Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Launched a .scr file... What should I do?


  • This topic is locked This topic is locked
22 replies to this topic

#1 nicholasgodoyx

nicholasgodoyx

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro, Brazil
  • Local time:11:05 AM

Posted 08 April 2016 - 10:35 AM

So today I received a .scr file. I launched it using Sandboxie (a sanbox program) just to see what it was. So yeah I shouldn't have done that because avast still gave me the "threat has been detected" warning. 

 

I guess since I ran it inside sanboxie and avast blocked it I should be safe? I immediately deleted the sandbox contents...

 

I also ran MalwareBytes, which found zero threats.

 

This is AdwCleaner's log: 

 

# AdwCleaner v5.109 - Logfile created 08/04/2016 at 12:07:21
# Updated 04/04/2016 by Xplode
# Database : 2016-04-07.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Nicholas Godoy - NICHOPC
# Running from : J:\Software\Malware Removal\adwcleaner_5.109.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Nicholas Godoy\AppData\Local\PackageAware
Folder Found : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
 
***** [ Files ] *****
 
File Found : C:\Users\NICHOL~1\AppData\Local\Temp\Utils.dll
File Found : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
File Found : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal
File Found : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
File Found : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pkaclsnffr-a.akamaihd.net_0.localstorage
File Found : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pkaclsnffr-a.akamaihd.net_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [1788 bytes] - [08/04/2016 12:07:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1861 bytes] ##########
 
 
So, thoughts? Should I upload the .scr file? I still have it.


BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:05 AM

Posted 08 April 2016 - 03:31 PM

Hi nicholasgodoyx,

 

My name is Ray and I'll be assisting you with your issue. By what nickname would you like me to address you?

 

Please give me about a day to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 nicholasgodoyx

nicholasgodoyx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro, Brazil
  • Local time:11:05 AM

Posted 08 April 2016 - 03:34 PM

Thanks! You can call me Nicholas



#4 RayS

RayS

  • Malware Study Hall Senior
  • 2,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:05 AM

Posted 10 April 2016 - 04:02 PM

Hi Nicholas,

Again, welcome to Bleeping Computer.

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs into the body of your reply. Use separate posts if that's easier for you.
  • Please do not try to fix anything without being asked.
  • Always read my entire message before you begin to follow my instructions.
  • It may be helpful for you to print my instructions for easy reference.
  • Perform my instructions in the order as given.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.

 

 

Upload the .SCR file to me for analysis

I know you said, "I immediately deleted the sandbox contents...", however, I'd like you to upload the file to me for analysis if you can still get to it. The file is probably malicious, therefore, proceed with caution. Before you begin, please back up all your important files into some off-line location such as DVDs or another computer, an external disk drive, or cloud storage that can then be disconnected from your main computer. If a file is accessible to your PC through any path, then some malware can infect it.

Next, run Sandboxie from Windows Explorer so as to launch your browser 'sandboxed' thereby allowing you to upload the .SCR file without exposing it to your physical disk.

1. Please go to here.
2. Where it asks for the "Link to topic where this file was requested" copy and paste in:



http://www.bleepingcomputer.com/forums/t/610584/launched-a-scr-file-what-should-i-do/

3. Where it says "Browse to the file you want to submit", browse to the path of the suspected .SCR file.
4. Press the Send File button.



Scan your PC with Farbar Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note 1: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



Will you retain PackageAware and Amazon 1Button?

You may not have intentionally installed PackageAware. It is sometimes bundled with legitimate software applications. If you don't use it, consider whether you want to keep it. Similarly, consider whether you want to keep Amazon 1Button App for Chrome.



Avast Log

I guess since I ran it inside sanboxie and avast blocked it I should be safe?

Please supply a verbatim copy of the AVAST detection log if available or your best recollection of the name of the .SCR file and any warning you saw.


In your next reply...

  • Please confirm whether you were able to upload the .SCR file.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • Tell me whether you want to keep PackageAware and/or Amazon 1Button.
  • Copy and paste the Avast log or a description of any warnings into the body of your message.

Have you noticed any suspicious symptoms other than the Avast detection since you first encountered the .SCR file?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#5 nicholasgodoyx

nicholasgodoyx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro, Brazil
  • Local time:11:05 AM

Posted 11 April 2016 - 01:00 PM

  • I uploaded the .SCR file.
  • Yes, I want to keep Amazon 1Button. I use it to keep track of my wishlist.
  • I have no idea what is PackageAware
  • I have not noticed anything unusual since.
Avast:
I couldn't find any logs, but I attached a screenshot of the contents of my virus chest from that day.
Attached File  Screenshot_1.png   22.38KB   0 downloads
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by Nicholas Godoy (2016-04-11 14:47:00)
Running from C:\Users\Nicholas Godoy\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-10 04:49:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4099895337-1454360887-1772386947-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4099895337-1454360887-1772386947-503 - Limited - Disabled)
Guest (S-1-5-21-4099895337-1454360887-1772386947-501 - Limited - Disabled)
Nicholas Godoy (S-1-5-21-4099895337-1454360887-1772386947-1001 - Administrator - Enabled) => C:\Users\Nicholas Godoy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Password 4.6.0.604 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Ableton Live 9 Suite (HKLM\...\{99C4D476-0AF0-4045-998F-E11CA4957BDB}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Muse CC 2015 (HKLM-x32\...\{7C54712F-A477-4E6A-AC81-7175494DD179}) (Version: 2015.0.0.597 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AIDA64 Extreme v5.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.30 - FinalWire Ltd.)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Atom (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\atom) (Version: 1.2.4 - GitHub Inc.)
AudioSwitch (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\AudioSwitch_is1) (Version: 2.1.1.0 - )
Autodesk SketchBook (HKLM\...\{C0D41025-EDBF-4354-A5BA-86B27A78BC25}) (Version: 8.00.0001 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
BitTorrent (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.)
BitTorrent Sync (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\BitTorrent Sync) (Version: 2.2.5 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
EDGE (HKLM-x32\...\Steam App 38740) (Version:  - Two Tribes)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version:  - Kyle Seeley)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.4.174 - Final Draft, Inc.)
Fractured Space (HKLM-x32\...\Steam App 310380) (Version:  - Edge Case Games Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\{DBA7719B-28D4-30D9-98DE-E689280E4D7E}) (Version: 49.0.2623.110 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
Hacknet (HKLM-x32\...\Steam App 365450) (Version:  - Team Fractal Alligator)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Just Cause 3 (HKLM-x32\...\Steam App 225540) (Version:  - Avalanche Studios)
Keep Talking and Nobody Explodes версия 1.0 (HKLM-x32\...\{E78D0C6F-65CF-486D-9710-E48FBA6A1C33}_is1) (Version: 1.0 - Steel Crate Games)
Keying Suite v11.1.5 (HKLM-x32\...\{21AD9423-3C17-43E2-AFD7-8305C965500F}_is1) (Version: 11.1.5 - Red Giant, LLC)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Life in Bunker (HKLM-x32\...\Life in Bunker_is1) (Version:  - )
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
Magic Bullet Suite v12.1.1 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 12.1.1 - Red Giant, LLC)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version:  - Microsoft Game Studios)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{070C55FA-FB9D-46DD-B30B-4B520A83A66A}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount Your Friends (HKLM-x32\...\Steam App 296470) (Version:  - Stegersaurus Software Inc.)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MultiBit Classic 0.5.19 (HKLM\...\0884-5076-5786-4986) (Version: 0.5.19 - Bitcoin Solutions Ltd)
MyTraffic Professional (HKLM-x32\...\{84832C70-3EF9-4BD9-99DF-559A2BDEC74C}) (Version: 6.0.0 - MyTraffic)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.92.229.0 - Overwolf Ltd.)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Quadro Delta)
Plex Home Theater (HKLM-x32\...\Plex Home Theater) (Version: 1.4.1 - Plex inc)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1058 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2593 - )
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.0.4 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.18 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27748 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Receiver version 0.0.0.9 (HKLM-x32\...\Receiver_is1) (Version: 0.0.0.9 - WaLMaRT)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.7.33 - Red Giant, LLC)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.6 - Samsung Electronics)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.) Hidden
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SYSM Monitor (HKLM-x32\...\SYSM Monitor_is1) (Version:  - SYSM Monitor)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.12.118.1020 - Electronic Arts Inc.)
Time Clickers (HKLM-x32\...\Steam App 385770) (Version:  - Proton Studio Inc)
TIS-100 (HKLM-x32\...\Steam App 370360) (Version:  - Zachtronics)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
Trapcode Suite v12.1.9 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.9 - Red Giant, LLC)
Universe (HKLM\...\Universe_is1) (Version: 1.2.0 CE - Red Giant, LLC)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114831) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{319F14FC-24A0-4A07-B84C-C7450AF9422F}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114831) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{319F14FC-24A0-4A07-B84C-C7450AF9422F}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114831) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{319F14FC-24A0-4A07-B84C-C7450AF9422F}) (Version:  - Microsoft)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Digital Ltd)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA00-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA01-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA02-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA03-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA04-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C643856-8F6B-4950-951C-83FCA9EE5B32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {1EE3D135-5381-4601-ABF8-3E521DC41D49} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {245D0DD8-D61D-4A4A-8446-9E6459231076} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-02] (Dropbox, Inc.)
Task: {2B49F9A3-C3C0-43DF-9839-F223458DE69E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {33419B0E-9E1B-42A0-BA95-48AECC0E9775} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {381E731E-C9B8-4D89-842B-6AF97C615AFA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-31] (AVAST Software)
Task: {41FF3B72-BBC5-43EA-B73E-149F1C1FB8AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-12] (Microsoft Corporation)
Task: {4813A742-96C7-4D17-B924-83CCBF73950C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {499753EB-8C8B-4228-A215-597C9EA0CCDC} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {64FE61CB-8A93-4732-AFD1-41BE364AD842} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-02] (Dropbox, Inc.)
Task: {698C635A-30BC-44BF-90A5-7CCD80D346A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {93BB6B18-F1E7-4A9C-92FC-108F57416DF9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {97A6FF5D-45DD-4A6B-853C-1AB43CE8CA0E} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2015-04-10] (Samsung Electronics.)
Task: {9C9C0FC8-A73E-4752-9FA5-3E17CA411554} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client_V2.exe
Task: {AB654233-7172-480B-BA55-855C495B2F77} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {BE83D987-3FF3-4305-AADE-E6C1AFD41005} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D2739DA0-75E3-4B5A-9E27-80F3B30EDF53} - System32\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {ECB17338-0C56-41F1-B368-D80FA450DFEE} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-03-21] (Overwolf LTD)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-23 16:11 - 2015-06-23 16:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-01-06 17:14 - 2016-01-12 01:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-12-10 01:44 - 2015-11-02 10:36 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-01 19:01 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-12 23:47 - 2016-01-04 22:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 16:45 - 2016-01-16 02:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-03-01 19:01 - 2016-02-23 08:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-03-01 19:01 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-16 07:02 - 2015-10-16 07:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-10-13 10:25 - 2015-10-13 10:25 - 00820224 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll
2015-04-15 17:13 - 2015-04-15 17:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-06 21:07 - 2015-03-06 21:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-01 15:27 - 2015-09-01 15:27 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 21:07 - 2015-03-06 21:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-01 15:27 - 2015-09-01 15:27 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-09-19 16:15 - 2014-09-19 16:15 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-11-08 13:19 - 2015-07-22 20:22 - 00138752 _____ () C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe
2016-03-12 14:53 - 2016-03-12 14:53 - 00171008 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2016-01-22 13:42 - 2016-01-22 13:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-04 17:25 - 2016-04-04 17:26 - 09089024 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.720.4.0_x86__kgqvnymyfvs32\candycrushsaga.exe
2016-04-05 17:10 - 2016-04-05 17:10 - 00011776 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe
2016-04-05 17:10 - 2016-04-05 17:10 - 09355776 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.dll
2016-04-05 17:10 - 2016-04-05 17:10 - 00123904 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2016-04-05 17:10 - 2016-04-05 17:10 - 03691520 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleShared.dll
2016-04-05 17:10 - 2016-04-05 17:10 - 01506304 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2015-12-15 12:17 - 2015-12-15 12:17 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-05 17:10 - 2016-04-05 17:10 - 00334848 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PersonPicture.UAP.dll
2015-09-21 17:36 - 2014-08-19 16:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-12-19 14:34 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 19:01 - 2016-02-23 05:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-08 03:58 - 2015-07-08 03:58 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-01-12 23:47 - 2016-01-04 22:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 23:47 - 2016-01-04 22:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-27 16:45 - 2016-01-16 02:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-21 12:05 - 2016-01-21 12:05 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 12:17 - 2015-12-15 12:17 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-03-29 19:10 - 2016-03-29 19:10 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 19:10 - 2016-03-29 19:10 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-03 19:01 - 2016-03-03 19:01 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-22 20:16 - 2016-03-22 20:16 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032201\algo.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-04-11 13:01 - 2016-04-11 13:01 - 02876416 _____ () C:\Program Files\AVAST Software\Avast\defs\16041100\algo.dll
2015-08-02 15:26 - 2016-01-12 01:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-11 09:36 - 2016-01-11 09:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-03-21 06:43 - 2016-03-21 06:43 - 45069312 _____ () C:\Program Files (x86)\Overwolf\0.92.229.0\libcef.DLL
2016-03-21 06:43 - 2016-03-21 06:43 - 00025600 _____ () C:\Program Files (x86)\Overwolf\0.92.229.0\CoreAudioApi.dll
2015-08-21 13:15 - 2016-03-18 20:48 - 47503472 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libcef.dll
2015-08-21 13:15 - 2016-03-18 20:48 - 01584240 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libglesv2.dll
2015-08-21 13:15 - 2016-03-18 20:48 - 00082032 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libegl.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-11 17:32 - 2016-02-23 15:19 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-03-18 22:51 - 2016-02-23 15:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-03-18 22:51 - 2016-02-23 15:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 17:32 - 2016-02-23 15:19 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 17:32 - 2016-02-23 15:19 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 17:32 - 2016-03-11 21:18 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-03-18 22:51 - 2016-02-23 15:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-11 17:32 - 2016-03-11 21:18 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 17:32 - 2016-02-23 15:19 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 17:32 - 2016-02-23 15:20 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-11 17:32 - 2016-03-11 21:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 17:32 - 2016-03-11 21:18 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-03-18 22:51 - 2016-02-23 15:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-03-18 22:51 - 2016-02-23 15:21 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-03-18 22:51 - 2016-03-11 21:18 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-03-18 22:51 - 2016-02-12 21:24 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2015-12-11 17:32 - 2016-03-11 21:18 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 17:32 - 2016-02-23 15:19 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-03-18 22:51 - 2016-02-23 15:19 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-03-18 22:51 - 2016-02-23 15:20 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-03-18 22:51 - 2016-03-11 21:18 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 17:32 - 2016-02-23 15:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-03-18 22:51 - 2016-02-23 15:23 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-03-18 22:51 - 2016-02-23 15:23 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2015-12-11 17:32 - 2016-03-11 21:18 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-08-02 18:28 - 2016-02-23 15:25 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-12-01 14:37 - 2015-12-01 14:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 14:37 - 2015-12-01 14:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-10-13 22:47 - 2015-04-28 09:50 - 00376832 _____ () C:\Program Files (x86)\1Password 4\js3215R.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-08-02 15:30 - 2016-03-10 21:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-02 15:30 - 2016-03-31 17:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-02 15:30 - 2016-03-31 17:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 22:12 - 2016-02-17 19:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-08-02 15:30 - 2016-02-08 22:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-08-02 15:30 - 2015-09-24 20:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-02-10 12:36 - 2016-02-10 12:38 - 00255488 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.720.4.0_x86__kgqvnymyfvs32\curl.dll
2016-02-10 12:36 - 2016-02-10 12:38 - 01602560 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.720.4.0_x86__kgqvnymyfvs32\LIBEAY32.dll
2015-10-18 15:05 - 2015-10-18 15:06 - 00097944 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.720.4.0_x86__kgqvnymyfvs32\libEGL.dll
2015-10-18 15:05 - 2015-10-18 15:06 - 02303640 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.720.4.0_x86__kgqvnymyfvs32\libGLESv2.dll
2016-02-10 12:36 - 2016-02-10 12:38 - 00479232 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.720.4.0_x86__kgqvnymyfvs32\SSLEAY32.dll
2015-08-02 16:24 - 2015-08-02 16:30 - 00066560 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.720.4.0_x86__kgqvnymyfvs32\zlib.dll
2015-10-01 03:28 - 2015-10-01 03:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 40622592 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 00911360 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 00134144 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-08-02 18:00 - 2015-04-10 14:33 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2016-03-30 17:50 - 2016-03-27 04:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-30 17:50 - 2016-03-27 04:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 08:04 - 2015-12-13 20:30 - 00001802 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 apps.skype.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\Control Panel\Desktop\\Wallpaper -> D:\Dropbox\General\Wallpapers\Space Infographic\36466_infographic_dual_screen_dual_monitor_solar_system_infographic_dual_screen_finished.png
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7C338DCD52645621DFC0386802FBE5B6"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{90D0D150-B673-4AA8-80C1-26A1953FCE45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{8E889B37-41E0-4E34-838B-A0FB17EFDAC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [UDP Query User{560DBE34-FDBA-43F4-8CE4-7B3A810DB290}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [TCP Query User{1713208C-0A3E-419F-8E0A-176BBAE73BE9}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [{5A5F5CD3-A98B-463D-847A-64D52B49A81B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8FC65BDC-1A19-4E15-8987-9A102E0522EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FE4173AA-3E1D-4AF8-911F-F993C99DAC58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{3016466F-1958-463C-BD83-A9A23E79B79E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [UDP Query User{4AD19B90-0205-4A83-B8A1-ACBA5A38708D}C:\program files (x86)\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{F7C323A9-659A-4590-B04A-A699208E2989}C:\program files (x86)\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\fallout 4\fallout4.exe
FirewallRules: [{BF178F1C-E0C3-46E9-9206-CAE7339BC1FA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{10613C18-3E6C-4EEA-A13F-94CA7B3A1209}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [UDP Query User{130B31ED-B7E6-427C-A524-0347D5962B1B}C:\program files (x86)\interlude\uploader\interludeuploader.exe] => (Allow) C:\program files (x86)\interlude\uploader\interludeuploader.exe
FirewallRules: [TCP Query User{837540A1-D02A-408A-8934-ABC41748303A}C:\program files (x86)\interlude\uploader\interludeuploader.exe] => (Allow) C:\program files (x86)\interlude\uploader\interludeuploader.exe
FirewallRules: [{356C9E69-2FA0-4E55-BD75-334542844257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{6E916A44-DB71-4F74-975A-F9A7DC537A7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [UDP Query User{A9EBE957-6637-45C7-ABC5-F70AB0D81DAF}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{5D173576-6AC0-40F4-AB11-0BB10AA12A7B}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{4EFCB4DB-9F68-48E1-8203-5A340826EDB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{97B40514-C5E7-45A6-A9CC-3D4F0444603B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [UDP Query User{272E53C2-78ED-4E19-A642-FE95B91EF362}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe
FirewallRules: [TCP Query User{9E24BD58-5014-4C91-A95A-82E581869119}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe
FirewallRules: [UDP Query User{B223C5D2-1D7D-4756-B4B0-1DA2B97F3EE2}C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe] => (Allow) C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe
FirewallRules: [TCP Query User{61EDD8AE-B705-4A60-8E35-867F82BAFA2A}C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe] => (Allow) C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe
FirewallRules: [{029F6280-2569-4511-A707-55B5395346E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{024F95A5-CE5C-4B19-93B4-E1D916D54644}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A07BB80A-2FF9-4116-B79C-0DFED9BC12F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AE7B4A33-48E7-4DE1-A647-4AD4246F60B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{F935818D-3DF6-4DC3-9276-16765E44ECEB}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{8E56F37A-A8F0-4665-8418-782813E108DB}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{81FDCB39-0AC6-467C-8B86-A43B62E0E13A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{47CBCD98-6D7A-4E26-AB08-1A54B132E7C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{AF96A1CD-6F59-4817-83C6-CA1CF943B147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{75A5B41B-09FD-40B1-9199-6EDBD0BFD2F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [UDP Query User{8263E7D6-80C7-46C8-A88B-1A2152AE5FB7}C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [TCP Query User{9682D7EB-3520-48BD-9948-3683F3DF120B}C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [UDP Query User{C7D63E75-A76B-41B0-9AEF-817D8F485690}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [TCP Query User{A32A788C-0380-4978-872A-749D1C7A91F3}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [{73E0FF88-52E0-474B-B899-C4EA7B2D4173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{6C61B185-0D87-4025-8A93-8F2269312A9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{892C5DB1-407A-4A52-AFC7-2767259E8EA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0BA59AC6-6FEE-45DF-BB06-9AD378DF0E23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{424266B4-09B7-4304-8978-2397343F949D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{370E16E9-ED7E-4E18-8D4E-98AE8F14601C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [UDP Query User{C766DEBD-F56B-49CC-86B1-0F080CDCEB73}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{DA861CDD-0745-4038-9238-1953C3906E47}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{FFF8BEAA-8B11-4EE9-9462-C86156D2F987}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D312A315-F59A-4E14-976D-8832D0603F8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8877CE33-54C2-44BE-AA19-AE87761E6FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{AD692860-F970-49C9-A45D-467DC135EA68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{A74794AD-8AAB-4890-A528-E310E56EFE19}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{55E4D2B7-25BF-4577-A54D-89F0C257DEBB}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [UDP Query User{063F358E-2930-4D7D-B3EE-57DF49377952}C:\program files\adobe\adobe muse cc 2015\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2015\muse.exe
FirewallRules: [TCP Query User{94F14303-C9FE-4960-B362-9B831E62EB6E}C:\program files\adobe\adobe muse cc 2015\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2015\muse.exe
FirewallRules: [{2D1171D1-8678-4228-AD89-03EF96AE0604}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{2EB7A014-E114-44FD-A0A9-1254ED0A19BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{A64627B6-357B-47B7-B347-93E3CC5CB897}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{344FB187-8EB8-49D6-8A96-21AA73C27D96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [UDP Query User{48BA2C8D-DBB8-4501-BD67-8E01C6108FC3}C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe
FirewallRules: [TCP Query User{88D4A9AB-394E-4006-9C96-C52E20EA70FC}C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe
FirewallRules: [UDP Query User{1D530AB8-AC4E-42F7-9B2A-09B8B1100417}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{DEBB92F8-1CAF-4E71-91AA-40132A4B49CD}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{FF29ADB5-376A-445E-9297-16A2383072CC}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{94026ABB-0D25-40B1-BF19-AD1C29ED4573}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{DCCB5014-FD46-4C3D-BD2D-B9FB8B072DD1}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5DA73434-9199-44D8-ADD0-6E07B112DC3D}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{22E1508C-B314-4627-962A-1F0AED934A19}C:\program files\java\jdk1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_51\bin\java.exe
FirewallRules: [TCP Query User{3B66B767-479A-4E45-88A9-76769811132D}C:\program files\java\jdk1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_51\bin\java.exe
FirewallRules: [{F99FC205-64BC-4F12-9A4E-7345F6251D45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{A29BD4DF-CEB5-471E-9903-1EA166BA1FF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [UDP Query User{AFD398D9-DBD2-4F3F-9D60-F6BA9082E183}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{0B985265-6DFA-46FD-A399-393CDA1DAF4C}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{C42A4299-D3DC-41A7-9A34-DC4DA2B1D3C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{82D9B7E0-8624-4DD9-94CF-7413774006A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [UDP Query User{6B367216-F2EA-4DDB-A30E-32171DF7C933}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{5466263C-BAF6-4832-A24A-C08CB3F1E2E2}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{B9F08ED3-88CD-48C1-93B3-1FECA7501B00}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{9990F072-68B6-4749-9180-6A2AF42E218F}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{E66B9B1C-0941-44B1-8E12-F2BDDD87084B}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{B30FF8E0-D65C-45E1-A905-EBD4C63E5644}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{C38BD402-E01A-4376-AE53-1731E9B517C4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{24B507A9-472D-43DD-A052-675E178D55F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{96CDDAF6-68BB-44DD-A81B-4DBA4430926C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{77B25D21-266D-48FE-BAC2-C3E7AD3A913A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{CB1B1A53-4586-4B4E-B484-8D98A7587212}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{5A3291A2-5843-477C-837C-D99AD2EC09A5}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{D49DDE65-0D4A-4963-B3AF-FF5F87C7BE9B}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [TCP Query User{B7346198-7A5A-4A65-B85D-E70CBE997FBD}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [UDP Query User{491B3436-C3A9-4125-8F8D-4EA95CC70B40}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [TCP Query User{30E8FE09-36DD-4329-B3A1-8DA02C9A1845}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [{47BFCB2F-A01E-4F4B-95F8-B668D3415732}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{E9409407-598F-4FA9-BCA9-C6E68F2B995D}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{D22C0B19-BFCE-40D8-A2E4-A3FA79F4858B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D2132950-92AD-44C4-9E25-78DB36DD93E9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{A0A82D6E-6B44-4B63-809D-DB20E044C5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{4FCE514C-2C7E-4E3C-B7A6-F578C601B4D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{9D13C64D-A022-4895-884A-CFBD90E41E95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{394AC21E-E5F6-46E5-90BA-37D79CD59371}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A4C65B8-5746-4A97-BB3E-8F67DD65ECD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{8D1B274D-E9D7-42E0-8520-7702944745A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{69DF0F1B-3BD4-488D-882C-21C7D32041E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{EB25E78F-91EF-40A9-AD78-25496A92BA29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [UDP Query User{843FD069-6A7D-4F74-A167-F67DF6880228}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{CC1E38A8-1A94-4C82-AA4E-FC6612774E76}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{3D56B624-0D8A-49DA-B65D-069428796AAD}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{92C6973C-6296-412E-984B-1448B8F64477}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A2DD13B0-41A8-40F6-8223-85434E2EEECB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{BFEF13A6-10DB-4F0F-A406-269B318E99F1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1426DB6A-8305-4A5C-9621-1DFFB72A7A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{9F8C78A8-A93A-484F-908C-145B7CE52F0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{5DDA38A6-DC21-48E1-9F85-5A3DC1ECA39C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{F3A2B0AC-49BE-4991-AADE-6DC497C4BDC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{4FEB248E-90D2-487B-B77F-33A5CDD33204}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{FC67EC79-C3CC-41C5-A3B8-86C4F063C1BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{8102D4B2-3DC1-4237-92F4-64D2DE2ED67C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{300A7E2C-EFEC-4FB4-8D52-39E13EE55A08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{180BCF80-DE0B-4929-99BD-B93C60D5F1F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{D307E430-6B3C-4066-88BC-02469A0D0D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{254EDFCE-682B-4E0F-8A96-BB79D755C498}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{30C0583F-A7CD-469D-8AFE-DA379637F827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [UDP Query User{C393E1C8-60C1-4E95-8397-E74247015F20}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{310AA500-1A9A-4397-9D27-D2BCD2C8760E}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [{5CBA4726-48F4-40E6-911E-81C002EB3DF3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A198B3C8-265F-4D02-ABF7-EE85A0023728}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9466CB92-90B7-42AC-848A-88195399A88A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{283A139F-96B8-4996-8D21-CF3461177E60}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{69DBDECD-F9C2-46CF-8C6A-91F714FFC448}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{43740B93-3B22-455C-8D4E-874B1FCC05E9}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{90B2C4E5-CF95-4300-A754-0C1FCEFB5F9F}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FE7B0167-035A-4221-8BB8-4DFAB4EAD7DE}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{520C76EE-7C06-48AD-B0B2-116B491A09A9}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C26DBC35-153E-421A-B076-93A301170B68}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0D6EE2AF-3CB3-4073-9261-F6CBC6CAA299}] => (Allow) LPort=2333
FirewallRules: [{65012FA3-294A-40BA-9FD3-0707AC3D1F59}] => (Allow) LPort=9143
FirewallRules: [{3B6A7A21-5F86-4E32-9451-78D03869ECB2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2A757C46-DDDF-487B-BDE9-A7C40573F3F6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{876BD964-CE97-4CFA-AC3E-4EFAF021CDBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{094670F4-28BE-4C94-95A7-A8071460E122}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{114418B2-0A10-4528-83FA-571A1E9595EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{838E8CF5-E7F5-414C-85B8-A24704AD080A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1B977C4A-2316-49B7-BAE0-8A6BC36D18D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8BDC8694-973C-480C-B06E-6097D31F2949}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{981AA119-899C-47F9-BE70-713BC0389CEB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B4B75566-D0A7-45DA-AB62-3EF284F5C72A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CA228FD4-552B-4D94-A23F-E1FD17E21C3A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4423E8D-0E43-48B2-A78A-5E0AA70A97A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C05E63B5-2B23-4080-9A23-7D109A9833C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BD9830E-E5CF-4ECE-8EAE-174CBED4BA3C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0334B1E9-7D8B-491A-8585-2623CD4987FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1C5D698C-0AE1-4B80-9D8A-6E0C58135208}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{757BAF67-3AC3-40DB-993B-DBE6D4452311}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F21BEE2F-F830-4205-B81B-A381E97F44F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{66DB6B2D-3B8A-4419-A249-FEB558247325}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FEE69B74-436F-42E6-9CC7-4C6B56E5315B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C853CE80-4D32-4DC9-A092-A3424B4895BD}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [TCP Query User{5662243F-F755-4807-9F5E-9169CA55FECB}C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe
FirewallRules: [UDP Query User{68DCE2AC-AFA5-4EA9-A5C7-CE5886A35FAB}C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe
FirewallRules: [{8FB9A648-3540-4053-BC44-28AFDCC6B301}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{B02AFFAE-DF28-4EEE-9AEA-09D204B58B41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{65B870A1-71EF-4D1A-BD43-C4D0B1EC151B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TIS-100\tis100.exe
FirewallRules: [{7D2DE578-1912-4902-98CD-0EED21B99F0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TIS-100\tis100.exe
FirewallRules: [{FDA01F5A-5511-4901-8424-DC02B35C5A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{0E62CCFD-DDC1-4B8D-AE4B-E6B193610A66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{6A47ED58-61C7-4F6C-ACD0-62038F71E17A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{5F0EAECB-1F19-4245-A96B-FD486ADFD190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{81379528-4C8D-467C-88F5-28402D25D798}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E87C1F53-5A57-403C-B408-C47554F06C82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{F94765BE-9BF4-456C-98C4-0C8C4127AD49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [TCP Query User{C3E0405E-B073-4DA9-A610-8D2A1C0E57BE}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{FA96D52B-D0FC-4E5A-A9AF-69B3549CCE40}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{B46EBC96-A135-4068-B222-F50E650C46BC}C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe] => (Allow) C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe
FirewallRules: [UDP Query User{7F8A141A-9850-4BE7-B53A-649B232C2F71}C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe] => (Allow) C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe
FirewallRules: [TCP Query User{015EA347-1F2F-403A-AB10-52E86AF2EE61}C:\program files (x86)\squawkbox\squawkbox_fsx.exe] => (Allow) C:\program files (x86)\squawkbox\squawkbox_fsx.exe
FirewallRules: [UDP Query User{033602D5-F8E4-402F-8D10-FC9606F968CB}C:\program files (x86)\squawkbox\squawkbox_fsx.exe] => (Allow) C:\program files (x86)\squawkbox\squawkbox_fsx.exe
FirewallRules: [TCP Query User{D075DBED-0C65-4B0C-9CF3-ED391CF8BCC1}C:\program files (x86)\vrc\vrc.exe] => (Allow) C:\program files (x86)\vrc\vrc.exe
FirewallRules: [UDP Query User{86D97B92-AB6F-4BB1-9DE9-D5E23FFA7684}C:\program files (x86)\vrc\vrc.exe] => (Allow) C:\program files (x86)\vrc\vrc.exe
FirewallRules: [TCP Query User{90A6BC24-7FEC-4245-B98B-27DB0AA81098}C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe
FirewallRules: [UDP Query User{4DCD9ADD-9B79-437C-AC2C-D0407230B945}C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe
FirewallRules: [TCP Query User{620BE5D8-EB65-4EB7-A040-EA52339232F0}C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe
FirewallRules: [UDP Query User{211542D2-79DA-4608-B829-4D5237AF0F36}C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe
FirewallRules: [{5E4B40C6-5ECD-4439-9899-A21E3D5486E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{9CBDAA15-730F-4402-8A1A-4EBBAB3C729A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{EB5D45BB-4A21-4318-9CF5-004A15E76107}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{DFE7A643-EF3D-4296-A3B8-841F05C1D57E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{A15C7972-77D1-4567-BDE1-E92AD508C4A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{A92F6A26-3175-4912-8185-0BEA22030E35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{6A8B25C3-0406-4F62-A7D0-3F15F38FD0E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{0688240D-3BC4-410B-B3D1-418FC632E62B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [TCP Query User{90C413D0-E65C-4B28-9ED7-604CE786C11E}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{066A1D19-728C-4446-986C-F95D4F87EC79}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A4143369-E784-4FDF-8B91-29CFE118DABD}C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [UDP Query User{EA7D9EA4-7F74-4013-9B4B-C6488E347A6B}C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [{5EE220ED-C00C-4248-96F2-45AD25236972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{589238B8-4587-4466-B8B0-B92E93AB5A12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{04FD0D5C-6F86-4A0F-B73C-E25D58070EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{871C2994-B88A-4F60-A39D-546E62B076B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{79AA607D-78A7-4F5B-93DC-EEA398106E1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9D37A48D-264F-47CE-8D3A-5371B5F4AC16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9BE8AEF7-6B02-47FD-A2FB-8032565649B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{365BE34C-F9E2-408A-9672-8268AA662C8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [TCP Query User{E9BE8C1A-E5F3-4084-A080-E31FCB820ABB}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{55032E43-9BE9-44A2-90D0-3331F0B1E69C}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{12F0C906-A250-4D71-BFB7-A2975ED52841}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{91EED8F6-0E91-4691-90B0-240C4E06999B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{F15CAEB7-B3BC-4ED7-98F8-FF2D384F1795}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe
FirewallRules: [UDP Query User{F7D412ED-C08A-49E9-BA8B-2ADDF920CEC2}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe
FirewallRules: [TCP Query User{DB649F70-2953-4191-AA96-7C9334914A84}K:\multibit-hd.exe] => (Allow) K:\multibit-hd.exe
FirewallRules: [UDP Query User{ACB1B42A-4326-40FE-954B-749A9DCADDB0}K:\multibit-hd.exe] => (Allow) K:\multibit-hd.exe
FirewallRules: [TCP Query User{938F924F-0BB4-4D80-8568-9F410CA1E7A3}L:\multibit hd\multibit-hd.exe] => (Allow) L:\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{70AF8EF9-4E54-4943-BFFD-49309C2A20F5}L:\multibit hd\multibit-hd.exe] => (Allow) L:\multibit hd\multibit-hd.exe
FirewallRules: [TCP Query User{79CE2E65-4E33-44F0-8C8C-1AEE658B83F9}C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe
FirewallRules: [UDP Query User{47BB0878-0903-46D1-A20C-920F4CE709FC}C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe
FirewallRules: [{4197F1A6-C4CA-4716-8BEF-7EA338363D42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{877970F7-6ACD-4DA5-B070-B6932BC8B8D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{8D34D04E-B07E-4CE5-B727-1808950BD790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{B8103E54-DC8C-4DF2-B907-FBA9D1E51989}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{4268E62E-78B3-457E-8770-C4E3BBC6ECEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EF7A7BC0-315E-421D-8538-97155F6821DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6F044340-5468-44D9-8C19-C2208FF1901C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D161E290-25B3-439D-866A-78A29A866CB7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6F826737-D6D7-4E10-B145-E519B3ED5187}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{A925336A-4868-4A87-81C3-BF9A3768437D}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{0ADE25F2-CE14-46C1-954B-22815CF4B214}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{035EE4B4-EC0B-446B-B6AE-C38E4B9CB5BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{3D2AEA8A-5C79-4575-9C63-BD6C8D661625}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{249DD6F1-096A-4D35-AB17-A071753D9A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe
FirewallRules: [{F1485B27-C228-4141-A50D-2D37506063AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe
FirewallRules: [{4FBC21C7-A611-458B-BFAE-F443BF41A788}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{C0B8BDAB-4D1E-49E1-82DC-6C65313A8CDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{E4FA518F-0FF9-4C65-9148-DB537D5185F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{89C576DE-1CC2-484F-AA1C-0B79312B5F14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{48EE1819-FFEC-4B84-BF48-0D566A2CE38E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{22C8269F-4A49-4061-878A-42D4323CDF93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{9A656059-E0AE-4803-AC3D-0A7B999B6230}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{3D7004EA-A177-41F9-9EC4-D4A6339DF4DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{C2128984-30B4-4AF3-AE8D-A93321953BDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
 
==================== Restore Points =========================
 
23-03-2016 21:58:50 Windows Update
27-03-2016 00:21:52 Installed Oracle VM VirtualBox 5.0.16
30-03-2016 19:39:56 Windows Update
02-04-2016 21:38:19 Windows Update
05-04-2016 21:34:41 Installed Autodesk SketchBook
09-04-2016 18:58:09 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Management Engine Interface 
Description: Intel® Management Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
Description: Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: Ke2200
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/11/2016 01:01:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1031
 
Error: (04/11/2016 01:01:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1031
 
Error: (04/11/2016 01:01:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/11/2016 11:03:34 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. An instance of the service is already running
 
Error: (04/11/2016 11:03:31 AM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. The handle is invalid
 
Error: (04/10/2016 10:55:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094
 
Error: (04/10/2016 10:55:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094
 
Error: (04/10/2016 10:55:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/10/2016 07:37:53 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. An instance of the service is already running
 
Error: (04/10/2016 07:37:51 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. The handle is invalid
 
 
System errors:
=============
Error: (04/11/2016 01:01:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/10/2016 10:55:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/10/2016 03:01:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/09/2016 10:51:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/09/2016 07:41:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/09/2016 01:52:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/09/2016 12:55:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/08/2016 11:10:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/08/2016 09:43:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
 
Error: (04/08/2016 09:43:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-04-05 20:20:32.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-04-05 20:20:32.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-04-05 20:20:32.076
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.431
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-22 20:31:35.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 18:40:32.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 13:11:07.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-09 14:28:20.251
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 43%
Total physical RAM: 16332.62 MB
Available physical RAM: 9205.51 MB
Total Virtual: 18764.62 MB
Available Virtual: 7976.64 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.96 GB) (Free:438.4 GB) NTFS
Drive d: (Secondary Storage) (Fixed) (Total:931.39 GB) (Free:760.27 GB) NTFS
Drive e: (P2P V19) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive j: (NICHO 120GB) (Removable) (Total:119.22 GB) (Free:109.66 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 6 (Size: 119.3 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by Nicholas Godoy (administrator) on NICHOPC (11-04-2016 14:46:32)
Running from C:\Users\Nicholas Godoy\Desktop
Loaded Profiles: Nicholas Godoy (Available Profiles: Nicholas Godoy)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Razer Inc) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\sethc.exe
(Microsoft Corporation) C:\Windows\System32\sethc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.92.229.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.92.229.0\OverwolfHelper64.exe
(AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.92.229.0\OverwolfBrowser.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.92.229.0\OverwolfBrowser.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6769.57631.0_x64__8wekyb3d8bbwe\onenoteim.exe
() C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.720.4.0_x86__kgqvnymyfvs32\candycrushsaga.exe
() C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(BitTorrent Inc.) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\updates\7.9.6_42095\utorrentie.exe
(BitTorrent Inc.) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\updates\7.9.6_42095\utorrentie.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40791.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40791.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(AgileBits) C:\Program Files (x86)\1Password 4\1Password.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Nicholas Godoy\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-02] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-31] (AVAST Software)
HKLM-x32\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe -autostart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-09-29] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-04-05] (LogMeIn Inc.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2015-08-09] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Spotify Web Helper] => C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-03-18] (Spotify Ltd)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [TeamSpeak 3 Client] => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [11477784 2016-04-07] (TeamSpeak Systems GmbH)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [45296 2016-03-21] (Overwolf LTD)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Spotify] => C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe [6805616 2016-03-18] (Spotify Ltd)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [GoogleChromeAutoLaunch_7C338DCD52645621DFC0386802FBE5B6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-27] (Google Inc.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\RunOnce: [Uninstall C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\RunOnce: [Uninstall C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\MountPoints2: {10190359-dcaa-11e5-9c28-d3455c4ba16b} - "K:\LaunchU3.exe" -a
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\MountPoints2: {101914b1-dcaa-11e5-9c28-d3455c4ba16b} - "V:\Setup.exe" 
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2015-08-09] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-31] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-08-03]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A32F7F52-0DC5-40EF-84BD-7D30CC20D157}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitch.lnk [2015-11-08]
ShortcutTarget: AudioSwitch.lnk -> C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe ()
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-08-16]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-03-14]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{29510a9b-75dc-46a2-8a78-d9a0450d577e}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{55ada2be-b0cb-414a-a186-4b63f3a3baf1}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-31] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-31] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nicholas Godoy\AppData\Roaming\Mozilla\Firefox\Profiles\ii7sg7ae.default
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-26] (Apple Inc.)
FF Extension: SQLite Manager - C:\Users\Nicholas Godoy\AppData\Roaming\Mozilla\Firefox\Profiles\ii7sg7ae.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-08-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-31]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-31]
 
Chrome: 
=======
CHR HomePage: Default -> about:home
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-03-18]
CHR Extension: (GeoGebra) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2016-03-07]
CHR Extension: (Google Cast) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-31]
CHR Extension: (Pushbullet) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-04-01]
CHR Extension: (Steam inventory helper) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-03-20]
CHR Extension: (Tampermonkey) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-11]
CHR Extension: (Google Calendar) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-04]
CHR Extension: (AdBlock) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18]
CHR Extension: (Google Photos) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-01-04]
CHR Extension: (Dropbox) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-01-04]
CHR Extension: (CouchPotato) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jochingjncojldfclaicaomboafaiong [2015-08-11]
CHR Extension: (Momentum) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-01-25]
CHR Extension: (Save to Pocket) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Enhanced Steam) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-04-07]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-04-07]
CHR Extension: (Inbox by Gmail) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2016-01-04]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-01-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-31] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-08] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1284848 2016-03-21] (Overwolf LTD)
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [44544 2015-09-27] (Razer Inc) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4254720 2015-07-28] (A-Volute) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-31] (AVAST Software)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-08-02] ()
S4 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2196480 2015-10-30] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-07-28] (Windows ® Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [134800 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-12-02] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-11 14:46 - 2016-04-11 14:46 - 00035450 _____ C:\Users\Nicholas Godoy\Desktop\FRST.txt
2016-04-11 14:45 - 2016-04-11 14:46 - 00000000 ____D C:\FRST
2016-04-11 14:44 - 2016-04-11 14:44 - 02375168 _____ (Farbar) C:\Users\Nicholas Godoy\Desktop\FRST64.exe
2016-04-08 21:46 - 2016-04-08 21:46 - 00877568 _____ C:\Users\Nicholas Godoy\Downloads\setup-x86_64.exe
2016-04-08 21:46 - 2016-04-08 21:46 - 00877568 _____ C:\Users\Nicholas Godoy\Downloads\setup-x86_64 (1).exe
2016-04-08 21:33 - 2016-04-08 21:33 - 00534901 _____ C:\Users\Nicholas Godoy\Downloads\[www.OldSchoolHack.me]_AimBoss4516.zip
2016-04-08 19:53 - 2016-04-08 19:55 - 00000000 ____D C:\Users\Nicholas Godoy\Downloads\Microsoft Windows 10 PRO FULL(x64-x86) Sep 2015 [TechTools.NET]
2016-04-08 19:40 - 2016-04-08 19:40 - 00015764 _____ C:\Users\Nicholas Godoy\Downloads\Darkwrath's Hash Changer_mpgh.net.zip
2016-04-08 14:30 - 2016-04-08 15:04 - 00000000 ____D C:\Users\Nicholas Godoy\Downloads\3DMGAME-Medieval.Engineers.Deluxe.Edtion.v.02.050.004.Cracked-3DM
2016-04-08 12:06 - 2016-04-08 12:07 - 00000000 ____D C:\AdwCleaner
2016-04-08 12:04 - 2016-04-08 12:04 - 05660031 _____ (Swearware) C:\Users\Nicholas Godoy\Downloads\ComboFix.exe
2016-04-08 12:02 - 2016-04-08 12:02 - 03119168 _____ C:\Users\Nicholas Godoy\Downloads\adwcleaner_5.109.exe
2016-04-08 11:37 - 2016-04-08 11:37 - 00061952 _____ C:\Users\Nicholas Godoy\Downloads\Image6354815273.scr
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\LocalLow\BitTorrent
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-04-05 21:35 - 2016-04-05 21:35 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Autodesk
2016-04-05 21:34 - 2016-04-05 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk SketchBook
2016-04-05 21:34 - 2016-04-05 21:34 - 00000000 ____D C:\Program Files\Autodesk
2016-03-29 19:29 - 2016-03-29 19:29 - 00040183 _____ C:\Users\Nicholas Godoy\Desktop\Contact Us Confirmation.html
2016-03-29 19:29 - 2016-03-29 19:29 - 00000000 ____D C:\Users\Nicholas Godoy\Desktop\Contact Us Confirmation_files
2016-03-27 21:34 - 2016-03-27 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-03-27 00:22 - 2016-04-08 21:42 - 00000000 ____D C:\Users\Nicholas Godoy\.VirtualBox
2016-03-27 00:22 - 2016-03-27 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-03-27 00:22 - 2016-03-27 00:22 - 00000000 ____D C:\Program Files\Oracle
2016-03-27 00:22 - 2016-03-04 17:29 - 00982504 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2016-03-27 00:22 - 2016-03-04 17:29 - 00148808 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-03-26 22:35 - 2016-03-26 23:51 - 00000600 _____ C:\Users\Nicholas Godoy\AppData\Local\PUTTY.RND
2016-03-22 20:21 - 2016-03-22 20:39 - 00000000 ____D C:\Program Files (x86)\hkcmdr
2016-03-22 20:21 - 2016-03-22 20:21 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\hkcmdr
2016-03-18 22:51 - 2016-03-18 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-17 12:25 - 2016-03-23 20:08 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Factorio
2016-03-14 22:01 - 2016-04-04 20:12 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Stuff
2016-03-14 21:21 - 2016-03-15 17:55 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Rainmeter
2016-03-14 21:21 - 2016-03-15 17:54 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Rainmeter
2016-03-14 21:21 - 2016-03-14 21:21 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2016-03-14 21:21 - 2016-03-14 21:21 - 00000000 ____D C:\Program Files\Rainmeter
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-11 14:46 - 2015-08-02 15:30 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Skype
2016-04-11 14:45 - 2015-08-02 17:28 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent
2016-04-11 14:39 - 2015-08-05 19:35 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-04-11 14:32 - 2015-08-02 18:27 - 00001052 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-11 14:14 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job
2016-04-11 13:50 - 2015-08-02 15:19 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-11 13:39 - 2015-08-02 15:21 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-11 13:18 - 2015-08-21 13:15 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Spotify
2016-04-11 11:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job
2016-04-11 11:09 - 2015-10-29 20:04 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\TS3Client
2016-04-11 11:06 - 2015-08-26 14:01 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{522C723D-CE66-473D-8AC0-D864B45F818D}
2016-04-11 11:03 - 2015-08-21 13:15 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Spotify
2016-04-10 22:03 - 2015-09-30 21:26 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Custom Office Templates
2016-04-10 20:57 - 2016-02-12 15:05 - 00001958 _____ C:\WINDOWS\Sandboxie.ini
2016-04-10 18:32 - 2015-08-02 18:27 - 00001048 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-10 16:50 - 2015-08-02 15:19 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-10 13:39 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-10 13:37 - 2015-08-02 15:21 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-09 11:18 - 2016-01-07 22:46 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\CrashDumps
2016-04-08 22:04 - 2015-12-10 01:44 - 00000000 ____D C:\Users\Nicholas Godoy
2016-04-08 21:42 - 2015-08-02 15:11 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-08 14:57 - 2015-08-02 15:13 - 00002394 _____ C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-08 14:57 - 2015-08-02 15:13 - 00000000 ___RD C:\Users\Nicholas Godoy\OneDrive
2016-04-08 11:50 - 2015-08-03 21:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-08 11:46 - 2015-08-03 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-08 11:46 - 2015-08-03 21:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-08 11:35 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-07 11:25 - 2015-10-29 20:04 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-05 21:26 - 2015-08-02 15:11 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Packages
2016-04-04 20:01 - 2015-09-10 13:45 - 00000069 _____ C:\Users\Nicholas Godoy\Documents\Installed Fonts.txt
2016-04-04 17:22 - 2015-08-10 18:43 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Plex Home Theater
2016-04-03 21:23 - 2015-08-02 19:00 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\My Games
2016-03-31 19:48 - 2016-01-12 13:56 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\LocalLow\Hyper Hippo Productions Ltd_
2016-03-31 13:52 - 2015-12-10 01:44 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-31 13:52 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-31 13:12 - 2016-01-13 14:25 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-03-31 13:08 - 2015-08-02 18:27 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Dropbox
2016-03-31 13:07 - 2016-01-13 14:25 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Overwolf
2016-03-30 20:57 - 2015-10-13 22:49 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\AgileBits
2016-03-30 17:50 - 2015-08-02 15:19 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-26 17:09 - 2016-01-02 22:59 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Flight Simulator X Files
2016-03-22 20:38 - 2015-12-10 01:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-22 20:38 - 2015-12-10 01:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-22 20:27 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-21 23:26 - 2015-10-30 03:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-03-20 18:50 - 2015-08-06 17:09 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\.minecraft
2016-03-18 22:51 - 2015-08-02 18:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-16 21:57 - 2015-08-02 17:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-15 20:14 - 2015-08-26 17:16 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\HandBrake
2016-03-12 15:13 - 2015-08-11 18:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-12 15:10 - 2015-08-11 18:14 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-12 15:01 - 2015-10-13 22:47 - 00000000 ____D C:\Program Files (x86)\1Password 4
 
==================== Files in the root of some directories =======
 
2015-08-05 20:58 - 2016-01-10 19:56 - 0002376 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\SpeedRunnersLog.txt
2015-08-17 21:27 - 2015-10-27 14:57 - 0001456 _____ () C:\Users\Nicholas Godoy\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-03-26 22:35 - 2016-03-26 23:51 - 0000600 _____ () C:\Users\Nicholas Godoy\AppData\Local\PUTTY.RND
2015-08-03 13:36 - 2015-08-03 13:36 - 0000017 _____ () C:\Users\Nicholas Godoy\AppData\Local\resmon.resmoncfg
2015-10-13 22:48 - 2015-10-13 22:48 - 0000003 _____ () C:\Users\Nicholas Godoy\AppData\Local\updater.log
2015-10-13 22:48 - 2015-10-13 22:48 - 0000424 _____ () C:\Users\Nicholas Godoy\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
C:\Users\Nicholas Godoy\AppData\Local\Temp\1Password-4.6.0.598.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\1Password-4.6.0.604.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\npp.6.9.Installer.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\utils.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-11 12:20
 
==================== End of FRST.txt ============================

Edited by nicholasgodoyx, 11 April 2016 - 01:29 PM.


#6 nicholasgodoyx

nicholasgodoyx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro, Brazil
  • Local time:11:05 AM

Posted 11 April 2016 - 01:25 PM

I also scanned the .SCR file before I posted this with MalwareBytes and Avast. Results:

 

MalwareBytes didn't find anything

 
Avast detected it as Threat: Win32:Malware-gen (High severity)


#7 RayS

RayS

  • Malware Study Hall Senior
  • 2,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:05 AM

Posted 13 April 2016 - 11:44 AM

Hi Nicholas,

Cracked Software

I notice that you are running C:\Program Files\KMSpico\Service_KMS.exe (Key Management Service) which is an activation crack for Windows or Office. I am willing to help you with issues on your PC only if you agree to delete cracked software from your PC. The Fixlist.txt script below will deactivate Microsoft Office Professional Plus 2013 (Win10 may not be affected because Microsoft is allowing upgrades from pirated Win7, 8, and 8.1). KMSpico can promise that normal updates to your operating system and to Office will be available to you as if you were running legal copies, but there can be no guarantee of that, therefore, your PC will always be susceptible to infection. In addition, stealth malware is often bundled with software cracks. No further assistance will be offered if you choose to continue this illegal behavior. Please let me know whether you will allow me to delete KMSpico\Service_KMS.exe from your PC.



Peer-To-Peer File Sharing

Going over your logs, I noticed that you have BitTorrent installed. 

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected.
I would recommend that you uninstall BitTorrent, however, that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned. Please let me know whether you will refrain from using BitTorrent or you will delete it.



Malicious file

Image6354815273.scr contains a backdoor trojan. It was very dangerous to have removed it from the sandbox, but you avoided disaster by not launching the file.



AdwCleaner Re-Scan and Clean

Re-scan With AdwCleaner by Xplode Then Use Cleaning Mode
Please download AdwCleaner by Xplode and save to your Desktop. 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, in the Results section, click the Folders tab and remove the checkmark next to C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam.
  • On the Files tab, remove all the checkmarks next to files that have pbjikboenpfhbbejgkoklgkhjpfogcam in their names.
  • On the Chrome tab, remove the checkmark next to the extension that has pbjikboenpfhbbejgkoklgkhjpfogcam in its name.
  • Examine each tab again and be certain that no other checkmarks have been removed.
  • Click Clean.
  • Copy and paste the contents of the logfile into your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.




Executable files in TEMP

The following executable files should not reside in your Windows temporary folder. Please move them to some personal folder. Otherwise, when you run the FixList.txt script below, it will delete these files.

C:\Users\Nicholas Godoy\AppData\Local\Temp\1Password-4.6.0.598.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\1Password-4.6.0.604.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\npp.6.9.Installer.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\utils.dll







Let's run FRST in FIX mode

After you have agreed to deactivation of Office and you have removed the executable files from the Windows Temp folder, press the windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy the entire contents of the code box below into a new file.


Start

(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
zip: C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job;2016-04-11 11:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job;C:\Users\Nicholas Godoy\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-08 11:37 - 2016-04-08 11:37 - 00061952 _____ C:\Users\Nicholas Godoy\Downloads\Image6354815273.scr
File: C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job
File: 2016-04-11 11:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job
File: C:\Users\Nicholas Godoy\AppData\Local\Adobe Save for Web 13.0 Prefs


End

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.
The tool will also create a file called Upload.zip on your desktop. Please attach that file to your next reply.

 

Rerun FRST scan

Please download a fresh copy of Farbar Recovery Scan Tool and save it to your Desktop. The tool has been updated recently.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Be sure a checkmark is placed next to Additional.txt in the Optional Scan section of the tool.
  • Press the Scan button.
  • When finished, it will produce a file called FRST.txt and a file called Addition.txt in the same directory the tool was run from.
  • Please copy and paste the contents of both files into your next reply.




In your next reply...


  • Tell me whether you have agreed to removal of the KMSpico activation crack.
  • Tell me whether you will delete BitTorrent or will you refrain from using it while we are working together.
  • Copy and paste the contents of the AdwCleaner log into the body of your message.
  • Copy and paste the contents of Fixlog.txt into the body of your message.
  • Attach Upload.zip to your message.
  • Copy and paste the contents of Frst.txt and Addition.txt into the body of your message.


Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#8 nicholasgodoyx

nicholasgodoyx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro, Brazil
  • Local time:11:05 AM

Posted 13 April 2016 - 05:43 PM

Firstly, let me explain myself. I have used KMSpico, but only because I had no other choice. I had a legitimate Windows 7 installation that came with the computer, but when I upgraded to Windows 10, it messed up my installation and I had to reformat my hard drive and reinstall Windows. I contacted Microsoft Support multiple times but with no luck (not even a response). Since I didn't want to pay 100 bucks for software I already had (100 dollars is very expensive in my currency), I used KMSpico. I understand the risks. I know it doesn't justify my actions, but I just thought you should know. I will be uninstalling it as you said. My copy of Microsoft Office 2013 is legitimate.
 
Secondly, I do not use BitTorrent with torrenting or illegal sites. I use it to download linux distributions (they are free) for my multiple Raspberry PIs, every time I come up with a new project. I will not remove it, tough I will refrain from using it for the time being.
 
Now that that's out of the way, I just wanted to clear something. You said "It was very dangerous to have removed it from the sandbox, but you avoided disaster by not launching the file". As I said on my first post, I did launch the file, but it was inside Sandaboxie and Avast blocked it. That's what you mean right?
 
Here are the AdwCleaner logs:
 
# AdwCleaner v5.110 - Logfile created 13/04/2016 at 19:18:43
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Nicholas Godoy - NICHOPC
# Running from : C:\Users\Nicholas Godoy\Desktop\adwcleaner_5.110.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Nicholas Godoy\AppData\Local\PackageAware
[x] Folder Not Deleted : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\NICHOL~1\AppData\Local\Temp\Utils.dll
[x] File Not Deleted : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage[x] File Not Deleted : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal[x] File Not Deleted : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam[-] File Deleted : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pkaclsnffr-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pkaclsnffr-a.akamaihd.net_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[x] [C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Not Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1949 bytes] - [13/04/2016 19:18:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1940 bytes] - [08/04/2016 12:07:21]
C:\AdwCleaner\AdwCleaner[S2].txt - [2017 bytes] - [13/04/2016 19:15:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2168 bytes] ##########
 
About the TEMP files:
I guess those .exe files were part of updates, since I don't use them. I've deleted these ones:
C:\Users\Nicholas Godoy\AppData\Local\Temp\1Password-4.6.0.598.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\1Password-4.6.0.604.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\npp.6.9.Installer.exe
C:\Users\Nicholas Godoy\AppData\Local\Temp\SandboxieInstall.exe
 
But I couldn't find this one:
C:\Users\Nicholas Godoy\AppData\Local\Temp\utils.dll
 
This is the fixlog from FRST:
Fix result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by Nicholas Godoy (2016-04-13 19:33:12) Run:1
Running from C:\Users\Nicholas Godoy\Desktop
Loaded Profiles: Nicholas Godoy (Available Profiles: Nicholas Godoy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
C:\Program Files\KMSpico
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [File not signed]
zip: C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job;2016-04-11 11:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job;C:\Users\Nicholas Godoy\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-08 11:37 - 2016-04-08 11:37 - 00061952 _____ C:\Users\Nicholas Godoy\Downloads\Image6354815273.scr
File: C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job
File: 2016-04-11 11:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job
File: C:\Users\Nicholas Godoy\AppData\Local\Adobe Save for Web 13.0 Prefs
 
 
End
*****************
 
[2720] C:\Program Files\KMSpico\Service_KMS.exe => process closed successfully.
C:\Program Files\KMSpico => moved successfully
Service KMSELDI => service removed successfully
================== Zip: ===================
C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job -> copied successfully to C:\Users\Nicholas Godoy\Desktop\Upload.zip
"2016-04-11 11:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job" -> not found
C:\Users\Nicholas Godoy\AppData\Local\Adobe Save for Web 13.0 Prefs -> copied successfully to C:\Users\Nicholas Godoy\Desktop\Upload.zip
=========== Zip: End ===========
C:\Users\Nicholas Godoy\Downloads\Image6354815273.scr => moved successfully
 
========================= File: C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job ========================
 
File not signed
MD5: 3A67EF0D2B277F864A236F66496A7816
Creation and modification date: 2015-10-13 22:48 - 2016-04-13 18:14
Size: 0000422
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: 2016-04-11 11:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job ========================
 
"2016-04-11 11:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job" => not found.
====== End of File: ======
 
 
========================= File: C:\Users\Nicholas Godoy\AppData\Local\Adobe Save for Web 13.0 Prefs ========================
 
File not signed
MD5: 1BBDA0E4F8AFB975E63313FF4425B005
Creation and modification date: 2015-08-17 21:27 - 2015-10-27 14:57
Size: 0001456
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
==== End of Fixlog 19:33:13 ====
 
Upload.zip file: Attached File  Upload.zip   1.22KB   2 downloads
 
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Nicholas Godoy (administrator) on NICHOPC (13-04-2016 19:37:06)
Running from C:\Users\Nicholas Godoy\Desktop
Loaded Profiles: Nicholas Godoy (Available Profiles: Nicholas Godoy)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
() C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.93.20.0\OverwolfHelper.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.93.20.0\OverwolfHelper64.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Nicholas Godoy\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-02] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-31] (AVAST Software)
HKLM-x32\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe -autostart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-09-29] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-04-05] (LogMeIn Inc.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2015-08-09] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Spotify Web Helper] => C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-13] (Spotify Ltd)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [TeamSpeak 3 Client] => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [11477784 2016-04-07] (TeamSpeak Systems GmbH)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [45296 2016-04-05] (Overwolf LTD)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Spotify] => C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe [6891120 2016-04-13] (Spotify Ltd)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [GoogleChromeAutoLaunch_7C338DCD52645621DFC0386802FBE5B6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\RunOnce: [Uninstall C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\RunOnce: [Uninstall C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\MountPoints2: {10190359-dcaa-11e5-9c28-d3455c4ba16b} - "K:\LaunchU3.exe" -a
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\MountPoints2: {101914b1-dcaa-11e5-9c28-d3455c4ba16b} - "V:\Setup.exe" 
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2015-08-09] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-31] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-08-03]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A32F7F52-0DC5-40EF-84BD-7D30CC20D157}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitch.lnk [2015-11-08]
ShortcutTarget: AudioSwitch.lnk -> C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe ()
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-08-16]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-03-14]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{29510a9b-75dc-46a2-8a78-d9a0450d577e}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{55ada2be-b0cb-414a-a186-4b63f3a3baf1}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-31] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-31] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nicholas Godoy\AppData\Roaming\Mozilla\Firefox\Profiles\ii7sg7ae.default
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-26] (Apple Inc.)
FF Extension: SQLite Manager - C:\Users\Nicholas Godoy\AppData\Roaming\Mozilla\Firefox\Profiles\ii7sg7ae.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-08-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-31]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-31]
 
Chrome: 
=======
CHR HomePage: Default -> about:home
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-03-18]
CHR Extension: (GeoGebra) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2016-03-07]
CHR Extension: (Google Cast) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-31]
CHR Extension: (Pushbullet) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-04-13]
CHR Extension: (Steam inventory helper) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-03-20]
CHR Extension: (Tampermonkey) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-13]
CHR Extension: (Google Calendar) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-04]
CHR Extension: (AdBlock) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18]
CHR Extension: (Google Photos) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-01-04]
CHR Extension: (Dropbox) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-01-04]
CHR Extension: (CouchPotato) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jochingjncojldfclaicaomboafaiong [2015-08-11]
CHR Extension: (Momentum) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-01-25]
CHR Extension: (Save to Pocket) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Enhanced Steam) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-04-13]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-04-13]
CHR Extension: (Inbox by Gmail) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2016-01-04]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-01-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-31] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-08] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1286896 2016-04-05] (Overwolf LTD)
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [44544 2015-09-27] (Razer Inc) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4254720 2015-07-28] (A-Volute) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-31] (AVAST Software)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-08-02] ()
S4 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2196480 2015-10-30] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-07-28] (Windows ® Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [134800 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-12-02] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-13 19:37 - 2016-04-13 19:37 - 00034078 _____ C:\Users\Nicholas Godoy\Desktop\FRST.txt
2016-04-13 19:36 - 2016-04-13 19:36 - 02375168 _____ (Farbar) C:\Users\Nicholas Godoy\Downloads\FRST64.exe
2016-04-13 19:36 - 2016-04-13 19:36 - 02375168 _____ (Farbar) C:\Users\Nicholas Godoy\Desktop\FRST64.exe
2016-04-13 19:33 - 2016-04-13 19:33 - 00003091 _____ C:\Users\Nicholas Godoy\Desktop\Fixlog.txt
2016-04-13 19:33 - 2016-04-13 19:33 - 00001249 _____ C:\Users\Nicholas Godoy\Desktop\Upload.zip
2016-04-13 19:31 - 2016-04-13 19:31 - 00004107 _____ C:\Users\Nicholas Godoy\Desktop\New Text Document.txt
2016-04-13 19:15 - 2016-04-13 19:15 - 03465280 _____ C:\Users\Nicholas Godoy\Downloads\adwcleaner_5.110.exe
2016-04-11 14:45 - 2016-04-13 19:37 - 00000000 ____D C:\FRST
2016-04-08 12:06 - 2016-04-13 19:18 - 00000000 ____D C:\AdwCleaner
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\LocalLow\BitTorrent
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-04-05 21:35 - 2016-04-05 21:35 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Autodesk
2016-04-05 21:34 - 2016-04-05 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk SketchBook
2016-04-05 21:34 - 2016-04-05 21:34 - 00000000 ____D C:\Program Files\Autodesk
2016-03-29 19:29 - 2016-03-29 19:29 - 00040183 _____ C:\Users\Nicholas Godoy\Desktop\Contact Us Confirmation.html
2016-03-29 19:29 - 2016-03-29 19:29 - 00000000 ____D C:\Users\Nicholas Godoy\Desktop\Contact Us Confirmation_files
2016-03-27 21:34 - 2016-03-27 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-03-27 00:22 - 2016-04-08 21:42 - 00000000 ____D C:\Users\Nicholas Godoy\.VirtualBox
2016-03-27 00:22 - 2016-03-27 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-03-27 00:22 - 2016-03-27 00:22 - 00000000 ____D C:\Program Files\Oracle
2016-03-27 00:22 - 2016-03-04 17:29 - 00982504 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2016-03-27 00:22 - 2016-03-04 17:29 - 00148808 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-03-26 22:35 - 2016-03-26 23:51 - 00000600 _____ C:\Users\Nicholas Godoy\AppData\Local\PUTTY.RND
2016-03-22 20:21 - 2016-03-22 20:39 - 00000000 ____D C:\Program Files (x86)\hkcmdr
2016-03-22 20:21 - 2016-03-22 20:21 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\hkcmdr
2016-03-18 22:51 - 2016-03-18 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-17 12:25 - 2016-03-23 20:08 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Factorio
2016-03-14 22:01 - 2016-04-04 20:12 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Stuff
2016-03-14 21:21 - 2016-03-15 17:55 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Rainmeter
2016-03-14 21:21 - 2016-03-15 17:54 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Rainmeter
2016-03-14 21:21 - 2016-03-14 21:21 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2016-03-14 21:21 - 2016-03-14 21:21 - 00000000 ____D C:\Program Files\Rainmeter
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-13 19:32 - 2015-08-02 18:27 - 00001052 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-13 19:30 - 2015-08-02 15:30 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Skype
2016-04-13 19:25 - 2016-01-13 14:25 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-04-13 19:25 - 2015-12-10 01:44 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 19:25 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 19:25 - 2015-08-21 13:15 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Spotify
2016-04-13 19:22 - 2015-08-05 19:35 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-04-13 19:20 - 2016-02-13 18:41 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\LogMeIn Hamachi
2016-04-13 19:20 - 2016-01-13 14:25 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Overwolf
2016-04-13 19:20 - 2016-01-03 22:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-13 19:20 - 2015-10-29 20:04 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\TS3Client
2016-04-13 19:20 - 2015-08-21 13:15 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Spotify
2016-04-13 19:20 - 2015-08-02 18:27 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Dropbox
2016-04-13 19:20 - 2015-08-02 15:22 - 00000000 ____D C:\ProgramData\Skype
2016-04-13 19:20 - 2015-08-02 15:21 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-13 19:19 - 2015-12-10 01:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-13 19:19 - 2015-12-10 01:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-13 19:19 - 2015-12-10 01:43 - 05016216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 19:19 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 19:19 - 2015-10-30 03:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 19:19 - 2015-08-02 18:27 - 00001048 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-13 19:19 - 2015-08-02 15:19 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 19:17 - 2015-08-02 17:28 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent
2016-04-13 18:14 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job
2016-04-13 17:50 - 2015-08-02 15:19 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-13 17:14 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 17:14 - 2015-08-26 14:01 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{522C723D-CE66-473D-8AC0-D864B45F818D}
2016-04-12 20:16 - 2015-08-11 18:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 20:16 - 2015-08-11 18:14 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 20:13 - 2015-08-02 17:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-12 20:12 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-12 19:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job
2016-04-12 18:55 - 2015-08-02 15:11 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Packages
2016-04-11 19:36 - 2015-10-13 22:49 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\AgileBits
2016-04-11 17:07 - 2016-01-07 22:46 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\CrashDumps
2016-04-11 16:51 - 2015-08-02 15:19 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 15:23 - 2015-08-03 21:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 22:03 - 2015-09-30 21:26 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Custom Office Templates
2016-04-10 20:57 - 2016-02-12 15:05 - 00001958 _____ C:\WINDOWS\Sandboxie.ini
2016-04-10 13:37 - 2015-08-02 15:21 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-08 22:04 - 2015-12-10 01:44 - 00000000 ____D C:\Users\Nicholas Godoy
2016-04-08 21:42 - 2015-08-02 15:11 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-08 14:57 - 2015-08-02 15:13 - 00002394 _____ C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-08 14:57 - 2015-08-02 15:13 - 00000000 ___RD C:\Users\Nicholas Godoy\OneDrive
2016-04-08 11:46 - 2015-08-03 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-08 11:46 - 2015-08-03 21:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-07 11:25 - 2015-10-29 20:04 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-06 15:32 - 2015-10-30 04:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 15:32 - 2015-10-30 04:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 20:01 - 2015-09-10 13:45 - 00000069 _____ C:\Users\Nicholas Godoy\Documents\Installed Fonts.txt
2016-04-04 17:22 - 2015-08-10 18:43 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Plex Home Theater
2016-04-03 21:23 - 2015-08-02 19:00 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\My Games
2016-03-31 19:48 - 2016-01-12 13:56 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\LocalLow\Hyper Hippo Productions Ltd_
2016-03-26 17:09 - 2016-01-02 22:59 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Flight Simulator X Files
2016-03-20 18:50 - 2015-08-06 17:09 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\.minecraft
2016-03-18 22:51 - 2015-08-02 18:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-15 20:14 - 2015-08-26 17:16 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\HandBrake
 
==================== Files in the root of some directories =======
 
2015-08-05 20:58 - 2016-01-10 19:56 - 0002376 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\SpeedRunnersLog.txt
2015-08-17 21:27 - 2015-10-27 14:57 - 0001456 _____ () C:\Users\Nicholas Godoy\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-03-26 22:35 - 2016-03-26 23:51 - 0000600 _____ () C:\Users\Nicholas Godoy\AppData\Local\PUTTY.RND
2015-08-03 13:36 - 2015-08-03 13:36 - 0000017 _____ () C:\Users\Nicholas Godoy\AppData\Local\resmon.resmoncfg
2015-10-13 22:48 - 2015-10-13 22:48 - 0000003 _____ () C:\Users\Nicholas Godoy\AppData\Local\updater.log
2015-10-13 22:48 - 2015-10-13 22:48 - 0000424 _____ () C:\Users\Nicholas Godoy\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
C:\Users\Nicholas Godoy\AppData\Local\Temp\libeay32.dll
C:\Users\Nicholas Godoy\AppData\Local\Temp\msvcr120.dll
C:\Users\Nicholas Godoy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-11 12:20
 
==================== End of FRST.txt ============================
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Nicholas Godoy (2016-04-13 19:37:25)
Running from C:\Users\Nicholas Godoy\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-10 04:49:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4099895337-1454360887-1772386947-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4099895337-1454360887-1772386947-503 - Limited - Disabled)
Guest (S-1-5-21-4099895337-1454360887-1772386947-501 - Limited - Disabled)
Nicholas Godoy (S-1-5-21-4099895337-1454360887-1772386947-1001 - Administrator - Enabled) => C:\Users\Nicholas Godoy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Password 4.6.0.604 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Ableton Live 9 Suite (HKLM\...\{99C4D476-0AF0-4045-998F-E11CA4957BDB}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Muse CC 2015 (HKLM-x32\...\{7C54712F-A477-4E6A-AC81-7175494DD179}) (Version: 2015.0.0.597 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AIDA64 Extreme v5.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.30 - FinalWire Ltd.)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Atom (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\atom) (Version: 1.2.4 - GitHub Inc.)
AudioSwitch (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\AudioSwitch_is1) (Version: 2.1.1.0 - )
Autodesk SketchBook (HKLM\...\{C0D41025-EDBF-4354-A5BA-86B27A78BC25}) (Version: 8.00.0001 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
BitTorrent (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.)
BitTorrent Sync (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\BitTorrent Sync) (Version: 2.2.5 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
EDGE (HKLM-x32\...\Steam App 38740) (Version:  - Two Tribes)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version:  - Kyle Seeley)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.4.174 - Final Draft, Inc.)
Fractured Space (HKLM-x32\...\Steam App 310380) (Version:  - Edge Case Games Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\{DBA7719B-28D4-30D9-98DE-E689280E4D7E}) (Version: 49.0.2623.112 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
Hacknet (HKLM-x32\...\Steam App 365450) (Version:  - Team Fractal Alligator)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Just Cause 3 (HKLM-x32\...\Steam App 225540) (Version:  - Avalanche Studios)
Keep Talking and Nobody Explodes версия 1.0 (HKLM-x32\...\{E78D0C6F-65CF-486D-9710-E48FBA6A1C33}_is1) (Version: 1.0 - Steel Crate Games)
Keying Suite v11.1.5 (HKLM-x32\...\{21AD9423-3C17-43E2-AFD7-8305C965500F}_is1) (Version: 11.1.5 - Red Giant, LLC)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Life in Bunker (HKLM-x32\...\Life in Bunker_is1) (Version:  - )
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
Magic Bullet Suite v12.1.1 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 12.1.1 - Red Giant, LLC)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version:  - Microsoft Game Studios)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{070C55FA-FB9D-46DD-B30B-4B520A83A66A}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount Your Friends (HKLM-x32\...\Steam App 296470) (Version:  - Stegersaurus Software Inc.)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MultiBit Classic 0.5.19 (HKLM\...\0884-5076-5786-4986) (Version: 0.5.19 - Bitcoin Solutions Ltd)
MyTraffic Professional (HKLM-x32\...\{84832C70-3EF9-4BD9-99DF-559A2BDEC74C}) (Version: 6.0.0 - MyTraffic)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.93.20.0 - Overwolf Ltd.)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Quadro Delta)
Plex Home Theater (HKLM-x32\...\Plex Home Theater) (Version: 1.4.1 - Plex inc)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1058 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2593 - )
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.0.4 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.18 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27748 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Receiver version 0.0.0.9 (HKLM-x32\...\Receiver_is1) (Version: 0.0.0.9 - WaLMaRT)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.7.33 - Red Giant, LLC)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.6 - Samsung Electronics)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.) Hidden
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SYSM Monitor (HKLM-x32\...\SYSM Monitor_is1) (Version:  - SYSM Monitor)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.12.118.1020 - Electronic Arts Inc.)
Time Clickers (HKLM-x32\...\Steam App 385770) (Version:  - Proton Studio Inc)
TIS-100 (HKLM-x32\...\Steam App 370360) (Version:  - Zachtronics)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
Trapcode Suite v12.1.9 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.9 - Red Giant, LLC)
Universe (HKLM\...\Universe_is1) (Version: 1.2.0 CE - Red Giant, LLC)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Digital Ltd)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA00-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA01-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA02-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA03-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA04-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C643856-8F6B-4950-951C-83FCA9EE5B32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {1EE3D135-5381-4601-ABF8-3E521DC41D49} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {245D0DD8-D61D-4A4A-8446-9E6459231076} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-02] (Dropbox, Inc.)
Task: {2B49F9A3-C3C0-43DF-9839-F223458DE69E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {33419B0E-9E1B-42A0-BA95-48AECC0E9775} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {381E731E-C9B8-4D89-842B-6AF97C615AFA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-31] (AVAST Software)
Task: {41FF3B72-BBC5-43EA-B73E-149F1C1FB8AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-12] (Microsoft Corporation)
Task: {4813A742-96C7-4D17-B924-83CCBF73950C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {499753EB-8C8B-4228-A215-597C9EA0CCDC} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {64FE61CB-8A93-4732-AFD1-41BE364AD842} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-02] (Dropbox, Inc.)
Task: {698C635A-30BC-44BF-90A5-7CCD80D346A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7C5EE299-0E15-4818-B180-E9D9850037CB} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {93BB6B18-F1E7-4A9C-92FC-108F57416DF9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {97A6FF5D-45DD-4A6B-853C-1AB43CE8CA0E} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2015-04-10] (Samsung Electronics.)
Task: {9C9C0FC8-A73E-4752-9FA5-3E17CA411554} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client_V2.exe
Task: {AB654233-7172-480B-BA55-855C495B2F77} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {BE83D987-3FF3-4305-AADE-E6C1AFD41005} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D2739DA0-75E3-4B5A-9E27-80F3B30EDF53} - System32\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {ECB17338-0C56-41F1-B368-D80FA450DFEE} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-04-05] (Overwolf LTD)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 01:44 - 2015-11-02 10:36 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-23 16:11 - 2015-06-23 16:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-03-01 19:01 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-12 23:47 - 2016-01-04 22:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-01 19:01 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-13 10:25 - 2015-10-13 10:25 - 00820224 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll
2015-04-15 17:13 - 2015-04-15 17:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-12-19 14:34 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 19:01 - 2016-02-23 05:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 23:47 - 2016-01-04 22:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 23:47 - 2016-01-04 22:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-27 16:45 - 2016-01-16 02:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 16:45 - 2016-01-16 02:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-21 17:36 - 2014-08-19 16:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-03-06 21:07 - 2015-03-06 21:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-01 15:27 - 2015-09-01 15:27 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 21:07 - 2015-03-06 21:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-01 15:27 - 2015-09-01 15:27 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-09-19 16:15 - 2014-09-19 16:15 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-11-08 13:19 - 2015-07-22 20:22 - 00138752 _____ () C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe
2016-03-12 14:53 - 2016-03-12 14:53 - 00171008 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2016-01-06 17:14 - 2016-01-12 01:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-07-08 03:58 - 2015-07-08 03:58 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-01-31 12:04 - 2016-01-31 12:04 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-13 18:27 - 2016-04-13 18:27 - 02887168 _____ () C:\Program Files\AVAST Software\Avast\defs\16041301\algo.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-08-02 15:26 - 2016-01-12 01:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-02 15:30 - 2016-03-10 21:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-02 15:30 - 2016-03-31 17:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-02 15:30 - 2016-03-31 17:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 22:12 - 2016-02-17 19:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-08-02 15:30 - 2016-02-08 22:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-04-05 09:29 - 2016-04-05 09:29 - 45069312 _____ () C:\Program Files (x86)\Overwolf\0.93.20.0\libcef.DLL
2016-04-05 09:29 - 2016-04-05 09:29 - 00262656 _____ () C:\Program Files (x86)\Overwolf\0.93.20.0\OpenHardwareMonitorLib.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-01 14:37 - 2015-12-01 14:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 14:37 - 2015-12-01 14:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-08-21 13:15 - 2016-04-13 19:20 - 47503472 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libcef.dll
2015-12-11 17:32 - 2016-02-23 15:19 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-03-18 22:51 - 2016-02-23 15:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-03-18 22:51 - 2016-02-23 15:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 17:32 - 2016-02-23 15:19 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 17:32 - 2016-02-23 15:19 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 17:32 - 2016-03-11 21:18 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-03-18 22:51 - 2016-02-23 15:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-11 17:32 - 2016-03-11 21:18 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 17:32 - 2016-02-23 15:19 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 17:32 - 2016-02-23 15:20 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-11 17:32 - 2016-03-11 21:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 17:32 - 2016-03-11 21:18 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-03-18 22:51 - 2016-02-23 15:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-03-18 22:51 - 2016-02-23 15:21 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-03-18 22:51 - 2016-03-11 21:18 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-03-18 22:51 - 2016-02-12 21:24 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2015-12-11 17:32 - 2016-03-11 21:18 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 17:32 - 2016-02-23 15:19 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-03-18 22:51 - 2016-02-23 15:19 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-03-18 22:51 - 2016-02-23 15:20 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-03-18 22:51 - 2016-03-11 21:18 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 17:32 - 2016-02-23 15:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-03-18 22:51 - 2016-02-23 15:23 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-03-18 22:51 - 2016-02-23 15:23 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2015-12-11 17:32 - 2016-03-11 21:18 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-08-02 18:28 - 2016-02-23 15:25 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-01 03:28 - 2015-10-01 03:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-08-21 13:15 - 2016-04-13 19:20 - 01584240 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libglesv2.dll
2015-08-21 13:15 - 2016-04-13 19:20 - 00082032 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libegl.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 40622592 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 00911360 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 00134144 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-11 16:51 - 2016-04-06 07:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 16:51 - 2016-04-06 07:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2016-04-10 00:53 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 08:04 - 2015-12-13 20:30 - 00001802 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 apps.skype.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\Control Panel\Desktop\\Wallpaper -> D:\Dropbox\General\Wallpapers\Space Infographic\36466_infographic_dual_screen_dual_monitor_solar_system_infographic_dual_screen_finished.png
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7C338DCD52645621DFC0386802FBE5B6"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{90D0D150-B673-4AA8-80C1-26A1953FCE45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{8E889B37-41E0-4E34-838B-A0FB17EFDAC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [UDP Query User{560DBE34-FDBA-43F4-8CE4-7B3A810DB290}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [TCP Query User{1713208C-0A3E-419F-8E0A-176BBAE73BE9}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [{5A5F5CD3-A98B-463D-847A-64D52B49A81B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8FC65BDC-1A19-4E15-8987-9A102E0522EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FE4173AA-3E1D-4AF8-911F-F993C99DAC58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{3016466F-1958-463C-BD83-A9A23E79B79E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [UDP Query User{4AD19B90-0205-4A83-B8A1-ACBA5A38708D}C:\program files (x86)\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{F7C323A9-659A-4590-B04A-A699208E2989}C:\program files (x86)\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\fallout 4\fallout4.exe
FirewallRules: [{BF178F1C-E0C3-46E9-9206-CAE7339BC1FA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{10613C18-3E6C-4EEA-A13F-94CA7B3A1209}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [UDP Query User{130B31ED-B7E6-427C-A524-0347D5962B1B}C:\program files (x86)\interlude\uploader\interludeuploader.exe] => (Allow) C:\program files (x86)\interlude\uploader\interludeuploader.exe
FirewallRules: [TCP Query User{837540A1-D02A-408A-8934-ABC41748303A}C:\program files (x86)\interlude\uploader\interludeuploader.exe] => (Allow) C:\program files (x86)\interlude\uploader\interludeuploader.exe
FirewallRules: [{356C9E69-2FA0-4E55-BD75-334542844257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{6E916A44-DB71-4F74-975A-F9A7DC537A7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [UDP Query User{A9EBE957-6637-45C7-ABC5-F70AB0D81DAF}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{5D173576-6AC0-40F4-AB11-0BB10AA12A7B}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{4EFCB4DB-9F68-48E1-8203-5A340826EDB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{97B40514-C5E7-45A6-A9CC-3D4F0444603B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [UDP Query User{272E53C2-78ED-4E19-A642-FE95B91EF362}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe
FirewallRules: [TCP Query User{9E24BD58-5014-4C91-A95A-82E581869119}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe
FirewallRules: [UDP Query User{B223C5D2-1D7D-4756-B4B0-1DA2B97F3EE2}C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe] => (Allow) C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe
FirewallRules: [TCP Query User{61EDD8AE-B705-4A60-8E35-867F82BAFA2A}C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe] => (Allow) C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe
FirewallRules: [{029F6280-2569-4511-A707-55B5395346E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{024F95A5-CE5C-4B19-93B4-E1D916D54644}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A07BB80A-2FF9-4116-B79C-0DFED9BC12F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AE7B4A33-48E7-4DE1-A647-4AD4246F60B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{F935818D-3DF6-4DC3-9276-16765E44ECEB}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{8E56F37A-A8F0-4665-8418-782813E108DB}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{81FDCB39-0AC6-467C-8B86-A43B62E0E13A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{47CBCD98-6D7A-4E26-AB08-1A54B132E7C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{AF96A1CD-6F59-4817-83C6-CA1CF943B147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{75A5B41B-09FD-40B1-9199-6EDBD0BFD2F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [UDP Query User{8263E7D6-80C7-46C8-A88B-1A2152AE5FB7}C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [TCP Query User{9682D7EB-3520-48BD-9948-3683F3DF120B}C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [UDP Query User{C7D63E75-A76B-41B0-9AEF-817D8F485690}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [TCP Query User{A32A788C-0380-4978-872A-749D1C7A91F3}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [{73E0FF88-52E0-474B-B899-C4EA7B2D4173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{6C61B185-0D87-4025-8A93-8F2269312A9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{892C5DB1-407A-4A52-AFC7-2767259E8EA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0BA59AC6-6FEE-45DF-BB06-9AD378DF0E23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{424266B4-09B7-4304-8978-2397343F949D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{370E16E9-ED7E-4E18-8D4E-98AE8F14601C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [UDP Query User{C766DEBD-F56B-49CC-86B1-0F080CDCEB73}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{DA861CDD-0745-4038-9238-1953C3906E47}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{FFF8BEAA-8B11-4EE9-9462-C86156D2F987}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D312A315-F59A-4E14-976D-8832D0603F8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8877CE33-54C2-44BE-AA19-AE87761E6FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{AD692860-F970-49C9-A45D-467DC135EA68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{A74794AD-8AAB-4890-A528-E310E56EFE19}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{55E4D2B7-25BF-4577-A54D-89F0C257DEBB}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [UDP Query User{063F358E-2930-4D7D-B3EE-57DF49377952}C:\program files\adobe\adobe muse cc 2015\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2015\muse.exe
FirewallRules: [TCP Query User{94F14303-C9FE-4960-B362-9B831E62EB6E}C:\program files\adobe\adobe muse cc 2015\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2015\muse.exe
FirewallRules: [{2D1171D1-8678-4228-AD89-03EF96AE0604}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{2EB7A014-E114-44FD-A0A9-1254ED0A19BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{A64627B6-357B-47B7-B347-93E3CC5CB897}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{344FB187-8EB8-49D6-8A96-21AA73C27D96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [UDP Query User{48BA2C8D-DBB8-4501-BD67-8E01C6108FC3}C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe
FirewallRules: [TCP Query User{88D4A9AB-394E-4006-9C96-C52E20EA70FC}C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe
FirewallRules: [UDP Query User{1D530AB8-AC4E-42F7-9B2A-09B8B1100417}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{DEBB92F8-1CAF-4E71-91AA-40132A4B49CD}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{FF29ADB5-376A-445E-9297-16A2383072CC}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{94026ABB-0D25-40B1-BF19-AD1C29ED4573}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{DCCB5014-FD46-4C3D-BD2D-B9FB8B072DD1}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5DA73434-9199-44D8-ADD0-6E07B112DC3D}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{22E1508C-B314-4627-962A-1F0AED934A19}C:\program files\java\jdk1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_51\bin\java.exe
FirewallRules: [TCP Query User{3B66B767-479A-4E45-88A9-76769811132D}C:\program files\java\jdk1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_51\bin\java.exe
FirewallRules: [{F99FC205-64BC-4F12-9A4E-7345F6251D45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{A29BD4DF-CEB5-471E-9903-1EA166BA1FF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [UDP Query User{AFD398D9-DBD2-4F3F-9D60-F6BA9082E183}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{0B985265-6DFA-46FD-A399-393CDA1DAF4C}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{C42A4299-D3DC-41A7-9A34-DC4DA2B1D3C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{82D9B7E0-8624-4DD9-94CF-7413774006A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [UDP Query User{6B367216-F2EA-4DDB-A30E-32171DF7C933}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{5466263C-BAF6-4832-A24A-C08CB3F1E2E2}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{B9F08ED3-88CD-48C1-93B3-1FECA7501B00}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{9990F072-68B6-4749-9180-6A2AF42E218F}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{E66B9B1C-0941-44B1-8E12-F2BDDD87084B}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{B30FF8E0-D65C-45E1-A905-EBD4C63E5644}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{C38BD402-E01A-4376-AE53-1731E9B517C4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{24B507A9-472D-43DD-A052-675E178D55F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{96CDDAF6-68BB-44DD-A81B-4DBA4430926C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{77B25D21-266D-48FE-BAC2-C3E7AD3A913A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{CB1B1A53-4586-4B4E-B484-8D98A7587212}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{5A3291A2-5843-477C-837C-D99AD2EC09A5}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{D49DDE65-0D4A-4963-B3AF-FF5F87C7BE9B}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [TCP Query User{B7346198-7A5A-4A65-B85D-E70CBE997FBD}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [UDP Query User{491B3436-C3A9-4125-8F8D-4EA95CC70B40}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [TCP Query User{30E8FE09-36DD-4329-B3A1-8DA02C9A1845}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [{47BFCB2F-A01E-4F4B-95F8-B668D3415732}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{E9409407-598F-4FA9-BCA9-C6E68F2B995D}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{D22C0B19-BFCE-40D8-A2E4-A3FA79F4858B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D2132950-92AD-44C4-9E25-78DB36DD93E9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{A0A82D6E-6B44-4B63-809D-DB20E044C5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{4FCE514C-2C7E-4E3C-B7A6-F578C601B4D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{9D13C64D-A022-4895-884A-CFBD90E41E95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{394AC21E-E5F6-46E5-90BA-37D79CD59371}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A4C65B8-5746-4A97-BB3E-8F67DD65ECD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{8D1B274D-E9D7-42E0-8520-7702944745A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{69DF0F1B-3BD4-488D-882C-21C7D32041E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{EB25E78F-91EF-40A9-AD78-25496A92BA29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [UDP Query User{843FD069-6A7D-4F74-A167-F67DF6880228}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{CC1E38A8-1A94-4C82-AA4E-FC6612774E76}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{3D56B624-0D8A-49DA-B65D-069428796AAD}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{92C6973C-6296-412E-984B-1448B8F64477}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A2DD13B0-41A8-40F6-8223-85434E2EEECB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{BFEF13A6-10DB-4F0F-A406-269B318E99F1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1426DB6A-8305-4A5C-9621-1DFFB72A7A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{9F8C78A8-A93A-484F-908C-145B7CE52F0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{5DDA38A6-DC21-48E1-9F85-5A3DC1ECA39C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{F3A2B0AC-49BE-4991-AADE-6DC497C4BDC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{4FEB248E-90D2-487B-B77F-33A5CDD33204}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{FC67EC79-C3CC-41C5-A3B8-86C4F063C1BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{8102D4B2-3DC1-4237-92F4-64D2DE2ED67C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{300A7E2C-EFEC-4FB4-8D52-39E13EE55A08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{180BCF80-DE0B-4929-99BD-B93C60D5F1F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{D307E430-6B3C-4066-88BC-02469A0D0D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{254EDFCE-682B-4E0F-8A96-BB79D755C498}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{30C0583F-A7CD-469D-8AFE-DA379637F827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [UDP Query User{C393E1C8-60C1-4E95-8397-E74247015F20}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{310AA500-1A9A-4397-9D27-D2BCD2C8760E}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [{5CBA4726-48F4-40E6-911E-81C002EB3DF3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A198B3C8-265F-4D02-ABF7-EE85A0023728}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9466CB92-90B7-42AC-848A-88195399A88A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{283A139F-96B8-4996-8D21-CF3461177E60}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{69DBDECD-F9C2-46CF-8C6A-91F714FFC448}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{43740B93-3B22-455C-8D4E-874B1FCC05E9}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{90B2C4E5-CF95-4300-A754-0C1FCEFB5F9F}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FE7B0167-035A-4221-8BB8-4DFAB4EAD7DE}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{520C76EE-7C06-48AD-B0B2-116B491A09A9}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C26DBC35-153E-421A-B076-93A301170B68}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0D6EE2AF-3CB3-4073-9261-F6CBC6CAA299}] => (Allow) LPort=2333
FirewallRules: [{65012FA3-294A-40BA-9FD3-0707AC3D1F59}] => (Allow) LPort=9143
FirewallRules: [{3B6A7A21-5F86-4E32-9451-78D03869ECB2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2A757C46-DDDF-487B-BDE9-A7C40573F3F6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{876BD964-CE97-4CFA-AC3E-4EFAF021CDBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{094670F4-28BE-4C94-95A7-A8071460E122}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{114418B2-0A10-4528-83FA-571A1E9595EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{838E8CF5-E7F5-414C-85B8-A24704AD080A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1B977C4A-2316-49B7-BAE0-8A6BC36D18D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8BDC8694-973C-480C-B06E-6097D31F2949}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{981AA119-899C-47F9-BE70-713BC0389CEB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B4B75566-D0A7-45DA-AB62-3EF284F5C72A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CA228FD4-552B-4D94-A23F-E1FD17E21C3A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4423E8D-0E43-48B2-A78A-5E0AA70A97A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C05E63B5-2B23-4080-9A23-7D109A9833C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BD9830E-E5CF-4ECE-8EAE-174CBED4BA3C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0334B1E9-7D8B-491A-8585-2623CD4987FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1C5D698C-0AE1-4B80-9D8A-6E0C58135208}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{757BAF67-3AC3-40DB-993B-DBE6D4452311}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F21BEE2F-F830-4205-B81B-A381E97F44F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{66DB6B2D-3B8A-4419-A249-FEB558247325}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FEE69B74-436F-42E6-9CC7-4C6B56E5315B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C853CE80-4D32-4DC9-A092-A3424B4895BD}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [TCP Query User{5662243F-F755-4807-9F5E-9169CA55FECB}C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe
FirewallRules: [UDP Query User{68DCE2AC-AFA5-4EA9-A5C7-CE5886A35FAB}C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe
FirewallRules: [{8FB9A648-3540-4053-BC44-28AFDCC6B301}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{B02AFFAE-DF28-4EEE-9AEA-09D204B58B41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{65B870A1-71EF-4D1A-BD43-C4D0B1EC151B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TIS-100\tis100.exe
FirewallRules: [{7D2DE578-1912-4902-98CD-0EED21B99F0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TIS-100\tis100.exe
FirewallRules: [{FDA01F5A-5511-4901-8424-DC02B35C5A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{0E62CCFD-DDC1-4B8D-AE4B-E6B193610A66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{6A47ED58-61C7-4F6C-ACD0-62038F71E17A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{5F0EAECB-1F19-4245-A96B-FD486ADFD190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{81379528-4C8D-467C-88F5-28402D25D798}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E87C1F53-5A57-403C-B408-C47554F06C82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{F94765BE-9BF4-456C-98C4-0C8C4127AD49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [TCP Query User{C3E0405E-B073-4DA9-A610-8D2A1C0E57BE}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{FA96D52B-D0FC-4E5A-A9AF-69B3549CCE40}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{B46EBC96-A135-4068-B222-F50E650C46BC}C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe] => (Allow) C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe
FirewallRules: [UDP Query User{7F8A141A-9850-4BE7-B53A-649B232C2F71}C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe] => (Allow) C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe
FirewallRules: [TCP Query User{015EA347-1F2F-403A-AB10-52E86AF2EE61}C:\program files (x86)\squawkbox\squawkbox_fsx.exe] => (Allow) C:\program files (x86)\squawkbox\squawkbox_fsx.exe
FirewallRules: [UDP Query User{033602D5-F8E4-402F-8D10-FC9606F968CB}C:\program files (x86)\squawkbox\squawkbox_fsx.exe] => (Allow) C:\program files (x86)\squawkbox\squawkbox_fsx.exe
FirewallRules: [TCP Query User{D075DBED-0C65-4B0C-9CF3-ED391CF8BCC1}C:\program files (x86)\vrc\vrc.exe] => (Allow) C:\program files (x86)\vrc\vrc.exe
FirewallRules: [UDP Query User{86D97B92-AB6F-4BB1-9DE9-D5E23FFA7684}C:\program files (x86)\vrc\vrc.exe] => (Allow) C:\program files (x86)\vrc\vrc.exe
FirewallRules: [TCP Query User{90A6BC24-7FEC-4245-B98B-27DB0AA81098}C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe
FirewallRules: [UDP Query User{4DCD9ADD-9B79-437C-AC2C-D0407230B945}C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe
FirewallRules: [TCP Query User{620BE5D8-EB65-4EB7-A040-EA52339232F0}C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe
FirewallRules: [UDP Query User{211542D2-79DA-4608-B829-4D5237AF0F36}C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe
FirewallRules: [{5E4B40C6-5ECD-4439-9899-A21E3D5486E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{9CBDAA15-730F-4402-8A1A-4EBBAB3C729A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{EB5D45BB-4A21-4318-9CF5-004A15E76107}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{DFE7A643-EF3D-4296-A3B8-841F05C1D57E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{A15C7972-77D1-4567-BDE1-E92AD508C4A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{A92F6A26-3175-4912-8185-0BEA22030E35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{6A8B25C3-0406-4F62-A7D0-3F15F38FD0E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{0688240D-3BC4-410B-B3D1-418FC632E62B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [TCP Query User{90C413D0-E65C-4B28-9ED7-604CE786C11E}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{066A1D19-728C-4446-986C-F95D4F87EC79}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A4143369-E784-4FDF-8B91-29CFE118DABD}C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [UDP Query User{EA7D9EA4-7F74-4013-9B4B-C6488E347A6B}C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [{5EE220ED-C00C-4248-96F2-45AD25236972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{589238B8-4587-4466-B8B0-B92E93AB5A12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{04FD0D5C-6F86-4A0F-B73C-E25D58070EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{871C2994-B88A-4F60-A39D-546E62B076B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{79AA607D-78A7-4F5B-93DC-EEA398106E1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9D37A48D-264F-47CE-8D3A-5371B5F4AC16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9BE8AEF7-6B02-47FD-A2FB-8032565649B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{365BE34C-F9E2-408A-9672-8268AA662C8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [TCP Query User{E9BE8C1A-E5F3-4084-A080-E31FCB820ABB}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{55032E43-9BE9-44A2-90D0-3331F0B1E69C}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{12F0C906-A250-4D71-BFB7-A2975ED52841}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{91EED8F6-0E91-4691-90B0-240C4E06999B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{F15CAEB7-B3BC-4ED7-98F8-FF2D384F1795}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe
FirewallRules: [UDP Query User{F7D412ED-C08A-49E9-BA8B-2ADDF920CEC2}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe
FirewallRules: [TCP Query User{DB649F70-2953-4191-AA96-7C9334914A84}K:\multibit-hd.exe] => (Allow) K:\multibit-hd.exe
FirewallRules: [UDP Query User{ACB1B42A-4326-40FE-954B-749A9DCADDB0}K:\multibit-hd.exe] => (Allow) K:\multibit-hd.exe
FirewallRules: [TCP Query User{938F924F-0BB4-4D80-8568-9F410CA1E7A3}L:\multibit hd\multibit-hd.exe] => (Allow) L:\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{70AF8EF9-4E54-4943-BFFD-49309C2A20F5}L:\multibit hd\multibit-hd.exe] => (Allow) L:\multibit hd\multibit-hd.exe
FirewallRules: [TCP Query User{79CE2E65-4E33-44F0-8C8C-1AEE658B83F9}C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe
FirewallRules: [UDP Query User{47BB0878-0903-46D1-A20C-920F4CE709FC}C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe
FirewallRules: [{4197F1A6-C4CA-4716-8BEF-7EA338363D42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{877970F7-6ACD-4DA5-B070-B6932BC8B8D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{8D34D04E-B07E-4CE5-B727-1808950BD790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{B8103E54-DC8C-4DF2-B907-FBA9D1E51989}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{4268E62E-78B3-457E-8770-C4E3BBC6ECEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EF7A7BC0-315E-421D-8538-97155F6821DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6F044340-5468-44D9-8C19-C2208FF1901C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D161E290-25B3-439D-866A-78A29A866CB7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6F826737-D6D7-4E10-B145-E519B3ED5187}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{A925336A-4868-4A87-81C3-BF9A3768437D}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{0ADE25F2-CE14-46C1-954B-22815CF4B214}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{035EE4B4-EC0B-446B-B6AE-C38E4B9CB5BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{3D2AEA8A-5C79-4575-9C63-BD6C8D661625}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{249DD6F1-096A-4D35-AB17-A071753D9A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe
FirewallRules: [{F1485B27-C228-4141-A50D-2D37506063AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe
FirewallRules: [{4FBC21C7-A611-458B-BFAE-F443BF41A788}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{C0B8BDAB-4D1E-49E1-82DC-6C65313A8CDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{22C8269F-4A49-4061-878A-42D4323CDF93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{9A656059-E0AE-4803-AC3D-0A7B999B6230}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{724FB36B-1AC4-4EB4-BA53-B6720DFB9E9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FA32B3F2-D978-4EEE-9A7E-885CB26ABA9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{624B6ACA-68CB-43EA-85A0-D41CBD192B4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{0B410BD8-CEA5-4C5D-AF69-72076784E7AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{713198FD-CB2F-4CB5-8CEB-B45787057180}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
 
==================== Restore Points =========================
 
27-03-2016 00:21:52 Installed Oracle VM VirtualBox 5.0.16
30-03-2016 19:39:56 Windows Update
02-04-2016 21:38:19 Windows Update
05-04-2016 21:34:41 Installed Autodesk SketchBook
09-04-2016 18:58:09 Windows Update
12-04-2016 20:11:49 Windows Update
12-04-2016 20:12:01 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Management Engine Interface 
Description: Intel® Management Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
Description: Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: Ke2200
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/13/2016 07:25:24 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. An instance of the service is already running
 
Error: (04/13/2016 07:25:23 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. The handle is invalid
 
Error: (04/13/2016 06:41:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
 
Error: (04/13/2016 06:41:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
 
Error: (04/13/2016 06:41:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/12/2016 10:31:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1093
 
Error: (04/12/2016 10:31:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1093
 
Error: (04/12/2016 10:31:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/12/2016 08:12:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (04/12/2016 08:11:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (04/13/2016 07:33:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/13/2016 07:18:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (04/13/2016 07:18:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (04/13/2016 07:18:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%16389
 
Error: (04/13/2016 07:18:54 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/13/2016 07:18:53 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/13/2016 07:18:53 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/13/2016 07:18:52 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/13/2016 07:18:52 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/13/2016 07:18:52 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
 
CodeIntegrity:
===================================
  Date: 2016-04-12 20:33:03.514
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-05 20:20:32.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-04-05 20:20:32.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-04-05 20:20:32.076
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.431
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-22 20:31:35.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 18:40:32.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 13:11:07.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 24%
Total physical RAM: 16332.62 MB
Available physical RAM: 12388.16 MB
Total Virtual: 18764.62 MB
Available Virtual: 14024.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.96 GB) (Free:436.33 GB) NTFS
Drive d: (Secondary Storage) (Fixed) (Total:931.39 GB) (Free:760.26 GB) NTFS
Drive e: (P2P V19) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive j: (NICHO 120GB) (Removable) (Total:119.22 GB) (Free:109.66 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 119.3 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
As a final note, I noticed that the second FRST scan still shows KMSpico on it. I did remove it using the fixlist you provided, as can be seen on the fixlog, but I guess since I didn't restart the PC after the fix was done, it didn't update. Please tell me if you want me to restart the PC and re-run the test (I hibernate it daily, not turn it of completely.).
 
Cheers,
Nicholas
 
Edit: bolded some suff.
Edit 2: forgot to upload Upload.zip file

Edited by nicholasgodoyx, 14 April 2016 - 05:42 PM.


#9 RayS

RayS

  • Malware Study Hall Senior
  • 2,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:05 AM

Posted 14 April 2016 - 08:58 PM

Hi Nicholas,


 

I have used KMSpico, but only because I had no other choice. <snip> My copy of Microsoft Office 2013 is legitimate.


You don't need KMSpico because Microsoft has activated Win10 when upgraded from any previous version of Win7 regardless of original source. And you don't need it for a valid copy of Office. Thank you for deleting KMSpico and all its components.


 

Secondly, I do not use BitTorrent with torrenting or illegal sites. I use it to download linux distributions (they are free) for my multiple Raspberry PIs, every time I come up with a new project. I will not remove it, tough I will refrain from using it for the time being.


Peer-to-peer file sharing does have legitimate uses. Thank you for not using BitTorrent while we are working together.


 

You said "It was very dangerous to have removed it from the sandbox, but you avoided disaster by not launching the file". As I said on my first post, I did launch the file, but it was inside Sandaboxie and Avast blocked it. That's what you mean right?


Yes, it would have been quite harmful if you had launched Image6354815273.scr outside of the sandbox. You did the right thing by asking for our help in analyzing that file.


 

As a final note, I noticed that the second FRST scan still shows KMSpico on it. I did remove it using the fixlist you provided, as can be seen on the fixlog, but I guess since I didn't restart the PC after the fix was done, it didn't update. Please tell me if you want me to restart the PC and re-run the test (I hibernate it daily, not turn it of completely.).


The evidence you see of KMSpico are harmless remnants which we will remove with the Fixlist.txt script below.


 

But I couldn't find this one:
C:\Users\Nicholas Godoy\AppData\Local\Temp\utils.dll


We will remove it with the Fixlist.txt script below.



Results from Upload.zip

Result of scan at VirusTotal for update-S-1-5-21-4099895337-1454360887-1772386947-1001.job shows zero out of 56 detections:
https://virustotal.com/en/file/90dbe53ed08c303a3a64a6829fb1dac6a63adbac6a358f4f2772276d5034b7e6/analysis/1460605104/

Result of scan at VirusTotal for Adobe Save for Web 13.0 Prefs shows zero out of 56 detections:
https://virustotal.com/en/file/6a7afc061b0e060c28fe57e2e0a2296450efc73090a8d56c011c52f2baad5f11/analysis/



Lightshot by Skillbrains

I noticed that Lightshot is set to launch every time you restart your PC. Lightshot sometimes installs without your knowledge with free software downloads. If you didn't install it intentionally, please try to uninstall it by navigating to Control Panel > Programs and Features and searching for all listings containing "Skillbrains" and/or "Lightshot" in their name. Then right-click and select Uninstall. If you want to keep this software, skip this step.



Let's run FRST in FIX mode again

Press the windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy the entire contents of the code box below into a new file.

start

C:\Users\Nicholas Godoy\AppData\Local\Temp\utils.dll
Task: {7C5EE299-0E15-4818-B180-E9D9850037CB} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe

End

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.



Rerun FRST64.exe scan

  • Right-click FRST64.exe then click "Run as administrator".
  • When the tool opens, click Yes to disclaimer.
  • Be sure a checkmark is placed next to Additional.txt in the Optional Scan section of the tool.
  • Press the Scan button.
  • When finished, it will produce a file called FRST.txt and a file called Addition.txt in the same directory the tool was run from.
  • Please copy and paste the contents of both files into your next reply.

 

 

 

In your next reply...

  • Please tell me whether you want to keep Lightshot. If not, tell me whether you were able to uninstall it successfully?
  • Copy and paste the contents of Fixlog.txt into the body of your message.
  • Copy and paste the contents of FRST.TXT and Addition.txt into the body of your message.

Do you have any further concerns about your original issue?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#10 nicholasgodoyx

nicholasgodoyx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro, Brazil
  • Local time:11:05 AM

Posted 14 April 2016 - 09:07 PM

Yes, I want to keep Lightshot. It's a printscreen app I use regularly.

 

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016

Ran by Nicholas Godoy (2016-04-14 23:02:57) Run:4
Running from C:\Users\Nicholas Godoy\Desktop
Loaded Profiles: Nicholas Godoy (Available Profiles: Nicholas Godoy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
C:\Users\Nicholas Godoy\AppData\Local\Temp\utils.dll
Task: {7C5EE299-0E15-4818-B180-E9D9850037CB} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
 
End
*****************
 
"C:\Users\Nicholas Godoy\AppData\Local\Temp\utils.dll" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C5EE299-0E15-4818-B180-E9D9850037CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C5EE299-0E15-4818-B180-E9D9850037CB}" => key removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
 
==== End of Fixlog 23:02:58 ====
 
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Nicholas Godoy (administrator) on NICHOPC (14-04-2016 23:03:54)
Running from C:\Users\Nicholas Godoy\Desktop
Loaded Profiles: Nicholas Godoy (Available Profiles: Nicholas Godoy)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
() C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.93.20.0\OverwolfHelper.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.93.20.0\OverwolfHelper64.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Nicholas Godoy\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(NVIDIA Corporation) C:\Users\Nicholas Godoy\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Farbar) C:\Users\Nicholas Godoy\Desktop\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-02] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-31] (AVAST Software)
HKLM-x32\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe -autostart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-09-29] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-04-05] (LogMeIn Inc.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2015-08-09] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Spotify Web Helper] => C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-13] (Spotify Ltd)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [TeamSpeak 3 Client] => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [11477784 2016-04-07] (TeamSpeak Systems GmbH)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [45296 2016-04-05] (Overwolf LTD)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Spotify] => C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe [6891120 2016-04-13] (Spotify Ltd)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [GoogleChromeAutoLaunch_7C338DCD52645621DFC0386802FBE5B6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\RunOnce: [Uninstall C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\RunOnce: [Uninstall C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\MountPoints2: {10190359-dcaa-11e5-9c28-d3455c4ba16b} - "K:\LaunchU3.exe" -a
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\MountPoints2: {101914b1-dcaa-11e5-9c28-d3455c4ba16b} - "V:\Setup.exe" 
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2015-08-09] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-31] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-08-03]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A32F7F52-0DC5-40EF-84BD-7D30CC20D157}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitch.lnk [2015-11-08]
ShortcutTarget: AudioSwitch.lnk -> C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe ()
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-08-16]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-03-14]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{29510a9b-75dc-46a2-8a78-d9a0450d577e}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{55ada2be-b0cb-414a-a186-4b63f3a3baf1}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-31] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-31] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nicholas Godoy\AppData\Roaming\Mozilla\Firefox\Profiles\ii7sg7ae.default
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-26] (Apple Inc.)
FF Extension: SQLite Manager - C:\Users\Nicholas Godoy\AppData\Roaming\Mozilla\Firefox\Profiles\ii7sg7ae.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-08-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-31]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-31]
 
Chrome: 
=======
CHR HomePage: Default -> about:home
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-03-18]
CHR Extension: (GeoGebra) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2016-03-07]
CHR Extension: (Google Cast) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-31]
CHR Extension: (Pushbullet) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-04-13]
CHR Extension: (Steam inventory helper) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-03-20]
CHR Extension: (Tampermonkey) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-13]
CHR Extension: (Google Calendar) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-04]
CHR Extension: (AdBlock) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18]
CHR Extension: (Google Photos) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-01-04]
CHR Extension: (Dropbox) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-01-04]
CHR Extension: (CouchPotato) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jochingjncojldfclaicaomboafaiong [2015-08-11]
CHR Extension: (Momentum) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-01-25]
CHR Extension: (Save to Pocket) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Enhanced Steam) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-04-13]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-04-13]
CHR Extension: (Inbox by Gmail) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2016-01-04]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-01-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-31] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-08] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1286896 2016-04-05] (Overwolf LTD)
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [44544 2015-09-27] (Razer Inc) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4254720 2015-07-28] (A-Volute) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-31] (AVAST Software)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-08-02] ()
S4 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2196480 2015-10-30] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-07-28] (Windows ® Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [134800 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-12-02] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-14 23:03 - 2016-04-14 23:04 - 00034637 _____ C:\Users\Nicholas Godoy\Desktop\FRST.txt
2016-04-14 23:02 - 2016-04-14 23:02 - 02375168 _____ (Farbar) C:\Users\Nicholas Godoy\Downloads\FRST64 (1).exe
2016-04-14 23:02 - 2016-04-14 23:02 - 02375168 _____ (Farbar) C:\Users\Nicholas Godoy\Desktop\FRST64 (1).exe
2016-04-14 23:02 - 2016-04-14 23:02 - 00001154 _____ C:\Users\Nicholas Godoy\Desktop\Fixlog.txt
2016-04-13 19:36 - 2016-04-13 19:36 - 02375168 _____ (Farbar) C:\Users\Nicholas Godoy\Downloads\FRST64.exe
2016-04-13 19:15 - 2016-04-13 19:15 - 03465280 _____ C:\Users\Nicholas Godoy\Downloads\adwcleaner_5.110.exe
2016-04-11 14:45 - 2016-04-14 23:03 - 00000000 ____D C:\FRST
2016-04-08 14:30 - 2016-04-08 15:04 - 00000000 ____D C:\Users\Nicholas Godoy\Downloads\MEDENG
2016-04-08 12:06 - 2016-04-13 19:18 - 00000000 ____D C:\AdwCleaner
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\LocalLow\BitTorrent
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-04-05 21:35 - 2016-04-05 21:35 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Autodesk
2016-04-05 21:34 - 2016-04-05 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk SketchBook
2016-04-05 21:34 - 2016-04-05 21:34 - 00000000 ____D C:\Program Files\Autodesk
2016-03-29 19:29 - 2016-03-29 19:29 - 00040183 _____ C:\Users\Nicholas Godoy\Desktop\Contact Us Confirmation.html
2016-03-29 19:29 - 2016-03-29 19:29 - 00000000 ____D C:\Users\Nicholas Godoy\Desktop\Contact Us Confirmation_files
2016-03-27 21:34 - 2016-03-27 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-03-27 00:22 - 2016-04-08 21:42 - 00000000 ____D C:\Users\Nicholas Godoy\.VirtualBox
2016-03-27 00:22 - 2016-03-27 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-03-27 00:22 - 2016-03-27 00:22 - 00000000 ____D C:\Program Files\Oracle
2016-03-27 00:22 - 2016-03-04 17:29 - 00982504 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2016-03-27 00:22 - 2016-03-04 17:29 - 00148808 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-03-26 22:35 - 2016-03-26 23:51 - 00000600 _____ C:\Users\Nicholas Godoy\AppData\Local\PUTTY.RND
2016-03-22 20:21 - 2016-03-22 20:39 - 00000000 ____D C:\Program Files (x86)\hkcmdr
2016-03-22 20:21 - 2016-03-22 20:21 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\hkcmdr
2016-03-18 22:51 - 2016-03-18 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-17 12:25 - 2016-03-23 20:08 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Factorio
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-14 23:01 - 2015-08-02 15:30 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Skype
2016-04-14 23:00 - 2016-02-13 18:41 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\LogMeIn Hamachi
2016-04-14 23:00 - 2015-08-05 19:35 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-04-14 22:29 - 2015-10-29 20:04 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\TS3Client
2016-04-14 22:14 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job
2016-04-14 21:50 - 2015-08-02 15:19 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 21:42 - 2015-08-02 15:21 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-14 21:32 - 2015-08-02 18:27 - 00001052 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-14 21:09 - 2015-08-21 13:15 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Spotify
2016-04-14 20:32 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 20:18 - 2015-08-02 17:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-14 20:17 - 2015-07-10 08:04 - 00000167 _____ C:\WINDOWS\win.ini
2016-04-14 19:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job
2016-04-14 19:03 - 2015-08-26 14:01 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{522C723D-CE66-473D-8AC0-D864B45F818D}
2016-04-14 19:02 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-14 18:59 - 2015-08-21 13:15 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Spotify
2016-04-13 19:25 - 2016-01-13 14:25 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-04-13 19:25 - 2015-12-10 01:44 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 19:25 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 19:20 - 2016-01-13 14:25 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Overwolf
2016-04-13 19:20 - 2016-01-03 22:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-13 19:20 - 2015-08-02 18:27 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Dropbox
2016-04-13 19:20 - 2015-08-02 15:22 - 00000000 ____D C:\ProgramData\Skype
2016-04-13 19:19 - 2015-12-10 01:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-13 19:19 - 2015-12-10 01:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-13 19:19 - 2015-12-10 01:43 - 05016216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 19:19 - 2015-10-30 03:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 19:19 - 2015-08-02 18:27 - 00001048 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-13 19:19 - 2015-08-02 15:19 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 19:17 - 2015-08-02 17:28 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent
2016-04-13 17:14 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-12 20:16 - 2015-08-11 18:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 20:16 - 2015-08-11 18:14 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 18:55 - 2015-08-02 15:11 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Packages
2016-04-11 19:36 - 2015-10-13 22:49 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\AgileBits
2016-04-11 17:07 - 2016-01-07 22:46 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\CrashDumps
2016-04-11 16:51 - 2015-08-02 15:19 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 15:23 - 2015-08-03 21:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 22:03 - 2015-09-30 21:26 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Custom Office Templates
2016-04-10 20:57 - 2016-02-12 15:05 - 00001958 _____ C:\WINDOWS\Sandboxie.ini
2016-04-10 13:37 - 2015-08-02 15:21 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-08 22:04 - 2015-12-10 01:44 - 00000000 ____D C:\Users\Nicholas Godoy
2016-04-08 21:42 - 2015-08-02 15:11 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-08 14:57 - 2015-08-02 15:13 - 00002394 _____ C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-08 14:57 - 2015-08-02 15:13 - 00000000 ___RD C:\Users\Nicholas Godoy\OneDrive
2016-04-08 11:46 - 2015-08-03 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-08 11:46 - 2015-08-03 21:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-07 11:25 - 2015-10-29 20:04 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-06 15:32 - 2015-10-30 04:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 15:32 - 2015-10-30 04:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 20:12 - 2016-03-14 22:01 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Stuff
2016-04-04 20:01 - 2015-09-10 13:45 - 00000069 _____ C:\Users\Nicholas Godoy\Documents\Installed Fonts.txt
2016-04-04 17:22 - 2015-08-10 18:43 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Plex Home Theater
2016-04-03 21:23 - 2015-08-02 19:00 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\My Games
2016-03-31 19:48 - 2016-01-12 13:56 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\LocalLow\Hyper Hippo Productions Ltd_
2016-03-26 17:09 - 2016-01-02 22:59 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Flight Simulator X Files
2016-03-20 18:50 - 2015-08-06 17:09 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\.minecraft
2016-03-18 22:51 - 2015-08-02 18:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-15 20:14 - 2015-08-26 17:16 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\HandBrake
2016-03-15 17:55 - 2016-03-14 21:21 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Rainmeter
2016-03-15 17:54 - 2016-03-14 21:21 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Rainmeter
 
==================== Files in the root of some directories =======
 
2015-08-05 20:58 - 2016-01-10 19:56 - 0002376 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\SpeedRunnersLog.txt
2016-03-26 22:35 - 2016-03-26 23:51 - 0000600 _____ () C:\Users\Nicholas Godoy\AppData\Local\PUTTY.RND
2015-08-03 13:36 - 2015-08-03 13:36 - 0000017 _____ () C:\Users\Nicholas Godoy\AppData\Local\resmon.resmoncfg
2015-10-13 22:48 - 2015-10-13 22:48 - 0000003 _____ () C:\Users\Nicholas Godoy\AppData\Local\updater.log
2015-10-13 22:48 - 2015-10-13 22:48 - 0000424 _____ () C:\Users\Nicholas Godoy\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
C:\Users\Nicholas Godoy\AppData\Local\Temp\libeay32.dll
C:\Users\Nicholas Godoy\AppData\Local\Temp\msvcr120.dll
C:\Users\Nicholas Godoy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-11 12:20
 
==================== End of FRST.txt ============================
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Nicholas Godoy (2016-04-14 23:04:14)
Running from C:\Users\Nicholas Godoy\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-10 04:49:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4099895337-1454360887-1772386947-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4099895337-1454360887-1772386947-503 - Limited - Disabled)
Guest (S-1-5-21-4099895337-1454360887-1772386947-501 - Limited - Disabled)
Nicholas Godoy (S-1-5-21-4099895337-1454360887-1772386947-1001 - Administrator - Enabled) => C:\Users\Nicholas Godoy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Password 4.6.0.604 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Ableton Live 9 Suite (HKLM\...\{99C4D476-0AF0-4045-998F-E11CA4957BDB}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Muse CC 2015 (HKLM-x32\...\{7C54712F-A477-4E6A-AC81-7175494DD179}) (Version: 2015.0.0.597 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AIDA64 Extreme v5.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.30 - FinalWire Ltd.)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Atom (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\atom) (Version: 1.2.4 - GitHub Inc.)
AudioSwitch (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\AudioSwitch_is1) (Version: 2.1.1.0 - )
Autodesk SketchBook (HKLM\...\{C0D41025-EDBF-4354-A5BA-86B27A78BC25}) (Version: 8.00.0001 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
BitTorrent (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.)
BitTorrent Sync (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\BitTorrent Sync) (Version: 2.2.5 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
EDGE (HKLM-x32\...\Steam App 38740) (Version:  - Two Tribes)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version:  - Kyle Seeley)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.4.174 - Final Draft, Inc.)
Fractured Space (HKLM-x32\...\Steam App 310380) (Version:  - Edge Case Games Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\{DBA7719B-28D4-30D9-98DE-E689280E4D7E}) (Version: 49.0.2623.112 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
Hacknet (HKLM-x32\...\Steam App 365450) (Version:  - Team Fractal Alligator)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Just Cause 3 (HKLM-x32\...\Steam App 225540) (Version:  - Avalanche Studios)
Keep Talking and Nobody Explodes версия 1.0 (HKLM-x32\...\{E78D0C6F-65CF-486D-9710-E48FBA6A1C33}_is1) (Version: 1.0 - Steel Crate Games)
Keying Suite v11.1.5 (HKLM-x32\...\{21AD9423-3C17-43E2-AFD7-8305C965500F}_is1) (Version: 11.1.5 - Red Giant, LLC)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Life in Bunker (HKLM-x32\...\Life in Bunker_is1) (Version:  - )
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
Magic Bullet Suite v12.1.1 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 12.1.1 - Red Giant, LLC)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version:  - Microsoft Game Studios)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{070C55FA-FB9D-46DD-B30B-4B520A83A66A}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount Your Friends (HKLM-x32\...\Steam App 296470) (Version:  - Stegersaurus Software Inc.)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MultiBit Classic 0.5.19 (HKLM\...\0884-5076-5786-4986) (Version: 0.5.19 - Bitcoin Solutions Ltd)
MyTraffic Professional (HKLM-x32\...\{84832C70-3EF9-4BD9-99DF-559A2BDEC74C}) (Version: 6.0.0 - MyTraffic)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.93.20.0 - Overwolf Ltd.)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Quadro Delta)
Plex Home Theater (HKLM-x32\...\Plex Home Theater) (Version: 1.4.1 - Plex inc)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1058 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2593 - )
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.0.4 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.18 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27748 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Receiver version 0.0.0.9 (HKLM-x32\...\Receiver_is1) (Version: 0.0.0.9 - WaLMaRT)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.7.33 - Red Giant, LLC)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.6 - Samsung Electronics)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.) Hidden
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SYSM Monitor (HKLM-x32\...\SYSM Monitor_is1) (Version:  - SYSM Monitor)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.12.118.1020 - Electronic Arts Inc.)
Time Clickers (HKLM-x32\...\Steam App 385770) (Version:  - Proton Studio Inc)
TIS-100 (HKLM-x32\...\Steam App 370360) (Version:  - Zachtronics)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
Trapcode Suite v12.1.9 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.9 - Red Giant, LLC)
Universe (HKLM\...\Universe_is1) (Version: 1.2.0 CE - Red Giant, LLC)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Digital Ltd)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA00-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA01-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA02-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA03-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA04-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C643856-8F6B-4950-951C-83FCA9EE5B32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {1EE3D135-5381-4601-ABF8-3E521DC41D49} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {245D0DD8-D61D-4A4A-8446-9E6459231076} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-02] (Dropbox, Inc.)
Task: {2B49F9A3-C3C0-43DF-9839-F223458DE69E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {33419B0E-9E1B-42A0-BA95-48AECC0E9775} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {381E731E-C9B8-4D89-842B-6AF97C615AFA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-31] (AVAST Software)
Task: {41FF3B72-BBC5-43EA-B73E-149F1C1FB8AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-12] (Microsoft Corporation)
Task: {4813A742-96C7-4D17-B924-83CCBF73950C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {499753EB-8C8B-4228-A215-597C9EA0CCDC} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {64FE61CB-8A93-4732-AFD1-41BE364AD842} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-02] (Dropbox, Inc.)
Task: {698C635A-30BC-44BF-90A5-7CCD80D346A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {93BB6B18-F1E7-4A9C-92FC-108F57416DF9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {97A6FF5D-45DD-4A6B-853C-1AB43CE8CA0E} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2015-04-10] (Samsung Electronics.)
Task: {9C9C0FC8-A73E-4752-9FA5-3E17CA411554} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client_V2.exe
Task: {AB654233-7172-480B-BA55-855C495B2F77} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {BE83D987-3FF3-4305-AADE-E6C1AFD41005} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D2739DA0-75E3-4B5A-9E27-80F3B30EDF53} - System32\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {ECB17338-0C56-41F1-B368-D80FA450DFEE} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-04-05] (Overwolf LTD)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 01:44 - 2015-11-02 10:36 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-23 16:11 - 2015-06-23 16:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-03-01 19:01 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-12 23:47 - 2016-01-04 22:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-01 19:01 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-13 10:25 - 2015-10-13 10:25 - 00820224 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll
2015-04-15 17:13 - 2015-04-15 17:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-10-16 07:02 - 2015-10-16 07:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-12-19 14:34 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 19:01 - 2016-02-23 05:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-01 19:01 - 2016-02-23 05:38 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-09-21 17:36 - 2014-08-19 16:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-03-06 21:07 - 2015-03-06 21:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-01 15:27 - 2015-09-01 15:27 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 21:07 - 2015-03-06 21:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-01 15:27 - 2015-09-01 15:27 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-09-19 16:15 - 2014-09-19 16:15 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-11-08 13:19 - 2015-07-22 20:22 - 00138752 _____ () C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe
2016-03-12 14:53 - 2016-03-12 14:53 - 00171008 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2016-01-06 17:14 - 2016-01-12 01:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-07-08 03:58 - 2015-07-08 03:58 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-01-21 12:05 - 2016-01-21 12:05 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 12:17 - 2015-12-15 12:17 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-03-29 19:10 - 2016-03-29 19:10 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 19:10 - 2016-03-29 19:10 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-03 19:01 - 2016-03-03 19:01 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-12 23:47 - 2016-01-04 22:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 23:47 - 2016-01-04 22:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-27 16:45 - 2016-01-16 02:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 16:45 - 2016-01-16 02:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-13 18:27 - 2016-04-13 18:27 - 02887168 _____ () C:\Program Files\AVAST Software\Avast\defs\16041301\algo.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-04-14 19:58 - 2016-04-14 19:58 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041402\algo.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-08-02 15:26 - 2016-01-12 01:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-02 15:30 - 2016-03-10 21:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-02 15:30 - 2016-03-31 17:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-02 15:30 - 2016-03-31 17:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 22:12 - 2016-02-17 19:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-08-02 15:30 - 2016-02-08 22:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-04-05 09:29 - 2016-04-05 09:29 - 45069312 _____ () C:\Program Files (x86)\Overwolf\0.93.20.0\libcef.DLL
2016-04-05 09:29 - 2016-04-05 09:29 - 00262656 _____ () C:\Program Files (x86)\Overwolf\0.93.20.0\OpenHardwareMonitorLib.dll
2016-04-05 09:29 - 2016-04-05 09:29 - 00025600 _____ () C:\Program Files (x86)\Overwolf\0.93.20.0\CoreAudioApi.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-01 14:37 - 2015-12-01 14:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 14:37 - 2015-12-01 14:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-08-21 13:15 - 2016-04-13 19:20 - 47503472 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libcef.dll
2015-12-11 17:32 - 2016-02-23 15:19 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-03-18 22:51 - 2016-02-23 15:20 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-03-18 22:51 - 2016-02-23 15:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 17:32 - 2016-02-23 15:19 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 17:32 - 2016-02-23 15:19 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 17:32 - 2016-03-11 21:18 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-03-18 22:51 - 2016-02-23 15:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-11 17:32 - 2016-03-11 21:18 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 17:32 - 2016-02-23 15:19 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 17:32 - 2016-02-23 15:20 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-11 17:32 - 2016-03-11 21:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 17:32 - 2016-03-11 21:18 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-03-18 22:51 - 2016-02-23 15:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-03-18 22:51 - 2016-02-23 15:21 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-03-18 22:51 - 2016-03-11 21:18 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-03-18 22:51 - 2016-02-12 21:24 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2015-12-11 17:32 - 2016-03-11 21:18 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 17:32 - 2016-02-23 15:19 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-03-18 22:51 - 2016-02-23 15:19 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-03-18 22:51 - 2016-02-23 15:20 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 17:32 - 2016-02-23 15:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-19 16:23 - 2016-03-11 21:18 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-03-18 22:51 - 2016-03-11 21:18 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 17:32 - 2016-02-23 15:20 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-03-18 22:51 - 2016-02-23 15:23 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-03-18 22:51 - 2016-02-23 15:23 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2015-12-11 17:32 - 2016-03-11 21:18 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-03-18 22:51 - 2016-03-11 21:18 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-08-02 18:28 - 2016-02-23 15:25 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-01 03:28 - 2015-10-01 03:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-08-21 13:15 - 2016-04-13 19:20 - 01584240 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libglesv2.dll
2015-08-21 13:15 - 2016-04-13 19:20 - 00082032 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libegl.dll
2015-10-13 22:47 - 2015-04-28 09:50 - 00376832 _____ () C:\Program Files (x86)\1Password 4\js3215R.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 40622592 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 00911360 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 00134144 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-08-02 15:30 - 2015-09-24 20:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-04-11 16:51 - 2016-04-06 07:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 16:51 - 2016-04-06 07:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 08:04 - 2015-12-13 20:30 - 00001802 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 apps.skype.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\Control Panel\Desktop\\Wallpaper -> D:\Dropbox\General\Wallpapers\Space Infographic\36466_infographic_dual_screen_dual_monitor_solar_system_infographic_dual_screen_finished.png
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7C338DCD52645621DFC0386802FBE5B6"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{90D0D150-B673-4AA8-80C1-26A1953FCE45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{8E889B37-41E0-4E34-838B-A0FB17EFDAC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [UDP Query User{560DBE34-FDBA-43F4-8CE4-7B3A810DB290}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [TCP Query User{1713208C-0A3E-419F-8E0A-176BBAE73BE9}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [{5A5F5CD3-A98B-463D-847A-64D52B49A81B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8FC65BDC-1A19-4E15-8987-9A102E0522EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FE4173AA-3E1D-4AF8-911F-F993C99DAC58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{3016466F-1958-463C-BD83-A9A23E79B79E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [UDP Query User{4AD19B90-0205-4A83-B8A1-ACBA5A38708D}C:\program files (x86)\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{F7C323A9-659A-4590-B04A-A699208E2989}C:\program files (x86)\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\fallout 4\fallout4.exe
FirewallRules: [{BF178F1C-E0C3-46E9-9206-CAE7339BC1FA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{10613C18-3E6C-4EEA-A13F-94CA7B3A1209}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [UDP Query User{130B31ED-B7E6-427C-A524-0347D5962B1B}C:\program files (x86)\interlude\uploader\interludeuploader.exe] => (Allow) C:\program files (x86)\interlude\uploader\interludeuploader.exe
FirewallRules: [TCP Query User{837540A1-D02A-408A-8934-ABC41748303A}C:\program files (x86)\interlude\uploader\interludeuploader.exe] => (Allow) C:\program files (x86)\interlude\uploader\interludeuploader.exe
FirewallRules: [{356C9E69-2FA0-4E55-BD75-334542844257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{6E916A44-DB71-4F74-975A-F9A7DC537A7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [UDP Query User{A9EBE957-6637-45C7-ABC5-F70AB0D81DAF}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{5D173576-6AC0-40F4-AB11-0BB10AA12A7B}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{4EFCB4DB-9F68-48E1-8203-5A340826EDB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{97B40514-C5E7-45A6-A9CC-3D4F0444603B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [UDP Query User{272E53C2-78ED-4E19-A642-FE95B91EF362}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe
FirewallRules: [TCP Query User{9E24BD58-5014-4C91-A95A-82E581869119}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe
FirewallRules: [UDP Query User{B223C5D2-1D7D-4756-B4B0-1DA2B97F3EE2}C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe] => (Allow) C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe
FirewallRules: [TCP Query User{61EDD8AE-B705-4A60-8E35-867F82BAFA2A}C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe] => (Allow) C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe
FirewallRules: [{029F6280-2569-4511-A707-55B5395346E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{024F95A5-CE5C-4B19-93B4-E1D916D54644}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A07BB80A-2FF9-4116-B79C-0DFED9BC12F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AE7B4A33-48E7-4DE1-A647-4AD4246F60B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{F935818D-3DF6-4DC3-9276-16765E44ECEB}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{8E56F37A-A8F0-4665-8418-782813E108DB}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{81FDCB39-0AC6-467C-8B86-A43B62E0E13A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{47CBCD98-6D7A-4E26-AB08-1A54B132E7C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{AF96A1CD-6F59-4817-83C6-CA1CF943B147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{75A5B41B-09FD-40B1-9199-6EDBD0BFD2F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [UDP Query User{8263E7D6-80C7-46C8-A88B-1A2152AE5FB7}C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [TCP Query User{9682D7EB-3520-48BD-9948-3683F3DF120B}C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [UDP Query User{C7D63E75-A76B-41B0-9AEF-817D8F485690}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [TCP Query User{A32A788C-0380-4978-872A-749D1C7A91F3}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [{73E0FF88-52E0-474B-B899-C4EA7B2D4173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{6C61B185-0D87-4025-8A93-8F2269312A9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{892C5DB1-407A-4A52-AFC7-2767259E8EA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0BA59AC6-6FEE-45DF-BB06-9AD378DF0E23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{424266B4-09B7-4304-8978-2397343F949D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{370E16E9-ED7E-4E18-8D4E-98AE8F14601C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [UDP Query User{C766DEBD-F56B-49CC-86B1-0F080CDCEB73}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{DA861CDD-0745-4038-9238-1953C3906E47}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{FFF8BEAA-8B11-4EE9-9462-C86156D2F987}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D312A315-F59A-4E14-976D-8832D0603F8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8877CE33-54C2-44BE-AA19-AE87761E6FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{AD692860-F970-49C9-A45D-467DC135EA68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{A74794AD-8AAB-4890-A528-E310E56EFE19}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{55E4D2B7-25BF-4577-A54D-89F0C257DEBB}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [UDP Query User{063F358E-2930-4D7D-B3EE-57DF49377952}C:\program files\adobe\adobe muse cc 2015\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2015\muse.exe
FirewallRules: [TCP Query User{94F14303-C9FE-4960-B362-9B831E62EB6E}C:\program files\adobe\adobe muse cc 2015\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2015\muse.exe
FirewallRules: [{2D1171D1-8678-4228-AD89-03EF96AE0604}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{2EB7A014-E114-44FD-A0A9-1254ED0A19BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{A64627B6-357B-47B7-B347-93E3CC5CB897}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{344FB187-8EB8-49D6-8A96-21AA73C27D96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [UDP Query User{48BA2C8D-DBB8-4501-BD67-8E01C6108FC3}C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe
FirewallRules: [TCP Query User{88D4A9AB-394E-4006-9C96-C52E20EA70FC}C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe
FirewallRules: [UDP Query User{1D530AB8-AC4E-42F7-9B2A-09B8B1100417}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{DEBB92F8-1CAF-4E71-91AA-40132A4B49CD}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{FF29ADB5-376A-445E-9297-16A2383072CC}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{94026ABB-0D25-40B1-BF19-AD1C29ED4573}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{DCCB5014-FD46-4C3D-BD2D-B9FB8B072DD1}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5DA73434-9199-44D8-ADD0-6E07B112DC3D}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{22E1508C-B314-4627-962A-1F0AED934A19}C:\program files\java\jdk1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_51\bin\java.exe
FirewallRules: [TCP Query User{3B66B767-479A-4E45-88A9-76769811132D}C:\program files\java\jdk1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_51\bin\java.exe
FirewallRules: [{F99FC205-64BC-4F12-9A4E-7345F6251D45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{A29BD4DF-CEB5-471E-9903-1EA166BA1FF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [UDP Query User{AFD398D9-DBD2-4F3F-9D60-F6BA9082E183}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{0B985265-6DFA-46FD-A399-393CDA1DAF4C}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{C42A4299-D3DC-41A7-9A34-DC4DA2B1D3C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{82D9B7E0-8624-4DD9-94CF-7413774006A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [UDP Query User{6B367216-F2EA-4DDB-A30E-32171DF7C933}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{5466263C-BAF6-4832-A24A-C08CB3F1E2E2}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{B9F08ED3-88CD-48C1-93B3-1FECA7501B00}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{9990F072-68B6-4749-9180-6A2AF42E218F}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{E66B9B1C-0941-44B1-8E12-F2BDDD87084B}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{B30FF8E0-D65C-45E1-A905-EBD4C63E5644}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{C38BD402-E01A-4376-AE53-1731E9B517C4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{24B507A9-472D-43DD-A052-675E178D55F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{96CDDAF6-68BB-44DD-A81B-4DBA4430926C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{77B25D21-266D-48FE-BAC2-C3E7AD3A913A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{CB1B1A53-4586-4B4E-B484-8D98A7587212}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{5A3291A2-5843-477C-837C-D99AD2EC09A5}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{D49DDE65-0D4A-4963-B3AF-FF5F87C7BE9B}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [TCP Query User{B7346198-7A5A-4A65-B85D-E70CBE997FBD}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [UDP Query User{491B3436-C3A9-4125-8F8D-4EA95CC70B40}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [TCP Query User{30E8FE09-36DD-4329-B3A1-8DA02C9A1845}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [{47BFCB2F-A01E-4F4B-95F8-B668D3415732}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{E9409407-598F-4FA9-BCA9-C6E68F2B995D}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{D22C0B19-BFCE-40D8-A2E4-A3FA79F4858B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D2132950-92AD-44C4-9E25-78DB36DD93E9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{A0A82D6E-6B44-4B63-809D-DB20E044C5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{4FCE514C-2C7E-4E3C-B7A6-F578C601B4D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{9D13C64D-A022-4895-884A-CFBD90E41E95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{394AC21E-E5F6-46E5-90BA-37D79CD59371}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A4C65B8-5746-4A97-BB3E-8F67DD65ECD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{8D1B274D-E9D7-42E0-8520-7702944745A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{69DF0F1B-3BD4-488D-882C-21C7D32041E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{EB25E78F-91EF-40A9-AD78-25496A92BA29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [UDP Query User{843FD069-6A7D-4F74-A167-F67DF6880228}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{CC1E38A8-1A94-4C82-AA4E-FC6612774E76}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{3D56B624-0D8A-49DA-B65D-069428796AAD}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{92C6973C-6296-412E-984B-1448B8F64477}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A2DD13B0-41A8-40F6-8223-85434E2EEECB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{BFEF13A6-10DB-4F0F-A406-269B318E99F1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1426DB6A-8305-4A5C-9621-1DFFB72A7A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{9F8C78A8-A93A-484F-908C-145B7CE52F0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{5DDA38A6-DC21-48E1-9F85-5A3DC1ECA39C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{F3A2B0AC-49BE-4991-AADE-6DC497C4BDC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{4FEB248E-90D2-487B-B77F-33A5CDD33204}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{FC67EC79-C3CC-41C5-A3B8-86C4F063C1BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{8102D4B2-3DC1-4237-92F4-64D2DE2ED67C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{300A7E2C-EFEC-4FB4-8D52-39E13EE55A08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{180BCF80-DE0B-4929-99BD-B93C60D5F1F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{D307E430-6B3C-4066-88BC-02469A0D0D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{254EDFCE-682B-4E0F-8A96-BB79D755C498}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{30C0583F-A7CD-469D-8AFE-DA379637F827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [UDP Query User{C393E1C8-60C1-4E95-8397-E74247015F20}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{310AA500-1A9A-4397-9D27-D2BCD2C8760E}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [{5CBA4726-48F4-40E6-911E-81C002EB3DF3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A198B3C8-265F-4D02-ABF7-EE85A0023728}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9466CB92-90B7-42AC-848A-88195399A88A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{283A139F-96B8-4996-8D21-CF3461177E60}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{69DBDECD-F9C2-46CF-8C6A-91F714FFC448}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{43740B93-3B22-455C-8D4E-874B1FCC05E9}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{90B2C4E5-CF95-4300-A754-0C1FCEFB5F9F}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FE7B0167-035A-4221-8BB8-4DFAB4EAD7DE}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{520C76EE-7C06-48AD-B0B2-116B491A09A9}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C26DBC35-153E-421A-B076-93A301170B68}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0D6EE2AF-3CB3-4073-9261-F6CBC6CAA299}] => (Allow) LPort=2333
FirewallRules: [{65012FA3-294A-40BA-9FD3-0707AC3D1F59}] => (Allow) LPort=9143
FirewallRules: [{3B6A7A21-5F86-4E32-9451-78D03869ECB2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2A757C46-DDDF-487B-BDE9-A7C40573F3F6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{876BD964-CE97-4CFA-AC3E-4EFAF021CDBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{094670F4-28BE-4C94-95A7-A8071460E122}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{114418B2-0A10-4528-83FA-571A1E9595EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{838E8CF5-E7F5-414C-85B8-A24704AD080A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1B977C4A-2316-49B7-BAE0-8A6BC36D18D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8BDC8694-973C-480C-B06E-6097D31F2949}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{981AA119-899C-47F9-BE70-713BC0389CEB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B4B75566-D0A7-45DA-AB62-3EF284F5C72A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CA228FD4-552B-4D94-A23F-E1FD17E21C3A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4423E8D-0E43-48B2-A78A-5E0AA70A97A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C05E63B5-2B23-4080-9A23-7D109A9833C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BD9830E-E5CF-4ECE-8EAE-174CBED4BA3C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0334B1E9-7D8B-491A-8585-2623CD4987FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1C5D698C-0AE1-4B80-9D8A-6E0C58135208}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{757BAF67-3AC3-40DB-993B-DBE6D4452311}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F21BEE2F-F830-4205-B81B-A381E97F44F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{66DB6B2D-3B8A-4419-A249-FEB558247325}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FEE69B74-436F-42E6-9CC7-4C6B56E5315B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C853CE80-4D32-4DC9-A092-A3424B4895BD}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [TCP Query User{5662243F-F755-4807-9F5E-9169CA55FECB}C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe
FirewallRules: [UDP Query User{68DCE2AC-AFA5-4EA9-A5C7-CE5886A35FAB}C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe
FirewallRules: [{8FB9A648-3540-4053-BC44-28AFDCC6B301}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{B02AFFAE-DF28-4EEE-9AEA-09D204B58B41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{65B870A1-71EF-4D1A-BD43-C4D0B1EC151B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TIS-100\tis100.exe
FirewallRules: [{7D2DE578-1912-4902-98CD-0EED21B99F0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TIS-100\tis100.exe
FirewallRules: [{FDA01F5A-5511-4901-8424-DC02B35C5A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{0E62CCFD-DDC1-4B8D-AE4B-E6B193610A66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{6A47ED58-61C7-4F6C-ACD0-62038F71E17A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{5F0EAECB-1F19-4245-A96B-FD486ADFD190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{81379528-4C8D-467C-88F5-28402D25D798}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E87C1F53-5A57-403C-B408-C47554F06C82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{F94765BE-9BF4-456C-98C4-0C8C4127AD49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [TCP Query User{C3E0405E-B073-4DA9-A610-8D2A1C0E57BE}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{FA96D52B-D0FC-4E5A-A9AF-69B3549CCE40}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{B46EBC96-A135-4068-B222-F50E650C46BC}C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe] => (Allow) C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe
FirewallRules: [UDP Query User{7F8A141A-9850-4BE7-B53A-649B232C2F71}C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe] => (Allow) C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe
FirewallRules: [TCP Query User{015EA347-1F2F-403A-AB10-52E86AF2EE61}C:\program files (x86)\squawkbox\squawkbox_fsx.exe] => (Allow) C:\program files (x86)\squawkbox\squawkbox_fsx.exe
FirewallRules: [UDP Query User{033602D5-F8E4-402F-8D10-FC9606F968CB}C:\program files (x86)\squawkbox\squawkbox_fsx.exe] => (Allow) C:\program files (x86)\squawkbox\squawkbox_fsx.exe
FirewallRules: [TCP Query User{D075DBED-0C65-4B0C-9CF3-ED391CF8BCC1}C:\program files (x86)\vrc\vrc.exe] => (Allow) C:\program files (x86)\vrc\vrc.exe
FirewallRules: [UDP Query User{86D97B92-AB6F-4BB1-9DE9-D5E23FFA7684}C:\program files (x86)\vrc\vrc.exe] => (Allow) C:\program files (x86)\vrc\vrc.exe
FirewallRules: [TCP Query User{90A6BC24-7FEC-4245-B98B-27DB0AA81098}C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe
FirewallRules: [UDP Query User{4DCD9ADD-9B79-437C-AC2C-D0407230B945}C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe
FirewallRules: [TCP Query User{620BE5D8-EB65-4EB7-A040-EA52339232F0}C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe
FirewallRules: [UDP Query User{211542D2-79DA-4608-B829-4D5237AF0F36}C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe
FirewallRules: [{5E4B40C6-5ECD-4439-9899-A21E3D5486E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{9CBDAA15-730F-4402-8A1A-4EBBAB3C729A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{EB5D45BB-4A21-4318-9CF5-004A15E76107}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{DFE7A643-EF3D-4296-A3B8-841F05C1D57E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{A15C7972-77D1-4567-BDE1-E92AD508C4A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{A92F6A26-3175-4912-8185-0BEA22030E35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{6A8B25C3-0406-4F62-A7D0-3F15F38FD0E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{0688240D-3BC4-410B-B3D1-418FC632E62B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [TCP Query User{90C413D0-E65C-4B28-9ED7-604CE786C11E}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{066A1D19-728C-4446-986C-F95D4F87EC79}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A4143369-E784-4FDF-8B91-29CFE118DABD}C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [UDP Query User{EA7D9EA4-7F74-4013-9B4B-C6488E347A6B}C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [{5EE220ED-C00C-4248-96F2-45AD25236972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{589238B8-4587-4466-B8B0-B92E93AB5A12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{04FD0D5C-6F86-4A0F-B73C-E25D58070EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{871C2994-B88A-4F60-A39D-546E62B076B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{79AA607D-78A7-4F5B-93DC-EEA398106E1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9D37A48D-264F-47CE-8D3A-5371B5F4AC16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9BE8AEF7-6B02-47FD-A2FB-8032565649B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{365BE34C-F9E2-408A-9672-8268AA662C8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [TCP Query User{E9BE8C1A-E5F3-4084-A080-E31FCB820ABB}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{55032E43-9BE9-44A2-90D0-3331F0B1E69C}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{12F0C906-A250-4D71-BFB7-A2975ED52841}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{91EED8F6-0E91-4691-90B0-240C4E06999B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{F15CAEB7-B3BC-4ED7-98F8-FF2D384F1795}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe
FirewallRules: [UDP Query User{F7D412ED-C08A-49E9-BA8B-2ADDF920CEC2}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe
FirewallRules: [TCP Query User{DB649F70-2953-4191-AA96-7C9334914A84}K:\multibit-hd.exe] => (Allow) K:\multibit-hd.exe
FirewallRules: [UDP Query User{ACB1B42A-4326-40FE-954B-749A9DCADDB0}K:\multibit-hd.exe] => (Allow) K:\multibit-hd.exe
FirewallRules: [TCP Query User{938F924F-0BB4-4D80-8568-9F410CA1E7A3}L:\multibit hd\multibit-hd.exe] => (Allow) L:\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{70AF8EF9-4E54-4943-BFFD-49309C2A20F5}L:\multibit hd\multibit-hd.exe] => (Allow) L:\multibit hd\multibit-hd.exe
FirewallRules: [TCP Query User{79CE2E65-4E33-44F0-8C8C-1AEE658B83F9}C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe
FirewallRules: [UDP Query User{47BB0878-0903-46D1-A20C-920F4CE709FC}C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe
FirewallRules: [{4197F1A6-C4CA-4716-8BEF-7EA338363D42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{877970F7-6ACD-4DA5-B070-B6932BC8B8D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{8D34D04E-B07E-4CE5-B727-1808950BD790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{B8103E54-DC8C-4DF2-B907-FBA9D1E51989}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{4268E62E-78B3-457E-8770-C4E3BBC6ECEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EF7A7BC0-315E-421D-8538-97155F6821DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6F044340-5468-44D9-8C19-C2208FF1901C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D161E290-25B3-439D-866A-78A29A866CB7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6F826737-D6D7-4E10-B145-E519B3ED5187}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{A925336A-4868-4A87-81C3-BF9A3768437D}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{3D2AEA8A-5C79-4575-9C63-BD6C8D661625}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{249DD6F1-096A-4D35-AB17-A071753D9A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe
FirewallRules: [{F1485B27-C228-4141-A50D-2D37506063AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe
FirewallRules: [{724FB36B-1AC4-4EB4-BA53-B6720DFB9E9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6FF4877F-B0C2-45B2-8B02-F2021BC8B3AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DF54D20E-434F-4C02-A93E-9E0701679027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{B69BE8D9-0CC0-40C9-9D21-041F984EBDC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{EFB2DFD1-E517-48C9-B291-1E26EC54F600}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{6038F813-25AF-433A-958F-780370159A7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{2015E08B-BEAC-421E-B74F-9F5F7DC5D3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{ED9C5914-87C9-44B4-91BA-A23F5355F0DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{FE44AA7E-80AD-4D59-8433-65CF64B58EE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{19EC281C-1D92-4FEF-A11F-902F1A8F9DEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{30344EF7-2B64-4683-ABA8-974A50F2C803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
 
==================== Restore Points =========================
 
27-03-2016 00:21:52 Installed Oracle VM VirtualBox 5.0.16
30-03-2016 19:39:56 Windows Update
02-04-2016 21:38:19 Windows Update
05-04-2016 21:34:41 Installed Autodesk SketchBook
09-04-2016 18:58:09 Windows Update
12-04-2016 20:11:49 Windows Update
12-04-2016 20:12:01 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Management Engine Interface 
Description: Intel® Management Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
Description: Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: Ke2200
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/14/2016 10:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109
 
Error: (04/14/2016 10:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109
 
Error: (04/14/2016 10:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/14/2016 06:59:34 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. An instance of the service is already running
 
Error: (04/14/2016 06:59:33 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. The handle is invalid
 
Error: (04/13/2016 10:21:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1110
 
Error: (04/13/2016 10:21:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1110
 
Error: (04/13/2016 10:21:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/13/2016 07:57:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (04/13/2016 07:25:24 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. An instance of the service is already running
 
 
System errors:
=============
Error: (04/14/2016 10:29:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/13/2016 10:21:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/13/2016 07:56:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/13/2016 07:33:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/13/2016 07:18:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (04/13/2016 07:18:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (04/13/2016 07:18:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%16389
 
Error: (04/13/2016 07:18:54 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/13/2016 07:18:53 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/13/2016 07:18:53 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
 
CodeIntegrity:
===================================
  Date: 2016-04-14 21:02:46.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-12 20:33:03.514
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-05 20:20:32.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-04-05 20:20:32.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-04-05 20:20:32.076
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.431
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-22 20:31:35.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 18:40:32.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 32%
Total physical RAM: 16332.62 MB
Available physical RAM: 11098.66 MB
Total Virtual: 18764.62 MB
Available Virtual: 12590.76 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.96 GB) (Free:438.84 GB) NTFS
Drive d: (Secondary Storage) (Fixed) (Total:931.39 GB) (Free:760.26 GB) NTFS
Drive e: (P2P V19) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive j: (NICHO 120GB) (Removable) (Total:119.22 GB) (Free:109.66 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 119.3 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Last notes: So it's OK then? It hasn't done anything? My PC is clean?


#11 RayS

RayS

  • Malware Study Hall Senior
  • 2,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:05 AM

Posted 15 April 2016 - 06:12 PM

Hi Nicholas,

So it's OK then? It hasn't done anything? My PC is clean?

The Image6354815273.scr file did not launch outside of the sandbox. We still have some loose ends to clear up. Let's uninstall KSMpico, do one more FRST fix, and another scan. If the logs are all clean after that, I will have a clean-up message for you.


Let's run FRST in FIX mode

Press the windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy the entire contents of the code box below into a new file.
 

start

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\..\Interfaces\{29510a9b-75dc-46a2-8a78-d9a0450d577e}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{55ada2be-b0cb-414a-a186-4b63f3a3baf1}: [DhcpNameServer] 10.0.1.1

End

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as Fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.



Uninstall KSMpico

Please uninstall KSMpico by navigating to Control Panel > Programs and Features and searching for all listings containing "KSMpico" in their name. Then right-click and select Uninstall.



Rerun FRST64.exe scan

  • Right-click FRST64.exe then click Run as administrator.
  • When the tool opens, click Yes to disclaimer.
  • Be sure a checkmark is placed next to Additional.txt in the Optional Scan section of the tool.
  • Press the Scan button.
  • When finished, it will produce a file called FRST.txt and a file called Addition.txt in the same directory the tool was run from.
  • Please copy and paste the contents of both files into your next reply.

In your next reply...

  • Please tell me whether you were able to uninstall KSMpico successfully.
  • Copy and paste the contents of Fixlog.txt into the body of your message.
  • Copy and paste the contents of FRST.TXT and Addition.txt into the body of your message.

How is your computer running now?

 

Thank you.

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#12 nicholasgodoyx

nicholasgodoyx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro, Brazil
  • Local time:11:05 AM

Posted 15 April 2016 - 06:21 PM

KMSpico uninstallation returned me an error. Said it might already have been uninstalled.

 

FIXLOG:

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Nicholas Godoy (2016-04-15 20:17:24) Run:5
Running from C:\Users\Nicholas Godoy\Desktop
Loaded Profiles: Nicholas Godoy (Available Profiles: Nicholas Godoy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\..\Interfaces\{29510a9b-75dc-46a2-8a78-d9a0450d577e}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{55ada2be-b0cb-414a-a186-4b63f3a3baf1}: [DhcpNameServer] 10.0.1.1
 
End
*****************
 
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\napinsp.dll)
Winsock: Catalog5 000000000002\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000004\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully (%SystemRoot%\System32\winrnr.dll)
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29510a9b-75dc-46a2-8a78-d9a0450d577e}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55ada2be-b0cb-414a-a186-4b63f3a3baf1}\\DhcpNameServer => value removed successfully
 

 

==== End of Fixlog 20:17:24 ====
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Nicholas Godoy (administrator) on NICHOPC (15-04-2016 20:18:13)
Running from C:\Users\Nicholas Godoy\Desktop
Loaded Profiles: Nicholas Godoy (Available Profiles: Nicholas Godoy)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
() C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.93.20.0\OverwolfHelper.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.93.20.0\OverwolfHelper64.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
(Spotify Ltd) C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Nicholas Godoy\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Farbar) C:\Users\Nicholas Godoy\Desktop\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-02] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-31] (AVAST Software)
HKLM-x32\...\Run: [CAM] => C:\Program Files (x86)\NZXT\CAM\CAMLauncher.exe -autostart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-09-29] (Razer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4882360 2016-02-23] (AgileBits)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-04-05] (LogMeIn Inc.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2015-08-09] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Spotify Web Helper] => C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-13] (Spotify Ltd)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [TeamSpeak 3 Client] => C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe [11477784 2016-04-07] (TeamSpeak Systems GmbH)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [45296 2016-04-05] (Overwolf LTD)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [Spotify] => C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\Spotify.exe [6891120 2016-04-13] (Spotify Ltd)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Run: [GoogleChromeAutoLaunch_7C338DCD52645621DFC0386802FBE5B6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\RunOnce: [Uninstall C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\RunOnce: [Uninstall C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\MountPoints2: {10190359-dcaa-11e5-9c28-d3455c4ba16b} - "K:\LaunchU3.exe" -a
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\MountPoints2: {101914b1-dcaa-11e5-9c28-d3455c4ba16b} - "V:\Setup.exe" 
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2015-08-09] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-31] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-08-03]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A32F7F52-0DC5-40EF-84BD-7D30CC20D157}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitch.lnk [2015-11-08]
ShortcutTarget: AudioSwitch.lnk -> C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe ()
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-08-16]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-03-14]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
Internet Explorer:
==================
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-31] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-02-23] (AgileBits)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-12] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-31] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-12] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nicholas Godoy\AppData\Roaming\Mozilla\Firefox\Profiles\ii7sg7ae.default
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-26] (Apple Inc.)
FF Extension: SQLite Manager - C:\Users\Nicholas Godoy\AppData\Roaming\Mozilla\Firefox\Profiles\ii7sg7ae.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2015-08-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-31]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-31]
 
Chrome: 
=======
CHR HomePage: Default -> about:home
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-03-18]
CHR Extension: (GeoGebra) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2016-03-07]
CHR Extension: (Google Cast) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-31]
CHR Extension: (Pushbullet) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-04-13]
CHR Extension: (Steam inventory helper) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-04-15]
CHR Extension: (Tampermonkey) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-13]
CHR Extension: (Google Calendar) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-04]
CHR Extension: (AdBlock) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-15]
CHR Extension: (Google Photos) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-01-04]
CHR Extension: (Dropbox) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-01-04]
CHR Extension: (CouchPotato) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jochingjncojldfclaicaomboafaiong [2015-08-11]
CHR Extension: (Momentum) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-01-25]
CHR Extension: (Save to Pocket) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Enhanced Steam) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-04-13]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-04-13]
CHR Extension: (Inbox by Gmail) - C:\Users\Nicholas Godoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2016-01-04]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-01-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-31] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-02] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-08] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1286896 2016-04-05] (Overwolf LTD)
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [44544 2015-09-27] (Razer Inc) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4254720 2015-07-28] (A-Volute) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-03-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-31] (AVAST Software)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-08-02] ()
S4 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2196480 2015-10-30] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-07-28] (Windows ® Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [134800 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-12-02] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-15 20:18 - 2016-04-15 20:18 - 00033646 _____ C:\Users\Nicholas Godoy\Desktop\FRST.txt
2016-04-15 20:17 - 2016-04-15 20:17 - 00002514 _____ C:\Users\Nicholas Godoy\Desktop\Fixlog.txt
2016-04-15 20:11 - 2016-04-15 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-14 23:02 - 2016-04-14 23:02 - 02375168 _____ (Farbar) C:\Users\Nicholas Godoy\Desktop\FRST64 (1).exe
2016-04-13 19:36 - 2016-04-13 19:36 - 02375168 _____ (Farbar) C:\Users\Nicholas Godoy\Downloads\FRST64.exe
2016-04-13 19:15 - 2016-04-13 19:15 - 03465280 _____ C:\Users\Nicholas Godoy\Downloads\adwcleaner_5.110.exe
2016-04-11 14:45 - 2016-04-15 20:18 - 00000000 ____D C:\FRST
2016-04-08 14:30 - 2016-04-08 15:04 - 00000000 ____D C:\Users\Nicholas Godoy\Downloads\MEDENG
2016-04-08 12:06 - 2016-04-13 19:18 - 00000000 ____D C:\AdwCleaner
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\LocalLow\BitTorrent
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-04-07 11:24 - 2016-04-07 11:24 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-04-05 21:35 - 2016-04-05 21:35 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Autodesk
2016-04-05 21:34 - 2016-04-05 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk SketchBook
2016-04-05 21:34 - 2016-04-05 21:34 - 00000000 ____D C:\Program Files\Autodesk
2016-03-29 19:29 - 2016-03-29 19:29 - 00040183 _____ C:\Users\Nicholas Godoy\Desktop\Contact Us Confirmation.html
2016-03-29 19:29 - 2016-03-29 19:29 - 00000000 ____D C:\Users\Nicholas Godoy\Desktop\Contact Us Confirmation_files
2016-03-27 21:34 - 2016-03-27 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-03-27 00:22 - 2016-04-08 21:42 - 00000000 ____D C:\Users\Nicholas Godoy\.VirtualBox
2016-03-27 00:22 - 2016-03-27 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-03-27 00:22 - 2016-03-27 00:22 - 00000000 ____D C:\Program Files\Oracle
2016-03-27 00:22 - 2016-03-04 17:29 - 00982504 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2016-03-27 00:22 - 2016-03-04 17:29 - 00148808 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-03-26 22:35 - 2016-03-26 23:51 - 00000600 _____ C:\Users\Nicholas Godoy\AppData\Local\PUTTY.RND
2016-03-22 20:21 - 2016-03-22 20:39 - 00000000 ____D C:\Program Files (x86)\hkcmdr
2016-03-22 20:21 - 2016-03-22 20:21 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\hkcmdr
2016-03-17 12:25 - 2016-03-23 20:08 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Factorio
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-15 20:16 - 2015-08-05 19:35 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-04-15 20:14 - 2015-08-02 15:30 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Skype
2016-04-15 20:11 - 2015-08-02 18:27 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-15 19:59 - 2015-08-21 13:15 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Spotify
2016-04-15 19:58 - 2015-08-26 14:01 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{522C723D-CE66-473D-8AC0-D864B45F818D}
2016-04-15 19:55 - 2016-02-13 18:41 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\LogMeIn Hamachi
2016-04-15 19:54 - 2015-08-21 13:15 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Spotify
2016-04-14 22:29 - 2015-10-29 20:04 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\TS3Client
2016-04-14 22:14 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job
2016-04-14 21:50 - 2015-08-02 15:19 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 21:42 - 2015-08-02 15:21 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-14 21:32 - 2015-08-02 18:27 - 00001052 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-14 20:32 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 20:18 - 2015-08-02 17:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-14 20:17 - 2015-07-10 08:04 - 00000167 _____ C:\WINDOWS\win.ini
2016-04-14 19:38 - 2015-10-13 22:48 - 00000422 _____ C:\WINDOWS\Tasks\update-sys.job
2016-04-14 19:02 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 19:25 - 2016-01-13 14:25 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-04-13 19:25 - 2015-12-10 01:44 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 19:25 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 19:20 - 2016-01-13 14:25 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Overwolf
2016-04-13 19:20 - 2016-01-03 22:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-13 19:20 - 2015-08-02 18:27 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Dropbox
2016-04-13 19:20 - 2015-08-02 15:22 - 00000000 ____D C:\ProgramData\Skype
2016-04-13 19:19 - 2015-12-10 01:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-13 19:19 - 2015-12-10 01:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-13 19:19 - 2015-12-10 01:43 - 05016216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 19:19 - 2015-10-30 03:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 19:19 - 2015-08-02 18:27 - 00001048 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-13 19:19 - 2015-08-02 15:19 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-13 19:17 - 2015-08-02 17:28 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent
2016-04-13 17:14 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-12 20:16 - 2015-08-11 18:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 20:16 - 2015-08-11 18:14 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 18:55 - 2015-08-02 15:11 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\Packages
2016-04-11 19:36 - 2015-10-13 22:49 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\AgileBits
2016-04-11 17:07 - 2016-01-07 22:46 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Local\CrashDumps
2016-04-11 16:51 - 2015-08-02 15:19 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 15:23 - 2015-08-03 21:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 22:03 - 2015-09-30 21:26 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Custom Office Templates
2016-04-10 20:57 - 2016-02-12 15:05 - 00001958 _____ C:\WINDOWS\Sandboxie.ini
2016-04-10 13:37 - 2015-08-02 15:21 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-08 22:04 - 2015-12-10 01:44 - 00000000 ____D C:\Users\Nicholas Godoy
2016-04-08 21:42 - 2015-08-02 15:11 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-08 14:57 - 2015-08-02 15:13 - 00002394 _____ C:\Users\Nicholas Godoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-08 14:57 - 2015-08-02 15:13 - 00000000 ___RD C:\Users\Nicholas Godoy\OneDrive
2016-04-08 11:46 - 2015-08-03 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-08 11:46 - 2015-08-03 21:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-07 11:25 - 2015-10-29 20:04 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-04-06 15:32 - 2015-10-30 04:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 15:32 - 2015-10-30 04:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 20:12 - 2016-03-14 22:01 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Stuff
2016-04-04 20:01 - 2015-09-10 13:45 - 00000069 _____ C:\Users\Nicholas Godoy\Documents\Installed Fonts.txt
2016-04-04 17:22 - 2015-08-10 18:43 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\Plex Home Theater
2016-04-03 21:23 - 2015-08-02 19:00 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\My Games
2016-03-31 19:48 - 2016-01-12 13:56 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\LocalLow\Hyper Hippo Productions Ltd_
2016-03-26 17:09 - 2016-01-02 22:59 - 00000000 ____D C:\Users\Nicholas Godoy\Documents\Flight Simulator X Files
2016-03-20 18:50 - 2015-08-06 17:09 - 00000000 ____D C:\Users\Nicholas Godoy\AppData\Roaming\.minecraft
 
==================== Files in the root of some directories =======
 
2015-08-05 20:58 - 2016-01-10 19:56 - 0002376 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\SpeedRunnersLog.txt
2016-03-26 22:35 - 2016-03-26 23:51 - 0000600 _____ () C:\Users\Nicholas Godoy\AppData\Local\PUTTY.RND
2015-08-03 13:36 - 2015-08-03 13:36 - 0000017 _____ () C:\Users\Nicholas Godoy\AppData\Local\resmon.resmoncfg
2015-10-13 22:48 - 2015-10-13 22:48 - 0000003 _____ () C:\Users\Nicholas Godoy\AppData\Local\updater.log
2015-10-13 22:48 - 2015-10-13 22:48 - 0000424 _____ () C:\Users\Nicholas Godoy\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
C:\Users\Nicholas Godoy\AppData\Local\Temp\libeay32.dll
C:\Users\Nicholas Godoy\AppData\Local\Temp\msvcr120.dll
C:\Users\Nicholas Godoy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-11 12:20
 
==================== End of FRST.txt ============================
 
ADDITION:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Nicholas Godoy (2016-04-15 20:18:35)
Running from C:\Users\Nicholas Godoy\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-10 04:49:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4099895337-1454360887-1772386947-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4099895337-1454360887-1772386947-503 - Limited - Disabled)
Guest (S-1-5-21-4099895337-1454360887-1772386947-501 - Limited - Disabled)
Nicholas Godoy (S-1-5-21-4099895337-1454360887-1772386947-1001 - Administrator - Enabled) => C:\Users\Nicholas Godoy
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Password 4.6.0.604 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Ableton Live 9 Suite (HKLM\...\{99C4D476-0AF0-4045-998F-E11CA4957BDB}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Muse CC 2015 (HKLM-x32\...\{7C54712F-A477-4E6A-AC81-7175494DD179}) (Version: 2015.0.0.597 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AIDA64 Extreme v5.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.30 - FinalWire Ltd.)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Atom (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\atom) (Version: 1.2.4 - GitHub Inc.)
AudioSwitch (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\AudioSwitch_is1) (Version: 2.1.1.0 - )
Autodesk SketchBook (HKLM\...\{C0D41025-EDBF-4354-A5BA-86B27A78BC25}) (Version: 8.00.0001 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
BitTorrent (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.)
BitTorrent Sync (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\BitTorrent Sync) (Version: 2.2.5 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
EDGE (HKLM-x32\...\Steam App 38740) (Version:  - Two Tribes)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version:  - Kyle Seeley)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.4.174 - Final Draft, Inc.)
Fractured Space (HKLM-x32\...\Steam App 310380) (Version:  - Edge Case Games Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version:  - Boneloaf)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\{DBA7719B-28D4-30D9-98DE-E689280E4D7E}) (Version: 49.0.2623.112 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
Hacknet (HKLM-x32\...\Steam App 365450) (Version:  - Team Fractal Alligator)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Just Cause 3 (HKLM-x32\...\Steam App 225540) (Version:  - Avalanche Studios)
Keep Talking and Nobody Explodes версия 1.0 (HKLM-x32\...\{E78D0C6F-65CF-486D-9710-E48FBA6A1C33}_is1) (Version: 1.0 - Steel Crate Games)
Keying Suite v11.1.5 (HKLM-x32\...\{21AD9423-3C17-43E2-AFD7-8305C965500F}_is1) (Version: 11.1.5 - Red Giant, LLC)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Life in Bunker (HKLM-x32\...\Life in Bunker_is1) (Version:  - )
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
Magic Bullet Suite v12.1.1 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 12.1.1 - Red Giant, LLC)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM-x32\...\Steam App 314160) (Version:  - Microsoft Game Studios)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{070C55FA-FB9D-46DD-B30B-4B520A83A66A}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mount Your Friends (HKLM-x32\...\Steam App 296470) (Version:  - Stegersaurus Software Inc.)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MultiBit Classic 0.5.19 (HKLM\...\0884-5076-5786-4986) (Version: 0.5.19 - Bitcoin Solutions Ltd)
MyTraffic Professional (HKLM-x32\...\{84832C70-3EF9-4BD9-99DF-559A2BDEC74C}) (Version: 6.0.0 - MyTraffic)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.93.20.0 - Overwolf Ltd.)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Quadro Delta)
Plex Home Theater (HKLM-x32\...\Plex Home Theater) (Version: 1.4.1 - Plex inc)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1058 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 beta r2593 - )
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.0.4 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.18 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27748 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Receiver version 0.0.0.9 (HKLM-x32\...\Receiver_is1) (Version: 0.0.0.9 - WaLMaRT)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.7.33 - Red Giant, LLC)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.6 - Samsung Electronics)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.) Hidden
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SYSM Monitor (HKLM-x32\...\SYSM Monitor_is1) (Version:  - SYSM Monitor)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.12.118.1020 - Electronic Arts Inc.)
Time Clickers (HKLM-x32\...\Steam App 385770) (Version:  - Proton Studio Inc)
TIS-100 (HKLM-x32\...\Steam App 370360) (Version:  - Zachtronics)
TP-LINK TL-WDN4800 Driver (HKLM-x32\...\{70D605C7-C823-4750-BA72-BEB835713612}) (Version: 1.3.1 - TP-LINK)
Trapcode Suite v12.1.9 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.9 - Red Giant, LLC)
Universe (HKLM\...\Universe_is1) (Version: 1.2.0 CE - Red Giant, LLC)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Digital Ltd)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA00-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA01-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA02-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA03-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{581FFA04-FC33-0005-0202-95003A5CDE89}\InprocServer32 -> C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\SyncShellExtension64_82.dll ()
CustomCLSID: HKU\S-1-5-21-4099895337-1454360887-1772386947-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nicholas Godoy\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C643856-8F6B-4950-951C-83FCA9EE5B32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {1EE3D135-5381-4601-ABF8-3E521DC41D49} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {245D0DD8-D61D-4A4A-8446-9E6459231076} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-02] (Dropbox, Inc.)
Task: {2B49F9A3-C3C0-43DF-9839-F223458DE69E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {33419B0E-9E1B-42A0-BA95-48AECC0E9775} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {381E731E-C9B8-4D89-842B-6AF97C615AFA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-31] (AVAST Software)
Task: {41FF3B72-BBC5-43EA-B73E-149F1C1FB8AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-12] (Microsoft Corporation)
Task: {4813A742-96C7-4D17-B924-83CCBF73950C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {499753EB-8C8B-4228-A215-597C9EA0CCDC} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {64FE61CB-8A93-4732-AFD1-41BE364AD842} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-02] (Dropbox, Inc.)
Task: {698C635A-30BC-44BF-90A5-7CCD80D346A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {93BB6B18-F1E7-4A9C-92FC-108F57416DF9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {97A6FF5D-45DD-4A6B-853C-1AB43CE8CA0E} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2015-04-10] (Samsung Electronics.)
Task: {9C9C0FC8-A73E-4752-9FA5-3E17CA411554} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client_V2.exe
Task: {AB654233-7172-480B-BA55-855C495B2F77} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {BE83D987-3FF3-4305-AADE-E6C1AFD41005} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D2739DA0-75E3-4B5A-9E27-80F3B30EDF53} - System32\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {ECB17338-0C56-41F1-B368-D80FA450DFEE} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-04-05] (Overwolf LTD)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-4099895337-1454360887-1772386947-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 01:44 - 2015-11-02 10:36 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-23 16:11 - 2015-06-23 16:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-03-01 19:01 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-12 23:47 - 2016-01-04 22:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 16:45 - 2016-01-16 02:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-01 19:01 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-16 07:02 - 2015-10-16 07:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-12-19 14:34 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 19:01 - 2016-02-23 05:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-01 19:01 - 2016-02-23 05:38 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-09-21 17:36 - 2014-08-19 16:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-03-06 21:07 - 2015-03-06 21:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-01 15:27 - 2015-09-01 15:27 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 21:07 - 2015-03-06 21:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-01 15:27 - 2015-09-01 15:27 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-09-19 16:15 - 2014-09-19 16:15 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-11-08 13:19 - 2015-07-22 20:22 - 00138752 _____ () C:\Users\Nicholas Godoy\AppData\Local\AudioSwitch\AudioSwitch.exe
2016-03-12 14:53 - 2016-03-12 14:53 - 00171008 _____ () C:\Program Files\Rainmeter\Plugins\AudioLevel.DLL
2016-01-06 17:14 - 2016-01-12 01:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-07-08 03:58 - 2015-07-08 03:58 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-01-21 12:05 - 2016-01-21 12:05 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 12:17 - 2015-12-15 12:17 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-03-29 19:10 - 2016-03-29 19:10 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 19:10 - 2016-03-29 19:10 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-03 19:01 - 2016-03-03 19:01 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-12 23:47 - 2016-01-04 22:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 23:47 - 2016-01-04 22:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-27 16:45 - 2016-01-16 02:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-13 18:27 - 2016-04-13 18:27 - 02887168 _____ () C:\Program Files\AVAST Software\Avast\defs\16041301\algo.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-04-14 19:58 - 2016-04-14 19:58 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041402\algo.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 13:42 - 2016-01-22 13:42 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-08-02 15:26 - 2016-01-12 01:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-02 15:30 - 2016-03-10 21:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-02 15:30 - 2016-03-31 17:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-02 15:30 - 2016-02-08 20:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-02 15:30 - 2015-07-03 13:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-02 15:30 - 2016-03-31 17:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 22:12 - 2016-02-17 19:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-08-02 15:30 - 2016-02-08 22:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-04-05 09:29 - 2016-04-05 09:29 - 45069312 _____ () C:\Program Files (x86)\Overwolf\0.93.20.0\libcef.DLL
2016-04-05 09:29 - 2016-04-05 09:29 - 00262656 _____ () C:\Program Files (x86)\Overwolf\0.93.20.0\OpenHardwareMonitorLib.dll
2016-04-05 09:29 - 2016-04-05 09:29 - 00025600 _____ () C:\Program Files (x86)\Overwolf\0.93.20.0\CoreAudioApi.dll
2016-01-31 12:04 - 2016-01-31 12:04 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-01 14:37 - 2015-12-01 14:37 - 00439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 14:37 - 2015-12-01 14:37 - 00321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-08-21 13:15 - 2016-04-13 19:20 - 47503472 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libcef.dll
2015-10-01 03:28 - 2015-10-01 03:28 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-08-21 13:15 - 2016-04-13 19:20 - 01584240 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libglesv2.dll
2015-08-21 13:15 - 2016-04-13 19:20 - 00082032 _____ () C:\Users\Nicholas Godoy\AppData\Roaming\Spotify\libegl.dll
2015-10-13 22:47 - 2015-04-28 09:50 - 00376832 _____ () C:\Program Files (x86)\1Password 4\js3215R.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 40622592 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 00911360 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-10-18 17:17 - 2014-11-26 00:12 - 00134144 _____ () C:\Users\Nicholas Godoy\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-08-02 15:30 - 2015-09-24 20:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-12-11 17:32 - 2016-03-21 18:50 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-15 20:11 - 2016-03-21 18:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-04-15 20:11 - 2016-03-21 18:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 17:32 - 2016-03-21 18:50 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 17:32 - 2016-03-21 18:50 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 17:32 - 2016-04-08 15:20 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-04-15 20:11 - 2016-03-21 18:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-11 17:32 - 2016-04-08 15:20 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 17:32 - 2016-03-21 18:50 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-04-15 20:11 - 2016-04-08 15:19 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 17:32 - 2016-03-21 18:51 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-04-15 20:11 - 2016-04-08 15:19 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 20:11 - 2016-04-08 15:19 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-11 17:32 - 2016-04-08 15:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 20:11 - 2016-04-08 15:19 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-04-15 20:11 - 2016-03-21 18:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-19 16:23 - 2016-04-08 15:20 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-15 20:11 - 2016-04-08 15:19 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-04-15 20:11 - 2016-04-08 15:19 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-11 17:32 - 2016-04-08 15:20 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 17:32 - 2016-03-21 18:50 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-04-15 20:11 - 2016-03-21 18:50 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-04-15 20:11 - 2016-03-21 18:51 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-04-15 20:11 - 2016-04-08 15:19 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 20:11 - 2016-03-21 18:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-04-15 20:11 - 2016-04-08 15:19 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-04-15 20:11 - 2016-03-11 21:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-04-15 20:11 - 2016-04-08 15:19 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-19 16:23 - 2016-04-08 15:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-19 16:23 - 2016-04-08 15:20 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-19 16:23 - 2016-04-08 15:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-19 16:23 - 2016-04-08 15:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-15 20:11 - 2016-04-08 15:19 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 17:32 - 2016-03-21 18:52 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-19 16:23 - 2016-04-08 15:20 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 20:11 - 2016-04-08 15:19 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-04-15 20:11 - 2016-04-08 15:20 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 17:32 - 2016-03-21 18:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-04-15 20:11 - 2016-04-08 15:20 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-04-15 20:11 - 2016-04-08 15:20 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-04-15 20:11 - 2016-04-08 15:20 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-04-15 20:11 - 2016-04-08 15:20 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-04-15 20:11 - 2016-04-08 15:20 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-04-15 20:11 - 2016-04-08 15:20 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-04-15 20:11 - 2016-04-08 15:20 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 20:11 - 2016-04-08 15:20 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-04-15 20:11 - 2016-03-21 18:54 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-04-15 20:11 - 2016-03-21 18:54 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-04-15 20:11 - 2016-04-08 15:20 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2015-12-11 17:32 - 2016-04-08 15:20 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 20:11 - 2016-04-08 15:20 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-04-15 20:11 - 2016-04-08 15:20 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-08-02 18:28 - 2016-03-21 18:56 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-11 16:51 - 2016-04-06 07:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 16:51 - 2016-04-06 07:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 08:04 - 2015-12-13 20:30 - 00001802 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 apps.skype.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\Control Panel\Desktop\\Wallpaper -> D:\Dropbox\General\Wallpapers\Space Infographic\36466_infographic_dual_screen_dual_monitor_solar_system_infographic_dual_screen_finished.png
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7C338DCD52645621DFC0386802FBE5B6"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4099895337-1454360887-1772386947-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{90D0D150-B673-4AA8-80C1-26A1953FCE45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{8E889B37-41E0-4E34-838B-A0FB17EFDAC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [UDP Query User{560DBE34-FDBA-43F4-8CE4-7B3A810DB290}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [TCP Query User{1713208C-0A3E-419F-8E0A-176BBAE73BE9}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [{5A5F5CD3-A98B-463D-847A-64D52B49A81B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{8FC65BDC-1A19-4E15-8987-9A102E0522EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FE4173AA-3E1D-4AF8-911F-F993C99DAC58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{3016466F-1958-463C-BD83-A9A23E79B79E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [UDP Query User{4AD19B90-0205-4A83-B8A1-ACBA5A38708D}C:\program files (x86)\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{F7C323A9-659A-4590-B04A-A699208E2989}C:\program files (x86)\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\fallout 4\fallout4.exe
FirewallRules: [{BF178F1C-E0C3-46E9-9206-CAE7339BC1FA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{10613C18-3E6C-4EEA-A13F-94CA7B3A1209}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [UDP Query User{130B31ED-B7E6-427C-A524-0347D5962B1B}C:\program files (x86)\interlude\uploader\interludeuploader.exe] => (Allow) C:\program files (x86)\interlude\uploader\interludeuploader.exe
FirewallRules: [TCP Query User{837540A1-D02A-408A-8934-ABC41748303A}C:\program files (x86)\interlude\uploader\interludeuploader.exe] => (Allow) C:\program files (x86)\interlude\uploader\interludeuploader.exe
FirewallRules: [{356C9E69-2FA0-4E55-BD75-334542844257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{6E916A44-DB71-4F74-975A-F9A7DC537A7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [UDP Query User{A9EBE957-6637-45C7-ABC5-F70AB0D81DAF}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{5D173576-6AC0-40F4-AB11-0BB10AA12A7B}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{4EFCB4DB-9F68-48E1-8203-5A340826EDB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{97B40514-C5E7-45A6-A9CC-3D4F0444603B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [UDP Query User{272E53C2-78ED-4E19-A642-FE95B91EF362}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe
FirewallRules: [TCP Query User{9E24BD58-5014-4C91-A95A-82E581869119}C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe] => (Allow) C:\program files (x86)\adobe\phonegap\phonegap desktop\phonegap.exe
FirewallRules: [UDP Query User{B223C5D2-1D7D-4756-B4B0-1DA2B97F3EE2}C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe] => (Allow) C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe
FirewallRules: [TCP Query User{61EDD8AE-B705-4A60-8E35-867F82BAFA2A}C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe] => (Allow) C:\users\nicholas godoy\bin\sencha\cmd\6.0.1.76\sencha.exe
FirewallRules: [{029F6280-2569-4511-A707-55B5395346E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{024F95A5-CE5C-4B19-93B4-E1D916D54644}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A07BB80A-2FF9-4116-B79C-0DFED9BC12F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AE7B4A33-48E7-4DE1-A647-4AD4246F60B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{F935818D-3DF6-4DC3-9276-16765E44ECEB}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{8E56F37A-A8F0-4665-8418-782813E108DB}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{81FDCB39-0AC6-467C-8B86-A43B62E0E13A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{47CBCD98-6D7A-4E26-AB08-1A54B132E7C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hacknet\Hacknet.exe
FirewallRules: [{AF96A1CD-6F59-4817-83C6-CA1CF943B147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{75A5B41B-09FD-40B1-9199-6EDBD0BFD2F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [UDP Query User{8263E7D6-80C7-46C8-A88B-1A2152AE5FB7}C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [TCP Query User{9682D7EB-3520-48BD-9948-3683F3DF120B}C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [UDP Query User{C7D63E75-A76B-41B0-9AEF-817D8F485690}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [TCP Query User{A32A788C-0380-4978-872A-749D1C7A91F3}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [{73E0FF88-52E0-474B-B899-C4EA7B2D4173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{6C61B185-0D87-4025-8A93-8F2269312A9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{892C5DB1-407A-4A52-AFC7-2767259E8EA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{0BA59AC6-6FEE-45DF-BB06-9AD378DF0E23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{424266B4-09B7-4304-8978-2397343F949D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{370E16E9-ED7E-4E18-8D4E-98AE8F14601C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [UDP Query User{C766DEBD-F56B-49CC-86B1-0F080CDCEB73}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{DA861CDD-0745-4038-9238-1953C3906E47}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{FFF8BEAA-8B11-4EE9-9462-C86156D2F987}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D312A315-F59A-4E14-976D-8832D0603F8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8877CE33-54C2-44BE-AA19-AE87761E6FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{AD692860-F970-49C9-A45D-467DC135EA68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{A74794AD-8AAB-4890-A528-E310E56EFE19}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [{55E4D2B7-25BF-4577-A54D-89F0C257DEBB}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent Sync\BTSync.exe
FirewallRules: [UDP Query User{063F358E-2930-4D7D-B3EE-57DF49377952}C:\program files\adobe\adobe muse cc 2015\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2015\muse.exe
FirewallRules: [TCP Query User{94F14303-C9FE-4960-B362-9B831E62EB6E}C:\program files\adobe\adobe muse cc 2015\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2015\muse.exe
FirewallRules: [{2D1171D1-8678-4228-AD89-03EF96AE0604}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{2EB7A014-E114-44FD-A0A9-1254ED0A19BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{A64627B6-357B-47B7-B347-93E3CC5CB897}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{344FB187-8EB8-49D6-8A96-21AA73C27D96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [UDP Query User{48BA2C8D-DBB8-4501-BD67-8E01C6108FC3}C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe
FirewallRules: [TCP Query User{88D4A9AB-394E-4006-9C96-C52E20EA70FC}C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\bittorrent\updates\7.9.4_40912.exe
FirewallRules: [UDP Query User{1D530AB8-AC4E-42F7-9B2A-09B8B1100417}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{DEBB92F8-1CAF-4E71-91AA-40132A4B49CD}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{FF29ADB5-376A-445E-9297-16A2383072CC}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{94026ABB-0D25-40B1-BF19-AD1C29ED4573}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{DCCB5014-FD46-4C3D-BD2D-B9FB8B072DD1}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5DA73434-9199-44D8-ADD0-6E07B112DC3D}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{22E1508C-B314-4627-962A-1F0AED934A19}C:\program files\java\jdk1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_51\bin\java.exe
FirewallRules: [TCP Query User{3B66B767-479A-4E45-88A9-76769811132D}C:\program files\java\jdk1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_51\bin\java.exe
FirewallRules: [{F99FC205-64BC-4F12-9A4E-7345F6251D45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{A29BD4DF-CEB5-471E-9903-1EA166BA1FF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [UDP Query User{AFD398D9-DBD2-4F3F-9D60-F6BA9082E183}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{0B985265-6DFA-46FD-A399-393CDA1DAF4C}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{C42A4299-D3DC-41A7-9A34-DC4DA2B1D3C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{82D9B7E0-8624-4DD9-94CF-7413774006A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [UDP Query User{6B367216-F2EA-4DDB-A30E-32171DF7C933}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{5466263C-BAF6-4832-A24A-C08CB3F1E2E2}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{B9F08ED3-88CD-48C1-93B3-1FECA7501B00}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{9990F072-68B6-4749-9180-6A2AF42E218F}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{E66B9B1C-0941-44B1-8E12-F2BDDD87084B}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{B30FF8E0-D65C-45E1-A905-EBD4C63E5644}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{C38BD402-E01A-4376-AE53-1731E9B517C4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{24B507A9-472D-43DD-A052-675E178D55F2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{96CDDAF6-68BB-44DD-A81B-4DBA4430926C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{77B25D21-266D-48FE-BAC2-C3E7AD3A913A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{CB1B1A53-4586-4B4E-B484-8D98A7587212}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{5A3291A2-5843-477C-837C-D99AD2EC09A5}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{D49DDE65-0D4A-4963-B3AF-FF5F87C7BE9B}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [TCP Query User{B7346198-7A5A-4A65-B85D-E70CBE997FBD}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [UDP Query User{491B3436-C3A9-4125-8F8D-4EA95CC70B40}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [TCP Query User{30E8FE09-36DD-4329-B3A1-8DA02C9A1845}C:\program files (x86)\seagate\sdrive\sdrive.exe] => (Allow) C:\program files (x86)\seagate\sdrive\sdrive.exe
FirewallRules: [{47BFCB2F-A01E-4F4B-95F8-B668D3415732}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{E9409407-598F-4FA9-BCA9-C6E68F2B995D}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{D22C0B19-BFCE-40D8-A2E4-A3FA79F4858B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D2132950-92AD-44C4-9E25-78DB36DD93E9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{A0A82D6E-6B44-4B63-809D-DB20E044C5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{4FCE514C-2C7E-4E3C-B7A6-F578C601B4D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{9D13C64D-A022-4895-884A-CFBD90E41E95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{394AC21E-E5F6-46E5-90BA-37D79CD59371}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A4C65B8-5746-4A97-BB3E-8F67DD65ECD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{8D1B274D-E9D7-42E0-8520-7702944745A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{69DF0F1B-3BD4-488D-882C-21C7D32041E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{EB25E78F-91EF-40A9-AD78-25496A92BA29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [UDP Query User{843FD069-6A7D-4F74-A167-F67DF6880228}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{CC1E38A8-1A94-4C82-AA4E-FC6612774E76}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{3D56B624-0D8A-49DA-B65D-069428796AAD}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{92C6973C-6296-412E-984B-1448B8F64477}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A2DD13B0-41A8-40F6-8223-85434E2EEECB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{BFEF13A6-10DB-4F0F-A406-269B318E99F1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1426DB6A-8305-4A5C-9621-1DFFB72A7A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{9F8C78A8-A93A-484F-908C-145B7CE52F0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{5DDA38A6-DC21-48E1-9F85-5A3DC1ECA39C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{F3A2B0AC-49BE-4991-AADE-6DC497C4BDC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{4FEB248E-90D2-487B-B77F-33A5CDD33204}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{FC67EC79-C3CC-41C5-A3B8-86C4F063C1BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{8102D4B2-3DC1-4237-92F4-64D2DE2ED67C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{300A7E2C-EFEC-4FB4-8D52-39E13EE55A08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{180BCF80-DE0B-4929-99BD-B93C60D5F1F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{D307E430-6B3C-4066-88BC-02469A0D0D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{254EDFCE-682B-4E0F-8A96-BB79D755C498}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{30C0583F-A7CD-469D-8AFE-DA379637F827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [UDP Query User{C393E1C8-60C1-4E95-8397-E74247015F20}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{310AA500-1A9A-4397-9D27-D2BCD2C8760E}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [{5CBA4726-48F4-40E6-911E-81C002EB3DF3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A198B3C8-265F-4D02-ABF7-EE85A0023728}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9466CB92-90B7-42AC-848A-88195399A88A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{283A139F-96B8-4996-8D21-CF3461177E60}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{69DBDECD-F9C2-46CF-8C6A-91F714FFC448}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{43740B93-3B22-455C-8D4E-874B1FCC05E9}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{90B2C4E5-CF95-4300-A754-0C1FCEFB5F9F}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FE7B0167-035A-4221-8BB8-4DFAB4EAD7DE}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{520C76EE-7C06-48AD-B0B2-116B491A09A9}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C26DBC35-153E-421A-B076-93A301170B68}] => (Allow) C:\Users\Nicholas Godoy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0D6EE2AF-3CB3-4073-9261-F6CBC6CAA299}] => (Allow) LPort=2333
FirewallRules: [{65012FA3-294A-40BA-9FD3-0707AC3D1F59}] => (Allow) LPort=9143
FirewallRules: [{3B6A7A21-5F86-4E32-9451-78D03869ECB2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2A757C46-DDDF-487B-BDE9-A7C40573F3F6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{876BD964-CE97-4CFA-AC3E-4EFAF021CDBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{094670F4-28BE-4C94-95A7-A8071460E122}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{114418B2-0A10-4528-83FA-571A1E9595EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{838E8CF5-E7F5-414C-85B8-A24704AD080A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1B977C4A-2316-49B7-BAE0-8A6BC36D18D6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8BDC8694-973C-480C-B06E-6097D31F2949}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{981AA119-899C-47F9-BE70-713BC0389CEB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B4B75566-D0A7-45DA-AB62-3EF284F5C72A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CA228FD4-552B-4D94-A23F-E1FD17E21C3A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4423E8D-0E43-48B2-A78A-5E0AA70A97A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C05E63B5-2B23-4080-9A23-7D109A9833C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BD9830E-E5CF-4ECE-8EAE-174CBED4BA3C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0334B1E9-7D8B-491A-8585-2623CD4987FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1C5D698C-0AE1-4B80-9D8A-6E0C58135208}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{757BAF67-3AC3-40DB-993B-DBE6D4452311}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F21BEE2F-F830-4205-B81B-A381E97F44F0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{66DB6B2D-3B8A-4419-A249-FEB558247325}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FEE69B74-436F-42E6-9CC7-4C6B56E5315B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C853CE80-4D32-4DC9-A092-A3424B4895BD}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [TCP Query User{5662243F-F755-4807-9F5E-9169CA55FECB}C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe
FirewallRules: [UDP Query User{68DCE2AC-AFA5-4EA9-A5C7-CE5886A35FAB}C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox\chroma sync\chroma sync.exe
FirewallRules: [{8FB9A648-3540-4053-BC44-28AFDCC6B301}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{B02AFFAE-DF28-4EEE-9AEA-09D204B58B41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TimeClickers\TimeClickers.exe
FirewallRules: [{65B870A1-71EF-4D1A-BD43-C4D0B1EC151B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TIS-100\tis100.exe
FirewallRules: [{7D2DE578-1912-4902-98CD-0EED21B99F0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TIS-100\tis100.exe
FirewallRules: [{FDA01F5A-5511-4901-8424-DC02B35C5A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{0E62CCFD-DDC1-4B8D-AE4B-E6B193610A66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{6A47ED58-61C7-4F6C-ACD0-62038F71E17A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{5F0EAECB-1F19-4245-A96B-FD486ADFD190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{81379528-4C8D-467C-88F5-28402D25D798}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E87C1F53-5A57-403C-B408-C47554F06C82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{F94765BE-9BF4-456C-98C4-0C8C4127AD49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [TCP Query User{C3E0405E-B073-4DA9-A610-8D2A1C0E57BE}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{FA96D52B-D0FC-4E5A-A9AF-69B3549CCE40}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{B46EBC96-A135-4068-B222-F50E650C46BC}C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe] => (Allow) C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe
FirewallRules: [UDP Query User{7F8A141A-9850-4BE7-B53A-649B232C2F71}C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe] => (Allow) C:\users\nicholas godoy\appdata\local\vpilot\vpilot.exe
FirewallRules: [TCP Query User{015EA347-1F2F-403A-AB10-52E86AF2EE61}C:\program files (x86)\squawkbox\squawkbox_fsx.exe] => (Allow) C:\program files (x86)\squawkbox\squawkbox_fsx.exe
FirewallRules: [UDP Query User{033602D5-F8E4-402F-8D10-FC9606F968CB}C:\program files (x86)\squawkbox\squawkbox_fsx.exe] => (Allow) C:\program files (x86)\squawkbox\squawkbox_fsx.exe
FirewallRules: [TCP Query User{D075DBED-0C65-4B0C-9CF3-ED391CF8BCC1}C:\program files (x86)\vrc\vrc.exe] => (Allow) C:\program files (x86)\vrc\vrc.exe
FirewallRules: [UDP Query User{86D97B92-AB6F-4BB1-9DE9-D5E23FFA7684}C:\program files (x86)\vrc\vrc.exe] => (Allow) C:\program files (x86)\vrc\vrc.exe
FirewallRules: [TCP Query User{90A6BC24-7FEC-4245-B98B-27DB0AA81098}C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe
FirewallRules: [UDP Query User{4DCD9ADD-9B79-437C-AC2C-D0407230B945}C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fsx\flight one software\ultimate traffic 2\ut2services.exe
FirewallRules: [TCP Query User{620BE5D8-EB65-4EB7-A040-EA52339232F0}C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe
FirewallRules: [UDP Query User{211542D2-79DA-4608-B829-4D5237AF0F36}C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\igg-simpleplanes.updated31.12.2015\simpleplanes.exe
FirewallRules: [{5E4B40C6-5ECD-4439-9899-A21E3D5486E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{9CBDAA15-730F-4402-8A1A-4EBBAB3C729A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{EB5D45BB-4A21-4318-9CF5-004A15E76107}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{DFE7A643-EF3D-4296-A3B8-841F05C1D57E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FSX\fsx.exe
FirewallRules: [{A15C7972-77D1-4567-BDE1-E92AD508C4A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{A92F6A26-3175-4912-8185-0BEA22030E35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Emily is Away\emily is away.exe
FirewallRules: [{6A8B25C3-0406-4F62-A7D0-3F15F38FD0E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [{0688240D-3BC4-410B-B3D1-418FC632E62B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mount Your Friends\MountYourFriends.exe
FirewallRules: [TCP Query User{90C413D0-E65C-4B28-9ED7-604CE786C11E}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{066A1D19-728C-4446-986C-F95D4F87EC79}C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas godoy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A4143369-E784-4FDF-8B91-29CFE118DABD}C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [UDP Query User{EA7D9EA4-7F74-4013-9B4B-C6488E347A6B}C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\space\spacegame\binaries\win64\spserver.exe
FirewallRules: [{5EE220ED-C00C-4248-96F2-45AD25236972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{589238B8-4587-4466-B8B0-B92E93AB5A12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{04FD0D5C-6F86-4A0F-B73C-E25D58070EE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{871C2994-B88A-4F60-A39D-546E62B076B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{79AA607D-78A7-4F5B-93DC-EEA398106E1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9D37A48D-264F-47CE-8D3A-5371B5F4AC16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{9BE8AEF7-6B02-47FD-A2FB-8032565649B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{365BE34C-F9E2-408A-9672-8268AA662C8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [TCP Query User{E9BE8C1A-E5F3-4084-A080-E31FCB820ABB}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{55032E43-9BE9-44A2-90D0-3331F0B1E69C}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{12F0C906-A250-4D71-BFB7-A2975ED52841}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{91EED8F6-0E91-4691-90B0-240C4E06999B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{F15CAEB7-B3BC-4ED7-98F8-FF2D384F1795}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe
FirewallRules: [UDP Query User{F7D412ED-C08A-49E9-BA8B-2ADDF920CEC2}C:\program files (x86)\sysm monitor\sysm-monitor.exe] => (Allow) C:\program files (x86)\sysm monitor\sysm-monitor.exe
FirewallRules: [TCP Query User{DB649F70-2953-4191-AA96-7C9334914A84}K:\multibit-hd.exe] => (Allow) K:\multibit-hd.exe
FirewallRules: [UDP Query User{ACB1B42A-4326-40FE-954B-749A9DCADDB0}K:\multibit-hd.exe] => (Allow) K:\multibit-hd.exe
FirewallRules: [TCP Query User{938F924F-0BB4-4D80-8568-9F410CA1E7A3}L:\multibit hd\multibit-hd.exe] => (Allow) L:\multibit hd\multibit-hd.exe
FirewallRules: [UDP Query User{70AF8EF9-4E54-4943-BFFD-49309C2A20F5}L:\multibit hd\multibit-hd.exe] => (Allow) L:\multibit hd\multibit-hd.exe
FirewallRules: [TCP Query User{79CE2E65-4E33-44F0-8C8C-1AEE658B83F9}C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe
FirewallRules: [UDP Query User{47BB0878-0903-46D1-A20C-920F4CE709FC}C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe] => (Allow) C:\users\nicholas godoy\desktop\games\simple planes\simpleplanes.exe
FirewallRules: [{4197F1A6-C4CA-4716-8BEF-7EA338363D42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{877970F7-6ACD-4DA5-B070-B6932BC8B8D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{8D34D04E-B07E-4CE5-B727-1808950BD790}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{B8103E54-DC8C-4DF2-B907-FBA9D1E51989}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\bin\SDKLauncher.exe
FirewallRules: [{4268E62E-78B3-457E-8770-C4E3BBC6ECEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EF7A7BC0-315E-421D-8538-97155F6821DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6F044340-5468-44D9-8C19-C2208FF1901C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D161E290-25B3-439D-866A-78A29A866CB7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{6F826737-D6D7-4E10-B145-E519B3ED5187}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{A925336A-4868-4A87-81C3-BF9A3768437D}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{249DD6F1-096A-4D35-AB17-A071753D9A1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe
FirewallRules: [{F1485B27-C228-4141-A50D-2D37506063AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\Factorio.exe
FirewallRules: [{724FB36B-1AC4-4EB4-BA53-B6720DFB9E9E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6FF4877F-B0C2-45B2-8B02-F2021BC8B3AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DF54D20E-434F-4C02-A93E-9E0701679027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{B69BE8D9-0CC0-40C9-9D21-041F984EBDC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{EFB2DFD1-E517-48C9-B291-1E26EC54F600}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{6038F813-25AF-433A-958F-780370159A7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{2015E08B-BEAC-421E-B74F-9F5F7DC5D3F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{ED9C5914-87C9-44B4-91BA-A23F5355F0DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{FE44AA7E-80AD-4D59-8433-65CF64B58EE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{19EC281C-1D92-4FEF-A11F-902F1A8F9DEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{30344EF7-2B64-4683-ABA8-974A50F2C803}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{6C261BEF-02DF-415C-9C7C-69E2327566EE}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
27-03-2016 00:21:52 Installed Oracle VM VirtualBox 5.0.16
30-03-2016 19:39:56 Windows Update
02-04-2016 21:38:19 Windows Update
05-04-2016 21:34:41 Installed Autodesk SketchBook
09-04-2016 18:58:09 Windows Update
12-04-2016 20:11:49 Windows Update
12-04-2016 20:12:01 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Management Engine Interface 
Description: Intel® Management Engine Interface 
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
Description: Killer e2200 Gigabit Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: Ke2200
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/15/2016 07:54:56 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. An instance of the service is already running
 
Error: (04/15/2016 07:54:54 PM) (Source: OverwolfUpdater) (EventID: 0) (User: )
Description: Service cannot be started. The handle is invalid
 
Error: (04/14/2016 11:08:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2282
 
Error: (04/14/2016 11:08:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2282
 
Error: (04/14/2016 11:08:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/14/2016 11:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1157
 
Error: (04/14/2016 11:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1157
 
Error: (04/14/2016 11:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/14/2016 10:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109
 
Error: (04/14/2016 10:29:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109
 
 
System errors:
=============
Error: (04/14/2016 11:08:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/14/2016 10:29:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/13/2016 10:21:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/13/2016 07:56:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/13/2016 07:33:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/13/2016 07:18:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (04/13/2016 07:18:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (04/13/2016 07:18:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%16389
 
Error: (04/13/2016 07:18:54 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (04/13/2016 07:18:53 PM) (Source: DCOM) (EventID: 10010) (User: NICHOPC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
 
CodeIntegrity:
===================================
  Date: 2016-04-14 21:02:46.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-12 20:33:03.514
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-05 20:20:32.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-04-05 20:20:32.083
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-04-05 20:20:32.076
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.229.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-29 19:09:40.431
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Overwolf\0.92.21.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.
 
  Date: 2016-03-22 20:31:35.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 18:40:32.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 32%
Total physical RAM: 16332.62 MB
Available physical RAM: 10958.13 MB
Total Virtual: 18764.62 MB
Available Virtual: 12130.01 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.96 GB) (Free:438.46 GB) NTFS
Drive d: (Secondary Storage) (Fixed) (Total:931.39 GB) (Free:760.26 GB) NTFS
Drive e: (P2P V19) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive j: (NICHO 120GB) (Removable) (Total:119.22 GB) (Free:109.66 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 119.3 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

LAST NOTE: My computer was running smoothly since the beginning. I was just worried something could have happened behind the scenes.



#13 RayS

RayS

  • Malware Study Hall Senior
  • 2,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:05 AM

Posted 16 April 2016 - 11:38 PM

Hi Nicholas,


 

KMSpico uninstallation returned me an error. Said it might already have been uninstalled.


The Fixlist script below will remove the leftover entry from your registry. Rerun FRST64.txt in search mode to find any hidden instances of KMSpico in your registry.


Delete one entry from registry

Let's run FRST in FIX mode

Save your work and exit all programs because Farbar Recovery Scan Tool may reboot your computer.
Press the windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy the entire contents of the code box below into a new file.
 

start

Reg: reg delete HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 / v KMSpico /f

End

On the Notepad menu, click Format and remove the checkmark from Word Wrap.
Save the file as fixlist.txt into the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST64.exe and click Fix only once and wait until the program completes execution.

If requested, restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt). Please post it into your reply.



Search for hidden copies of KMSpico

Let's run FRST in SEARCH mode

  • Double-click on FRST64.exe to open it.
  • In the search box, type the following:
*KMSpico*
  • Press Search Files and wait for FRST to complete the search.
  • A log file (Search.txt) will open in the same folder where FRST is located when complete. Please post the contents into your next reply.

Scan with Malwarebytes Anti-Malware (MBAM)

Re-launch your copy of MBAM and allow it to update its signatures. Then do a complete scan. Post the results into your next reply.


Scan with Emsisoft Emergency Kit (EEK)

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit.exe file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction, please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents into your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

In your next reply...

  • Copy and paste the contents of Fixlog.txt into the body of your message.
  • Copy and paste the contents of Search.txt into the body of your message.
  • Copy and paste the contents of the MBAM log into the body of your message.
  • Copy and paste the contents of the EEK scan (if any) into the body of your message.

Is your PC still running smoothly?

Regards,

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#14 nicholasgodoyx

nicholasgodoyx
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rio de Janeiro, Brazil
  • Local time:11:05 AM

Posted 16 April 2016 - 11:48 PM

The first command returned an error. I suppose there's an extra space between "/" and "v"?

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Nicholas Godoy (2016-04-17 01:46:50) Run:6
Running from C:\Users\Nicholas Godoy\Desktop
Loaded Profiles: Nicholas Godoy (Available Profiles: Nicholas Godoy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
Reg: reg delete HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 / v KMSpico /f
 
End
*****************
 
 
========= reg delete HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 / v KMSpico /f =========
 
ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 01:46:50 ====
 
Anyways, this is search.txt
Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Nicholas Godoy (2016-04-17 01:50:43)
Running from C:\Users\Nicholas Godoy\Desktop
Boot Mode: Normal
 
================== Search Files: "*KMSpico*" =============
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk
[2015-09-06 12:47][2015-09-06 12:47] 0001773 ____A () A23D9E16254D19A8B78146955CC94F92 [File not signed]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk
[2015-09-06 12:47][2015-09-06 12:47] 0001831 ____A () 5BB696AF4CF5C8BF01D6A19F4BF9B9F0 [File not signed]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk
[2015-09-06 12:47][2015-09-06 12:47] 0001755 ____A () DB595A25B48731CDB4348A8423FB862A [File not signed]
 
====== End of Search ======
 

Edit: Added search.txt


Edited by nicholasgodoyx, 16 April 2016 - 11:51 PM.


#15 RayS

RayS

  • Malware Study Hall Senior
  • 2,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:05 AM

Posted 16 April 2016 - 11:53 PM

Hi Nicholas,

 

The first command returned an error. I suppose there's an extra space between "/" and "v"?

 

Yes, that's it exactly.

 

Please correct my typo and rerun the fix using:

Reg: reg delete HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 /v KMSpico /f

I'm sorry about that.

 

Ray


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users