}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{11015307-384E-4112-9878-96EBCCC4430A}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{10DE2DC1-752B-4EDB-9881-A3C888F8A90C}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\TWTM.exe
FirewallRules: [{A2A7257D-C4F7-4170-97C2-D517C4935D33}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Thinking with Time Machine\TWTM.exe
FirewallRules: [{128BEBD4-BBCE-491C-96C4-A46C838AC1DF}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{4670A6C5-C813-455C-89A3-7355CEB78ABA}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3482E94D-6738-4EA1-A3D2-09F05F1F1D0C}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{928DB691-CCD8-4A07-A6C3-CF07407B2211}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{4CBDC1C2-71CF-484A-83C6-E73D82545943}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9DDE04C0-B3FB-4C6C-AD1E-2FC0058E2EC0}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{1C533AD1-CDE9-4632-8071-8D741B3AF47D}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{2AAC5624-EF55-4E76-AB00-9F9E807A1B19}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{479E55AE-B166-45BA-95F3-ABD2C14A706A}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Contagion\contagionds.exe
FirewallRules: [{8CA40A92-A71A-4314-B487-85BD5EA4215F}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Contagion\contagionds.exe
FirewallRules: [{97B8B899-6E95-4E3E-A0B6-A47825937437}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{9509A074-8C02-44FF-9C09-BC6CDBADADF0}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{4F26B015-D868-414D-AF0B-F0829DE3CD5F}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{8094A94E-4F32-40CF-8D49-0B9663621BD9}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{B0748A58-39DB-4FCF-B479-5CBAD2B68C9D}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Toribash\toribash.exe
FirewallRules: [{C82E4FCF-00A8-405E-BE6E-4C979D1F790C}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Toribash\toribash.exe
FirewallRules: [{10B95D05-FD1A-47C1-B280-5C09FFF5CFA7}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A021F2B6-3897-45D9-B350-A03ED5F3D7AF}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4C8E4CA6-A8BF-4557-B5BB-D67ED28BFC18}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{8E5187AF-0C67-48B0-92FE-DCEC2BCC91E1}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{D0231381-383F-4D5D-B963-1996900745EB}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{C122AB14-1C36-4D4C-BC4D-5357B5FB728E}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{39554BF5-63FF-49BD-AD72-991A5310E39F}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{9C3A14BC-F4FE-43DC-85F3-572026B7840C}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{78F24079-099B-4E65-86E2-2C54A69FAF19}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{0973A6D5-1D26-493E-9080-6F41B0EEB7DD}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\rust\rust.exe
FirewallRules: [{56A736C2-CA42-47EE-AE86-824F40E5604D}] => (Allow) E:\Progam Files (x86)\Steam\Steam.exe
FirewallRules: [{81D3A588-2113-4C98-9AB1-48934BC4F635}] => (Allow) E:\Progam Files (x86)\Steam\Steam.exe
FirewallRules: [{4F8CDAAE-CF95-4322-88B7-B6B6DCC3B149}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{3535B111-5A54-488D-A7D2-1CE66DF8791A}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{D8DAAF05-DC62-46F6-8D17-5DA0DEAFCAE6}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{6DACFA85-2258-48A4-AC32-428B456DB052}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{99B0D3A0-8649-4CF4-8133-40D4E07D3AFB}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{D53247ED-DA7F-4A4E-A090-0EEF1F8966EE}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [TCP Query User{97030B94-A2D9-4F08-8B79-B2DCA6E54FA4}E:\progam files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{589D5CD8-13EE-43A9-8558-672DC056A976}E:\progam files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [TCP Query User{AACFE4AD-724C-4C59-AFEE-68C1C5BBAC37}E:\progam files (x86)\steam\steamapps\common\elite dangerous\products\combat_tutorial_demo\elitedangerous32.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\elite dangerous\products\combat_tutorial_demo\elitedangerous32.exe
FirewallRules: [UDP Query User{41E38AE9-D922-4861-B8A4-8D136B364FB5}E:\progam files (x86)\steam\steamapps\common\elite dangerous\products\combat_tutorial_demo\elitedangerous32.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\elite dangerous\products\combat_tutorial_demo\elitedangerous32.exe
FirewallRules: [TCP Query User{72E8F101-391A-4D36-8324-A5E4FEAE4DFB}E:\games\firewatch\firewatch.exe] => (Allow) E:\games\firewatch\firewatch.exe
FirewallRules: [UDP Query User{43581150-FA0D-4DA1-8F62-E4968C5321F6}E:\games\firewatch\firewatch.exe] => (Allow) E:\games\firewatch\firewatch.exe
FirewallRules: [{F3679AC7-43EA-4F8B-8A21-9381192C5A3F}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{47FCB21A-86F4-4088-A69D-243599133F94}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{1D2B1599-0255-4F0C-B1D3-45DF19B077CE}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{58183CAF-28C4-4A33-87C3-A6C2495A8819}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{E249E5F6-CEEF-4947-9D60-34A3C5B38129}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{CFB70AAA-9B1F-476B-B9D2-6384D5F73727}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{E2459C6B-AC89-44C6-B6EA-2A6E52A06E09}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CB7CC66C-E9C5-44E8-8D58-D98A2FE03C9C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BEE265A5-9D59-4433-B77B-32E96819BEF1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FD2EF139-6D15-4159-B2C7-069603D8B8D2}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{8CE78A13-DFCA-48EF-8368-B011EDC7C16B}E:\progam files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [UDP Query User{83F5CAAD-F69E-4364-9C52-7F950DF590E1}E:\progam files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\h1z1 king of the kill\h1z1.exe
FirewallRules: [{FDDBD938-236D-4D7C-91C8-E1FB5644B962}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{4B3E1394-C6FF-411F-8214-977256D794C6}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{80DCB33A-544D-40A5-B2AF-20C8C9055FE6}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{9D55C00E-0EC3-42C0-B469-BBD53A2816D7}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [TCP Query User{23CF96D7-1330-4781-B805-134A34083D9A}E:\games\the beginner's guide\beginnersguide.exe] => (Block) E:\games\the beginner's guide\beginnersguide.exe
FirewallRules: [UDP Query User{EBB35B14-B8CE-4423-A6BC-B544D0BDB88C}E:\games\the beginner's guide\beginnersguide.exe] => (Block) E:\games\the beginner's guide\beginnersguide.exe
FirewallRules: [{9ACEA7BC-DB75-4D6C-A567-7C9DFED21507}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{139FB3A1-3AA8-459D-8179-2E5EC3AB25A2}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{A34CE7EB-CF73-47DC-9A36-B857A9C896E9}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{B68199CD-F91B-4162-8E5C-4E4B9E2CF99E}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [TCP Query User{D1BBA36D-8587-4F03-B6E1-E531FD799BF6}E:\progam files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{D20235E8-6A66-4786-BA65-A509A45A9E87}E:\progam files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{33E21D0F-85F1-42B8-AE0D-A26A6AFC5FE2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4547389E-05C7-4978-A49D-8A2341E7A8A2}] => (Allow) LPort=2869
FirewallRules: [{1DBFC667-8A98-4A51-82D2-9C714EDF9B3C}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{35D760CC-180B-42C9-8380-72C7767A4F26}C:\users\michael\appdata\local\temp\rar$exa0.475\broforce.brofessional\broforce_beta.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.475\broforce.brofessional\broforce_beta.exe
FirewallRules: [UDP Query User{EE6AA5F9-1457-423E-92A6-49562F558D27}C:\users\michael\appdata\local\temp\rar$exa0.475\broforce.brofessional\broforce_beta.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.475\broforce.brofessional\broforce_beta.exe
FirewallRules: [{F80AF848-1D00-47D8-A06F-0BA48E96AFDD}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{9155A28F-46CF-40A5-AEAB-55A849301895}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{5BF5146A-8E55-4C9C-B217-37478352585D}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{D5D25034-019E-41DA-B6A7-BF18D8DD122B}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{6D538E68-CEA3-42A3-8700-2351DD3C254F}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{631091EB-F736-437E-B627-8ECF792D0D00}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{287D5149-5D20-4742-95DD-A5EB61843CEB}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{5F159631-E8DF-4D78-9E5B-6CD62897DE32}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{5E4E29BA-ED76-47CA-A535-FB840524D9B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9F32FB14-6AB4-47C2-9B25-3BB28723FAE8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BDC9395A-6662-4E26-8557-2C57A182356D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BC883EBC-0700-4E65-B33F-FB843785941C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D8EDEFDB-FF1E-4869-848C-AA0D9A5EF2C5}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{3664482C-42DC-4D15-B65A-593A8C23A48A}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{18BF7D44-2CCA-4F49-901E-805EC191AF69}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{0F459678-A971-4619-92E5-C517A4017150}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{F8DC2D49-0D53-4112-B0C0-14DBD352067F}C:\users\michael\appdata\local\temp\rar$exa0.825\igg-youtuberslife\youtuberslife.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.825\igg-youtuberslife\youtuberslife.exe
FirewallRules: [UDP Query User{84621259-249E-4E8E-A710-18F6731BEF90}C:\users\michael\appdata\local\temp\rar$exa0.825\igg-youtuberslife\youtuberslife.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.825\igg-youtuberslife\youtuberslife.exe
FirewallRules: [TCP Query User{7A80594A-3E68-49B7-89E7-20F16CB80595}C:\users\michael\appdata\local\temp\rar$exa0.316\igg-youtuberslife\youtuberslife.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.316\igg-youtuberslife\youtuberslife.exe
FirewallRules: [UDP Query User{A9F5B312-CC13-4D07-AB19-43C08075F210}C:\users\michael\appdata\local\temp\rar$exa0.316\igg-youtuberslife\youtuberslife.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.316\igg-youtuberslife\youtuberslife.exe
FirewallRules: [TCP Query User{62E89E1A-566B-41ED-AF38-AE2ADBABB2FE}C:\users\michael\appdata\local\temp\rar$exa0.586\igg-youtuberslife\youtuberslife.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.586\igg-youtuberslife\youtuberslife.exe
FirewallRules: [UDP Query User{B98EECEB-CEFE-47FA-9A4A-AC01C6B0F3C0}C:\users\michael\appdata\local\temp\rar$exa0.586\igg-youtuberslife\youtuberslife.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.586\igg-youtuberslife\youtuberslife.exe
FirewallRules: [TCP Query User{22B12A4A-8A6F-4071-87C2-889F657CCAE6}C:\users\michael\appdata\local\temp\rar$exa0.728\igg-youtuberslife\youtuberslife.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.728\igg-youtuberslife\youtuberslife.exe
FirewallRules: [UDP Query User{C49C1440-D7FE-431B-A980-7663455099E4}C:\users\michael\appdata\local\temp\rar$exa0.728\igg-youtuberslife\youtuberslife.exe] => (Allow) C:\users\michael\appdata\local\temp\rar$exa0.728\igg-youtuberslife\youtuberslife.exe
FirewallRules: [TCP Query User{C4AC46A9-C4EE-4A48-8118-9D63CFAD8668}E:\progam files (x86)\overwatch\overwatch.exe] => (Allow) E:\progam files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{766B4AD8-FC47-4444-A8FD-5D4D233055AC}E:\progam files (x86)\overwatch\overwatch.exe] => (Allow) E:\progam files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{011A937E-0406-4C9A-9952-8887AD9940E1}E:\progam files (x86)\hearthstone\hearthstone.exe] => (Block) E:\progam files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B1E48439-EB71-41C1-9964-98E62B0F7D75}E:\progam files (x86)\hearthstone\hearthstone.exe] => (Block) E:\progam files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{F234ECA2-173A-47E0-9FAA-4678F19C797F}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{859C76C0-106D-45B8-BECC-4103756D6A65}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{74D26177-8C53-4FBA-812C-E9E11E2A6F25}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{8377CCCC-8314-445E-9D1C-6E3AE315DF15}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C330E00B-B7C0-426A-8E90-D3BE6D9F1D8B}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{E95868DB-BAFD-4DC1-9F3F-6625C4BEFAA9}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{FC4DE697-A6D9-438D-A939-7682B44C12DA}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{64B21ECB-5657-425B-9EB3-6E6BC593C449}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{058718A3-3620-4385-92A2-9241CBDDBA56}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{3FAB024B-68E1-4E04-B207-9A56C2BAF71E}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{35F36A29-1E88-4AFD-9ED7-3069803F6F25}E:\progam files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{2486BDC7-B155-4128-AD4C-214208AD72F9}E:\progam files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) E:\progam files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{24C6B8ED-E6C8-4168-AF08-B86214BD8633}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2D810729-CB65-4ADE-A03C-212B87088EEB}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Ship Remasted\TheShipRemasted.exe
FirewallRules: [{7C09C861-0BC0-4BD0-A48A-201B50F02519}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Ship Remasted\TheShipRemasted.exe
FirewallRules: [{723D7B26-7F20-46D6-979B-DE6959656198}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Ship\ship.exe
FirewallRules: [{0DA41C16-3C25-49FE-9FB3-F461FBB0F553}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Ship\ship.exe
FirewallRules: [{48CD10D7-5221-43A7-93A9-D638B27C4122}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0DEE9E6-2C1B-4DF1-81F6-8A0AEBA6FD14}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC60101B-F0B3-487E-8B4C-DF31D95B8CE9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F7E148F7-93AF-4868-A0CD-2FA9A624A7C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{63083AB6-602A-4AAB-80A3-FC96B6051B8E}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{A8E6C3BD-E5D3-4589-833D-8406592D4554}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [TCP Query User{FFB8E135-4C0D-46A9-9BB5-ABBE8F361297}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [UDP Query User{CC88283C-D85E-4266-AE73-13DB0564B96F}C:\program files (x86)\remote mouse\remotemouse.exe] => (Allow) C:\program files (x86)\remote mouse\remotemouse.exe
FirewallRules: [{E8715A9D-79D5-46E2-B3A6-891F0EAE9AC9}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{49899EA1-15AF-47B6-851D-DC2ECF264C04}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{119F1E02-288A-47FD-AFA0-B59B6BF922CC}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{EFF3A001-E016-4B7A-AA28-7BD7BEF6906E}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{A45774DE-95B8-4DD4-B33E-23F908C4918F}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{4A5F2ADC-E289-48FD-9D91-ABC75E013B1D}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{0AC05F49-EE19-42A0-9B51-12D448B114D4}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{A1F9F269-D1B1-4518-A916-16BB7F2E22A5}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{EC4D463C-2D12-4551-BBB8-67F14F44E7BE}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Ship Single Player\ship.exe
FirewallRules: [{EA8CD7E5-200D-4D81-8A35-1216C36597E8}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Ship Single Player\ship.exe
FirewallRules: [TCP Query User{3255F89C-25C1-4E84-B8C6-AB6C60030434}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6CF07939-BA0A-4A76-AA0B-EF4210F9EEC4}C:\users\michael\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0853E0C7-43DA-421C-AF46-2B94C6D64C0C}] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0F202951-9A88-4D5C-B391-BD950396AFB2}] => (Block) C:\users\michael\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B2C95F19-E599-4EC5-8F5A-BB8B01D368A9}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Ship Tutorial\ship.exe
FirewallRules: [{F2490CCF-0C2F-40B3-B988-3E67589BD64B}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\The Ship Tutorial\ship.exe
FirewallRules: [{276709B8-638D-438A-8F8D-7E2BCA4E3631}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{4AD13DD5-FB49-4F81-96BA-2FADF66BB733}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{BB5F1DD6-B941-4091-A52F-13F3DA95CAF0}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{0E33B1C9-45BE-4D20-97A3-D175351E1B64}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{DD3A627A-6CF6-4BE3-A6C5-3387074F6983}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Floating Point\Floating Point.exe
FirewallRules: [{0FA15EDE-713D-49AF-9C68-34B652D788FE}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Floating Point\Floating Point.exe
FirewallRules: [{E02AC6B0-DFA7-4C38-B570-46AC03B1009B}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{85D7B4E9-D58E-4380-BD1F-3013D4908C5D}] => (Allow) E:\Progam Files (x86)\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [TCP Query User{4AC0A0A2-5BF9-4C85-8924-58DC0983FD22}E:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) E:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{02B8D16F-832D-4C5A-B4DB-8F0290B6F095}E:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) E:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [{628E6C2C-372D-4C8D-A5E3-6E9AAB199C5D}] => (Block) E:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [{4C9E730F-C278-4C35-B56D-F003E6080FC3}] => (Block) E:\games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [{00CE1188-5FDB-4EC8-9E68-2806E98D9606}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{35A89457-18DB-4E04-9698-98DCEC770451}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{96F6BA9E-3A1A-4796-8F75-DE3BFDF6D748}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{6BC4F859-4F55-4F51-9DEA-1AE6CF6C802A}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{D7FB4A8B-82A8-4A51-81A4-937386C1A787}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{D2D0A3CC-C580-4CF0-BB8B-C13AC4CB554F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{0B6632C1-0750-4C3F-85F6-762E77E6E17D}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{92E1D5DD-2D24-427C-BA00-D8A488E88874}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Restore Points =========================

09-08-2016 08:12:27 Windows Update
09-08-2016 17:53:57 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
09-08-2016 17:54:02 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
10-08-2016 21:32:53 Installed DirectX

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Hotspot Shield Routing Driver 6
Description: Hotspot Shield Routing Driver 6
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HssDRV6
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2016 12:55:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/11/2016 12:55:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/11/2016 12:48:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2016 12:31:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/11/2016 12:31:47 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/11/2016 12:25:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2016 12:23:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2016 11:42:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (08/10/2016 11:42:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (08/10/2016 11:36:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/11/2016 12:59:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/11/2016 12:49:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/11/2016 12:48:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
HssDRV6

Error: (08/11/2016 12:48:16 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:41:43 AM on ‎8/‎11/‎2016 was unexpected.

Error: (08/11/2016 12:36:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/11/2016 12:26:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/11/2016 12:25:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
HssDRV6

Error: (08/11/2016 12:25:04 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Error: (08/11/2016 12:24:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/11/2016 12:23:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
HssDRV6


CodeIntegrity:
===================================
  Date: 2016-07-26 00:51:25.361
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 16:13:48.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 07:46:56.649
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 07:46:48.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-03 22:48:38.924
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-03 22:48:38.894
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-17 13:44:55.301
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\Temp\{2cab344d-0280-6f26-a59f-286532be8f3e}\B299098\atikmpag.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-17 13:44:55.224
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\Temp\{2cab344d-0280-6f26-a59f-286532be8f3e}\B299098\atikmpag.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-17 13:44:55.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\Temp\{2cab344d-0280-6f26-a59f-286532be8f3e}\B299098\atikmpag.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-17 13:44:55.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\Temp\{2cab344d-0280-6f26-a59f-286532be8f3e}\B299098\atikmpag.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD FX(tm)-8320 Eight-Core Processor 
Percentage of memory in use: 39%
Total physical RAM: 8157.75 MB
Available physical RAM: 4943.07 MB
Total Virtual: 16313.68 MB
Available Virtual: 12715.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:4.96 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:27.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 08CDEE34)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F2950D4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello Henri_Tomasino and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also give an update on any remaining issues or concerns....

Thank you,

Kevin...

Fixlist.txt

Edited by kevinf80
Link to post
Share on other sites

FRST:
Fix result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by Michael (2016-08-11 17:05:30) Run:1
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3231232 2016-04-09] (Microsoft Corporation) <==== ATTENTION
Tcpip\..\Interfaces\{0226C24D-EFE9-4570-BC0D-CB1B3E229C51}: [NameServer] 46.166.179.49 46.166.179.51
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzerdYFMs_IS3XSeCzDTM1jI_ehTQyBB6lioBwIFXI1OPtl77bg-tHyGSuXYfDfDnlWcMs-uB9KIrnvkpNRqw0-aIA4GdQ,,
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzenU_whGBQZDXxNqJxqttFPyxgp33eiNbmQPQFX1i7MMH0JJDOBpIdmeIdZ9aj8XxIp-_NyuiMClgwZUYPAGNGhEBIkng,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKU\S-1-5-21-1422531221-2240199893-14684636-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "search.mpc.am"
R1 b84f747322ad09b1c7ec8c8f34cac63b; C:\Windows\system32\drivers\b84f747322ad09b1c7ec8c8f34cac63b.sys [84992 2016-06-13] (VK2XFQ)
C:\Windows\system32\drivers\b84f747322ad09b1c7ec8c8f34cac63b.sys
S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X] 
Task: {14A94D59-C3A2-4A01-B9AF-150EBBD57098} - \Hybrid -> No File <==== ATTENTION
Task: {3905E2E1-DE5E-44B9-A80D-CDCA14706C50} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-06-20] (Enigma Software Group USA, LLC.)
Task: {E2980D3D-FE76-4C49-8111-E9A75D9C13C9} - \0d98e608da5c08d1fa4dbc2dffe23fdd -> No File <==== ATTENTION
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0226C24D-EFE9-4570-BC0D-CB1B3E229C51}\\NameServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1422531221-2240199893-14684636-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => key removed successfully
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => key not found. 
Chrome HomePage => not found.
Chrome StartupUrls => not found.
b84f747322ad09b1c7ec8c8f34cac63b => service not found.
"C:\Windows\system32\drivers\b84f747322ad09b1c7ec8c8f34cac63b.sys" => not found.
HssDRV6 => service removed successfully
VGPU => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{14A94D59-C3A2-4A01-B9AF-150EBBD57098}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14A94D59-C3A2-4A01-B9AF-150EBBD57098}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hybrid" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3905E2E1-DE5E-44B9-A80D-CDCA14706C50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3905E2E1-DE5E-44B9-A80D-CDCA14706C50}" => key removed successfully
C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2980D3D-FE76-4C49-8111-E9A75D9C13C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2980D3D-FE76-4C49-8111-E9A75D9C13C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0d98e608da5c08d1fa4dbc2dffe23fdd" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5868528 B
Java, Flash, Steam htmlcache => 153925791 B
Windows/system/drivers => 6103906 B
Edge => 0 B
Chrome => 809056919 B
Firefox => 50768095 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 77038 B
LocalService => 66228 B
NetworkService => 672150 B
Michael => 1516391160 B

RecycleBin => 7389838095 B
EmptyTemp: => 9.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:05:43 ====

Malwarebytes:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/08/2016
Scan Time: 16:42
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.11.09
Rootkit Database: v2016.08.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328138
Time Elapsed: 10 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 17
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [f4e1d079a4f60c2a5087efa830d26a96], 
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [dff670d9b5e5dd5901d6f3a4de24e719], 
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [765f193029713bfb884f3d5a1be721df], 
PUP.Optional.Wajam, HKLM\SOFTWARE\Social2Sea Browser Enhancer, Quarantined, [be1730196337a096776c8d3d08fa08f8], 
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [914480c9f7a3d85e88c94f90857ea15f], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtQuoteex, Quarantined, [fbda08415b3ff541145f50a919ea37c9], 
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\Social2Sea Browser Enhancer, Quarantined, [567f83c62c6ef04624bf2f9b3dc50df3], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASAPI32, Quarantined, [468f77d2c6d4e0564f9362938b78fe02], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASMANCS, Quarantined, [399c0841cecc52e4fae8b144996a03fd], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Quoteex_RASAPI32, Quarantined, [3a9bfc4d2179de5880f10feaaf544eb2], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Quoteex_RASMANCS, Quarantined, [6e67d970aaf0c3734e2326d3fa09728e], 
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe, Quarantined, [26af0e3b1288ab8baec421d8cd36be42], 
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKpt, Quarantined, [6f660c3d0b8fe94db8cb9e2b9c667789], 
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Quarantined, [0acb1930970368ce546d8e68e81b5ba5], 
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\mtQuoteex, Quarantined, [d2032425d4c6b6807bf4da1f9d66c040], 
PUP.Optional.Wajam, HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\WajIEnhance, Quarantined, [805555f421792412f247318ab44f817f], 
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\WebDiscoverBrowser, Quarantined, [6273d673d1c9b680f45a7b64c340b749], 

Registry Values: 3
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzenU_whGBQZDXxNqJxqttFPyxgp33eiNbmQPQFX1i7MMH0JJDOBpIdmeIdZ9aj8XxIp-_NyuiMClgwZUYPAGNGhEBIkng,,&q={searchTerms}, Quarantined, [c2130d3c158578bee9a6fbd147bb768a]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzenU_whGBQZDXxNqJxqttFPyxgp33eiNbmQPQFX1i7MMH0JJDOBpIdmeIdZ9aj8XxIp-_NyuiMClgwZUYPAGNGhEBIkng,,&q={searchTerms}, Quarantined, [7e57a8a14b4f6cca7b8262942fd4f50b]
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;, Quarantined, [a82d4603ddbd2c0a2516f0e647bc8d73]

Registry Data: 4
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[f4e1a1a8415938fecbe3d2a7cd3701ff]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzerdYFMs_IS3XSeCzDTM1jI_ehTQyBB6lioBwIFXI1OPtl77bg-tHyGSuXYfDfDnlWcMs-uB9KIrnvkpNRqw0-aIA4GdQ,,, Good: (www.google.com), Bad: (http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzerdYFMs_IS3XSeCzDTM1jI_ehTQyBB6lioBwIFXI1OPtl77bg-tHyGSuXYfDfDnlWcMs-uB9KIrnvkpNRqw0-aIA4GdQ,,),Replaced,[2ca94bfe6d2d66d0f2c46b0eed1729d7]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzenU_whGBQZDXxNqJxqttFPyxgp33eiNbmQPQFX1i7MMH0JJDOBpIdmeIdZ9aj8XxIp-_NyuiMClgwZUYPAGNGhEBIkng,,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzenU_whGBQZDXxNqJxqttFPyxgp33eiNbmQPQFX1i7MMH0JJDOBpIdmeIdZ9aj8XxIp-_NyuiMClgwZUYPAGNGhEBIkng,,&q={searchTerms}),Replaced,[bf162920c5d540f6ded898e105ffc53b]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1422531221-2240199893-14684636-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzenU_whGBQZDXxNqJxqttFPyxgp33eiNbmQPQFX1i7MMH0JJDOBpIdmeIdZ9aj8XxIp-_NyuiMClgwZUYPAGNGhEBIkng,,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tiniOLUV22HrbDsOpz6cnzV-MMcNxuSUxGiV7-n01BA_gqFA-Tql2zoaFdwngoPzenU_whGBQZDXxNqJxqttFPyxgp33eiNbmQPQFX1i7MMH0JJDOBpIdmeIdZ9aj8XxIp-_NyuiMClgwZUYPAGNGhEBIkng,,&q={searchTerms}),Replaced,[e7ee4efb564445f126912158e1232dd3]

Folders: 5
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea Browser Enhancer, Quarantined, [23b27bceaeec48eef1f008c229d9619f], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.Wajam.Gen, C:\Program Files\70a6f62cf5b788b7fc65c0bbd4e7a978\95d99b57e0f14fce13faa2cc745dfaef, Quarantined, [e6efcc7d5a40ae8842adec0842c15aa6], 
PUP.Optional.Wajam.Gen, C:\Program Files\70a6f62cf5b788b7fc65c0bbd4e7a978, Quarantined, [e6efcc7d5a40ae8842adec0842c15aa6], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteexs, Quarantined, [27ae5aef2476d264a5a9bde0e0244eb2], 

Files: 55
PUP.Optional.Wajam, C:\WINDOWS\SYSTEM32\drivers\b84f747322ad09b1c7ec8c8f34cac63b.sys, Delete-on-Reboot, [f7b1fc1fb8c503699b9ef415b0a96690], 
PUP.Optional.Linkury, C:\Users\Michael\AppData\Roaming\Labbam.bin, Quarantined, [4a8b48010397d561e142c98fa3613bc5], 
PUP.Optional.LogicHandler, C:\Users\Michael\AppData\Roaming\TanRantech.bin, Quarantined, [b71e77d2e4b643f344ab84dad03017e9], 
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea Browser Enhancer\Social2Search Website.lnk, Quarantined, [23b27bceaeec48eef1f008c229d9619f], 
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea Browser Enhancer\Settings.lnk, Quarantined, [23b27bceaeec48eef1f008c229d9619f], 
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea Browser Enhancer\SignIn with Facebook.lnk, Quarantined, [23b27bceaeec48eef1f008c229d9619f], 
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea Browser Enhancer\SignIn with Twitter.lnk, Quarantined, [23b27bceaeec48eef1f008c229d9619f], 
PUP.Optional.YesSearches, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\findit.xml, Quarantined, [963f3514eeac2016b592d1fe1ee4d729], 
PUP.Optional.Starter, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-1.xml, Quarantined, [6e67ec5dfd9d7bbb3fa9756317eb0000], 
PUP.Optional.Starter, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-2.xml, Quarantined, [e5f00f3a5941989ee404ecec689a629e], 
PUP.Optional.Starter, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-3.xml, Quarantined, [6174a7a201992f0704e403d53ec4e21e], 
PUP.Optional.Starter, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-4.xml, Quarantined, [8c49ab9e4d4d7cbadc0c2eaad131aa56], 
PUP.Optional.Starter, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-5.xml, Quarantined, [6570f455ecae68ce1cccac2c2dd5ac54], 
PUP.Optional.Starter, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-6.xml, Quarantined, [518490b93b5fb87ef3f5409871918779], 
PUP.Optional.Starter, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-7.xml, Quarantined, [c01590b92c6e6bcb8f59d9ffb74b4cb4], 
PUP.Optional.Starter, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter-8.xml, Quarantined, [02d33316bfdb082e25c337a1c73b8f71], 
PUP.Optional.Starter, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\searchplugins\starter.xml, Quarantined, [b52042071f7b68ce5495fbdd936f6898], 
Trojan.Agent, C:\Users\Michael\AppData\Roaming\taskmgr\taskmgr.exe, Quarantined, [54811b2eb1e9f83e8bac9052966d5ca4], 
PUP.Optional.AdNetworkPerformance, C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.adnetworkperformance.com_0.localstorage, Quarantined, [2da8282146540b2bc2fcf1f160a3b24e], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\user.js, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\com.apple.Safari.plist, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\klite.dat, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\oldfilenotused, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\Prefaddon, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\Preferences, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\Secure Preferences, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\setting.dat, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\starter.xml, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\taskmgr.exe, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.SurfVox, C:\Users\Michael\AppData\Roaming\taskmgr\Web Data, Quarantined, [c510a4a5c5d554e26c45ea03ea19d42c], 
PUP.Optional.Linkury, C:\Users\Michael\AppData\Roaming\ApplicationHosting.dat, Quarantined, [795c36136733ac8ac6d2d31c976cb44c], 
PUP.Optional.Linkury, C:\Users\Michael\AppData\Roaming\md.xml, Quarantined, [fed77acfc3d7df571f7aad42df2451af], 
PUP.Optional.Linkury, C:\Users\Michael\AppData\Roaming\noah.dat, Quarantined, [53821435b3e7280efaa048a7dd2630d0], 
PUP.Optional.Linkury, C:\Users\Michael\AppData\Roaming\uninstall_temp.ico, Quarantined, [f5e083c6bcde61d578238669d52ed22e], 
PUP.Optional.Linkury, C:\Users\Michael\AppData\Roaming\lobby.dat, Quarantined, [9b3a0d3c26745dd9bd67ad43699a2bd5], 
Trojan.Downloader, C:\Windows\chromebrowser.exe, Quarantined, [ad28e8618713f0466d6434bf0cf77a86], 
PUP.Optional.Wajam.Gen, C:\Program Files\70a6f62cf5b788b7fc65c0bbd4e7a978\95d99b57e0f14fce13faa2cc745dfaef\3612cbc8e19acfdfc0e7015db0237e4e.ico, Quarantined, [e6efcc7d5a40ae8842adec0842c15aa6], 
PUP.Optional.Wajam.Gen, C:\Program Files\70a6f62cf5b788b7fc65c0bbd4e7a978\95d99b57e0f14fce13faa2cc745dfaef\a08fdd72283844e74842e114dd9223e6.ico, Quarantined, [e6efcc7d5a40ae8842adec0842c15aa6], 
PUP.Optional.Wajam.Gen, C:\Program Files\70a6f62cf5b788b7fc65c0bbd4e7a978\95d99b57e0f14fce13faa2cc745dfaef\b41b187150a1f3accc82e2e7d034f6c4.ico, Quarantined, [e6efcc7d5a40ae8842adec0842c15aa6], 
PUP.Optional.Wajam.Gen, C:\Program Files\70a6f62cf5b788b7fc65c0bbd4e7a978\95d99b57e0f14fce13faa2cc745dfaef\d4425e115ab9423c302a01ed78e7eea7.ico, Quarantined, [e6efcc7d5a40ae8842adec0842c15aa6], 
PUP.Optional.Wajam.Gen, C:\Program Files\70a6f62cf5b788b7fc65c0bbd4e7a978\3612cbc8e19acfdfc0e7015db0237e4e.ico, Quarantined, [e6efcc7d5a40ae8842adec0842c15aa6], 
PUP.Optional.Wajam.Gen, C:\Program Files\70a6f62cf5b788b7fc65c0bbd4e7a978\50fdc1cc07af64d1c3b8e160311b4b43, Quarantined, [e6efcc7d5a40ae8842adec0842c15aa6], 
PUP.Optional.Wajam.Gen, C:\Program Files\70a6f62cf5b788b7fc65c0bbd4e7a978\9b36530880b4f28468b7879d19c18f05__000000013F25EA0B__C0000005.dmp, Quarantined, [e6efcc7d5a40ae8842adec0842c15aa6], 
PUP.Optional.Wajam.Gen, C:\Program Files\70a6f62cf5b788b7fc65c0bbd4e7a978\faa35ea9f13fc0f6645d2e66c0a93293, Quarantined, [e6efcc7d5a40ae8842adec0842c15aa6], 
PUP.Optional.Linkury.Gen, C:\Users\Michael\AppData\Roaming\Faxlax.tst, Quarantined, [f7dec980a3f7de582831a35a7093c33d], 
PUP.Optional.Linkury.Gen, C:\Users\Michael\AppData\Roaming\ZaamLatdox.tst, Quarantined, [607587c232683ff7fd5c14e961a2b44c], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteexs\ff.HP, Quarantined, [27ae5aef2476d264a5a9bde0e0244eb2], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteexs\ff.NT, Quarantined, [27ae5aef2476d264a5a9bde0e0244eb2], 
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteexs\snp.sc, Quarantined, [27ae5aef2476d264a5a9bde0e0244eb2], 
PUP.Optional.Linkury.ACMB1, C:\Users\Michael\AppData\Roaming\Config.xml, Quarantined, [71644ffa6535a78fd8432875e81c11ef], 
PUP.Optional.Linkury.ACMB1, C:\Users\Michael\AppData\Roaming\InstallationConfiguration.xml, Quarantined, [35a0b198722856e0c6565d409e66966a], 
PUP.Optional.Viceice, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename", "viceice");), Replaced,[518450f9e3b7da5c32a0adece0247987]
PUP.Optional.Viceice, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "viceice");), Replaced,[e5f090b9ecae15217360732660a42ed2]
PUP.Optional.Viceice, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "http://www.viceice.com), Replaced,[7a5b9aaf3b5f04327365465954b016ea]
PUP.Optional.Viceice, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\user.js, Quarantined, [c01568e1f2a8f44277b3d4c94bb945bb], 

Physical Sectors: 0
(No malicious items detected)


(end)

AdwCleaner:
# AdwCleaner v5.029 - Logfile created 14/01/2016 at 21:46:04
# Updated 11/01/2016 by Xplode
# Database : 2016-01-14.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Michael - MICHAEL-PC
# Running from : C:\Users\Michael\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : hxxp://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ftb
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\MSR
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\Program Files (x86)\iOSinstaller
[-] Folder Deleted : C:\Users\Michael\AppData\Local\globalUpdate

***** [ Files ] *****

[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.savemygame.fr_0.localstorage-journal
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Michael\AppData\Roaming\aps.uninstall.scan.results
[-] File Deleted : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\invalidprefs.js
[-] File Deleted : C:\Windows\SysNative\roboot64.exe

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\Taronja
[-] Key Deleted : HKU\S-1-5-21-1422531221-2240199893-14684636-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\IM
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key Deleted : HKU\S-1-5-21-1422531221-2240199893-14684636-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****

[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://binkiland.com/?f=7&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1Qzu0DtDyDtDzyzytD0BtB0FtAzy0BtB0EtDtN0D0Tzu0StCtCyEzytN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtCtByEzyyC0F0AtG0D0E0CyBtG0ByCtDyEtGtByByE0FtGyDtB0Ezz0C0D0D0FtAyByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDtBtB0E0E0AyEtGtAzytCyCtGyE0BtCyBtGzytBtC0CtGtDtD0E0Ezzzzzz0CzyyD0F0A2Q&cr=192371788&ir=
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elggllhppljlljkgfeokjpehmdamkejk
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://binkiland.com/?f=1&a=bnk_ir_15_09&cd=2XzuyEtN2Y1L1Qzu0DtDyDtDzyzytD0BtB0FtAzy0BtB0EtDtN0D0Tzu0StCtCyEzytN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtCtByEzyyC0F0AtG0D0E0CyBtG0ByCtDyEtGtByByE0FtGyDtB0Ezz0C0D0D0FtAyByC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDtBtB0E0E0AyEtGtAzytCyCtGyE0BtCyBtGzytBtC0CtGtDtD0E0Ezzzzzz0CzyyD0F0A2Q&cr=192371788&ir=

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4797 bytes] ##########
# AdwCleaner v5.201 - Logfile created 11/08/2016 at 17:00:42
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-10.2 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (X64)
# Username : Michael - MICHAEL-PC
# Running from : C:\Users\Michael\Downloads\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : b84f747322ad09b1c7ec8c8f34cac63b

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\03000200-1465938490-0500-0006-000700080009
[-] Folder Deleted : C:\Users\Michael\AppData\Roaming\chportu

***** [ Files ] *****

[-] File Deleted : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\fyp3heaq.default\invalidprefs.js
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_safesearch.raaz.io_0.localstorage
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.viceice.com_0.localstorage

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1422531221-2240199893-14684636-1000\Software\Greener Web
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2039DD3E-4E72-4C20-90E7-9FD959AA7D06}
[#] Value Deleted : HKU\S-1-5-21-1422531221-2240199893-14684636-1000\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safefinder.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.safefinder.com
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SystemUpdatekb70007
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\backlh

***** [ Web browsers ] *****

[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : binkiland.com
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : wavepad.en.softonic.com
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mkv-player.en.softonic.com
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : viceice.com
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : feed.sonic-search.com
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : search.mpc.am
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pinhfkamckbogjgmbmdkdebbbpnmlaef
[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : search.mpc.am

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [8505 bytes] - [14/01/2016 22:46:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [16487 bytes] - [14/01/2016 22:44:41]
C:\AdwCleaner\AdwCleaner[S2].txt - [3896 bytes] - [11/08/2016 16:58:28]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8725 bytes] ##########

Sophos:
2016-08-11 16:15:51.108    Sophos Virus Removal Tool version 2.5.6
2016-08-11 16:15:51.108    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2016-08-11 16:15:51.108    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-08-11 16:15:51.108    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-08-11 16:15:51.108    Checking for updates...
2016-08-11 16:15:58.216    Update progress: proxy server not available
2016-08-11 16:15:58.279    Option all = no
2016-08-11 16:15:58.279    Option recurse = yes
2016-08-11 16:15:58.279    Option archive = no
2016-08-11 16:15:58.279    Option service = yes
2016-08-11 16:15:58.279    Option confirm = yes
2016-08-11 16:15:58.279    Option sxl = yes
2016-08-11 16:15:58.281    Option max-data-age = 35
2016-08-11 16:15:58.281    Option vdl-logging = yes
2016-08-11 16:15:58.284    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-08-11 16:15:58.284    Machine ID:    ec1f2b390e81466f91e42e2b0337688f
2016-08-11 16:15:58.285    Component SVRTcli.exe version 2.5.6
2016-08-11 16:15:58.285    Component control.dll version 2.5.6
2016-08-11 16:15:58.285    Component SVRTservice.exe version 2.5.6
2016-08-11 16:15:58.285    Component engine\osdp.dll version 1.44.1.2252
2016-08-11 16:15:58.285    Component engine\veex.dll version 3.65.2.2252
2016-08-11 16:15:58.285    Component engine\savi.dll version 9.0.1.2252
2016-08-11 16:15:58.286    Component rkdisk.dll version 1.5.30.0
2016-08-11 16:15:58.286    Version info:    Product version    2.5.6
2016-08-11 16:15:58.286    Version info:    Detection engine    3.65.2
2016-08-11 16:15:58.286    Version info:    Detection data    5.30
2016-08-11 16:15:58.286    Version info:    Build date    8/9/2016
2016-08-11 16:15:58.286    Version info:    Data files added    158
2016-08-11 16:15:58.286    Version info:    Last successful update    (not yet updated)
2016-08-11 16:17:40.526    Sophos Virus Removal Tool version 2.5.6
2016-08-11 16:17:40.526    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2016-08-11 16:17:40.526    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-08-11 16:17:40.526    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2016-08-11 16:17:40.526    Checking for updates...
2016-08-11 16:17:47.564    Update progress: proxy server not available
2016-08-11 16:17:47.637    Option all = no
2016-08-11 16:17:47.639    Option recurse = yes
2016-08-11 16:17:47.639    Option archive = no
2016-08-11 16:17:47.639    Option service = yes
2016-08-11 16:17:47.639    Option confirm = yes
2016-08-11 16:17:47.639    Option sxl = yes
2016-08-11 16:17:47.639    Option max-data-age = 35
2016-08-11 16:17:47.639    Option vdl-logging = yes
2016-08-11 16:17:47.640    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-08-11 16:17:47.640    Machine ID:    ec1f2b390e81466f91e42e2b0337688f
2016-08-11 16:17:47.641    Component SVRTcli.exe version 2.5.6
2016-08-11 16:17:47.641    Component control.dll version 2.5.6
2016-08-11 16:17:47.641    Component SVRTservice.exe version 2.5.6
2016-08-11 16:17:47.641    Component engine\osdp.dll version 1.44.1.2252
2016-08-11 16:17:47.641    Component engine\veex.dll version 3.65.2.2252
2016-08-11 16:17:47.641    Component engine\savi.dll version 9.0.1.2252
2016-08-11 16:17:47.641    Component rkdisk.dll version 1.5.30.0
2016-08-11 16:17:47.641    Version info:    Product version    2.5.6
2016-08-11 16:17:47.642    Version info:    Detection engine    3.65.2
2016-08-11 16:17:47.642    Version info:    Detection data    5.30
2016-08-11 16:17:47.642    Version info:    Build date    8/9/2016
2016-08-11 16:17:47.642    Version info:    Data files added    158
2016-08-11 16:17:47.642    Version info:    Last successful update    (not yet updated)
2016-08-11 16:18:21.995    Downloading updates...
2016-08-11 16:18:21.998    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2016-08-11 16:18:21.998    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-08-11 16:18:21.998    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-08-11 16:18:21.998    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2016-08-11 16:18:21.998    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2016-08-11 16:18:21.998    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2016-08-11 16:18:21.998    Update progress: [I49502] sdds.data0910.xml: found supplement IDE531 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2016-08-11 16:18:21.998    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE531 LATEST path=
2016-08-11 16:18:21.998    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE531 LATEST path=
2016-08-11 16:18:21.998    Update progress: [I49502] sdds.data0910.xml: found supplement IDE532 LATEST path= baseVersion= [included from product IDE531 LATEST path=]
2016-08-11 16:18:21.998    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE532 LATEST path=
2016-08-11 16:18:21.998    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE532 LATEST path=
2016-08-11 16:18:21.998    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-08-11 16:18:22.729    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2016-08-11 16:18:22.729    Update progress: [I19463] Product download size 149796374 bytes
2016-08-11 16:18:25.106    Update progress: [I19463] Syncing product IDE531 LATEST path=
2016-08-11 16:18:25.106    Update progress: [I19463] Product download size 2071874 bytes
2016-08-11 16:18:25.404    Update progress: [I19463] Syncing product IDE532 LATEST path=
2016-08-11 16:18:25.404    Update progress: [I19463] Product download size 166007 bytes
2016-08-11 16:18:25.436    Installing updates...
2016-08-11 16:18:26.037    Error level 1
2016-08-11 16:18:28.159    Update successful
2016-08-11 16:18:35.354    Option all = no
2016-08-11 16:18:35.355    Option recurse = yes
2016-08-11 16:18:35.355    Option archive = no
2016-08-11 16:18:35.355    Option service = yes
2016-08-11 16:18:35.355    Option confirm = yes
2016-08-11 16:18:35.355    Option sxl = yes
2016-08-11 16:18:35.356    Option max-data-age = 35
2016-08-11 16:18:35.356    Option vdl-logging = yes
2016-08-11 16:18:35.359    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-08-11 16:18:35.359    Machine ID:    ec1f2b390e81466f91e42e2b0337688f
2016-08-11 16:18:35.360    Component SVRTcli.exe version 2.5.6
2016-08-11 16:18:35.360    Component control.dll version 2.5.6
2016-08-11 16:18:35.360    Component SVRTservice.exe version 2.5.6
2016-08-11 16:18:35.360    Component engine\osdp.dll version 1.44.1.2252
2016-08-11 16:18:35.360    Component engine\veex.dll version 3.65.2.2252
2016-08-11 16:18:35.360    Component engine\savi.dll version 9.0.1.2252
2016-08-11 16:18:35.360    Component rkdisk.dll version 1.5.30.0
2016-08-11 16:18:35.360    Version info:    Product version    2.5.6
2016-08-11 16:18:35.361    Version info:    Detection engine    3.65.2
2016-08-11 16:18:35.361    Version info:    Detection data    5.30
2016-08-11 16:18:35.361    Version info:    Build date    8/9/2016
2016-08-11 16:18:35.361    Version info:    Data files added    158
2016-08-11 16:18:35.361    Version info:    Last successful update    8/11/2016 5:18:28 PM

2016-08-11 16:32:44.197    Could not open C:\hiberfil.sys
2016-08-11 16:32:44.593    Could not open C:\pagefile.sys
2016-08-11 16:36:45.928    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-08-11 16:36:45.928    Could not open C:\System Volume Information\{8a1bfda6-5fdd-11e6-8a06-d050990b2f39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-08-11 16:36:45.928    Could not open C:\System Volume Information\{dc105397-5fdc-11e6-bf27-d050990b2f39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-08-11 16:36:56.072    Could not open C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Current Session
2016-08-11 16:36:56.072    Could not open C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2016-08-11 16:40:26.844    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-08-11 16:40:26.845    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-08-11 16:40:27.757    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-08-11 16:40:27.759    Could not open C:\Windows\System32\config\RegBack\SAM
2016-08-11 16:40:27.760    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-08-11 16:40:27.762    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-08-11 16:40:27.764    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-08-11 16:47:55.550    Could not open LOGICAL:0003:00000000
2016-08-11 16:47:55.554    Could not open D:\
2016-08-11 16:49:06.385    >>> Virus 'Mal/VMProtBad-A' found in file E:\Progam Files (x86)\DAEMON Tools Pro\BRD.dll
2016-08-11 16:49:06.385    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2016-08-11 16:49:06.385    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2016-08-11 16:49:06.385    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2016-08-11 16:49:06.386    >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2016-08-11 17:10:08.435    The following items will be cleaned up:
2016-08-11 17:10:08.435    Mal/VMProtBad-A
2016-08-11 17:11:00.638    Threat 'Mal/VMProtBad-A' has been cleaned up.
2016-08-11 17:11:00.638    File "E:\Progam Files (x86)\DAEMON Tools Pro\BRD.dll" belongs to malware 'Mal/VMProtBad-A'.
2016-08-11 17:11:00.638    File "E:\Progam Files (x86)\DAEMON Tools Pro\BRD.dll" has been cleaned up.
2016-08-11 17:11:00.638    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" belongs to malware 'Mal/VMProtBad-A'.
2016-08-11 17:11:00.638    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" has been cleaned up.
2016-08-11 17:11:00.638    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" belongs to malware 'Mal/VMProtBad-A'.
2016-08-11 17:11:00.638    Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" has been cleaned up.
2016-08-11 17:11:00.638    Removal successful
2016-08-11 17:11:01.213    Error level 0

Link to post
Share on other sites

Run the following and post its log...

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...
Link to post
Share on other sites

Zemana AntiMalware 2.21.2.465 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/8/11
Operating System       : Windows 7 64-bit
Processor              : 8X AMD FX(tm)-8320 Eight-Core Processor
BIOS Mode              : Legacy
CUID                   : 125BA9EFC5C020CF5BA65E
Scan Type              : Smart Scan
Duration               : 1m 18s
Scanned Objects        : 13038
Detected Objects       : 2
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Edit Cookies
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\fyp3heaq.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi
MD5                : 844E15A02CDAA794B89C84013E25401F
Publisher          : -
Size               : 47246
Version            : -
Detection          : PUA.FirefoxExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - Edit Cookies
                File - %appdata%\mozilla\firefox\profiles\fyp3heaq.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi

Adware:BAT/Generic-DJ!Intr
Status             : Scanned
Object             : %systemroot%\system32\tasks\iorrt|c:\iorrt\iorrt.bat
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Unwanted Batch File
Cleaning Action    : Delete
Related Objects    :
                Scheduled Task - C:\Windows\System32\Tasks\IORRT


Cleaning Result
-------------------------------------------------------
Cleaned               : 2
Reported as safe      : 0
Failed                : 0
 

Link to post
Share on other sites

Click on Start > All Programs > Accessories:

Right-click on the Command Prompt entry

Select "Run as Administrator" accept the UAC prompt - the Elevated Command Prompt window should pop up.

At the Command prompt, type

CHKDSK C: /R

hit the Enter key.

You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot.

The CHKDSK may take a few hours depending on the size of the drive, so be patient!

After the CHKDSK has run use the following instructions to find the log:

Check Disk report:
 
  • Press the WindowsKey + R on your keyboard at the same time. Type eventvwr into the run box and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • You mayl be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Does that make any difference?

Link to post
Share on other sites

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          12/08/2016 10:40:13
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Michael-PC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  419072 file records processed.                                        
File verification completed.
  1087 large file records processed.                                  
  0 bad file records processed.                                    
  2 EA records processed.                                          
  47 reparse records processed.                                      
CHKDSK is verifying indexes (stage 2 of 5)...
  502246 index entries processed.                                        
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered.                                      
CHKDSK is verifying security descriptors (stage 3 of 5)...
  419072 file SDs/SIDs processed.                                        
Cleaning up 677 unused index entries from index $SII of file 0x9.
Cleaning up 677 unused index entries from index $SDH of file 0x9.
Cleaning up 677 unused security descriptors.
CHKDSK is compacting the security descriptor stream
  41588 data files processed.                                          
CHKDSK is verifying Usn Journal...
  36363592 USN bytes processed.                                            
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  419056 files processed.                                                
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  1658125 free clusters processed.                                        
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 117115903 KB total disk space.
 109833656 KB in 213209 files.
    124416 KB in 41591 indexes.
         0 KB in bad sectors.
    525331 KB in use by the system.
     65536 KB occupied by the log file.
   6632500 KB available on disk.

      4096 bytes in each allocation unit.
  29278975 total allocation units on disk.
   1658125 allocation units available on disk.

Internal Info:
00 65 06 00 59 e3 03 00 b0 17 07 00 00 00 00 00  .e..Y...........
3d 02 00 00 2f 00 00 00 00 00 00 00 00 00 00 00  =.../...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-08-12T09:40:13.000000000Z" />
    <EventRecordID>86649</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Michael-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  419072 file records processed.                                        
File verification completed.
  1087 large file records processed.                                  
  0 bad file records processed.                                    
  2 EA records processed.                                          
  47 reparse records processed.                                      
CHKDSK is verifying indexes (stage 2 of 5)...
  502246 index entries processed.                                        
Index verification completed.
  0 unindexed files scanned.                                        
  0 unindexed files recovered.                                      
CHKDSK is verifying security descriptors (stage 3 of 5)...
  419072 file SDs/SIDs processed.                                        
Cleaning up 677 unused index entries from index $SII of file 0x9.
Cleaning up 677 unused index entries from index $SDH of file 0x9.
Cleaning up 677 unused security descriptors.
CHKDSK is compacting the security descriptor stream
  41588 data files processed.                                          
CHKDSK is verifying Usn Journal...
  36363592 USN bytes processed.                                            
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  419056 files processed.                                                
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  1658125 free clusters processed.                                        
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

 117115903 KB total disk space.
 109833656 KB in 213209 files.
    124416 KB in 41591 indexes.
         0 KB in bad sectors.
    525331 KB in use by the system.
     65536 KB occupied by the log file.
   6632500 KB available on disk.

      4096 bytes in each allocation unit.
  29278975 total allocation units on disk.
   1658125 allocation units available on disk.

Internal Info:
00 65 06 00 59 e3 03 00 b0 17 07 00 00 00 00 00  .e..Y...........
3d 02 00 00 2f 00 00 00 00 00 00 00 00 00 00 00  =.../...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

==========================================================================================================================================

I'm not sure if the problems been resolved but my computer automatically performed this scan about a week ago when the problem still persisted and didn't do much so while i test this out could you please tell me what step i'd have to take next if this wasn't to work for me?

 

 

 

 

 

Link to post
Share on other sites

Regardless of whether disk check worked or not run the following:

Now run SFC.

SFC -System File Checker - Instructions

Click on Start > All Programs > Accessories

Right-click on the Command Prompt entry

Select "Run as Administrator" accept the UAC prompt - the Elevated Command Prompt window should pop up.

At the Command prompt, type

SFC /SCANNOW

hit the Enter key

Wait for the scan to finish - make a note of any error messages - and then reboot.


Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply.

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.