Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-05-2016 Ran by deckx (2016-05-01 21:26:03) Running from C:\Users\Safe\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2014-11-15 16:18:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3377807318-2724434003-2614323792-500 - Administrator - Disabled) deckx (S-1-5-21-3377807318-2724434003-2614323792-1000 - Administrator - Enabled) => C:\Users\deckx Guest (S-1-5-21-3377807318-2724434003-2614323792-501 - Limited - Disabled) Safe (S-1-5-21-3377807318-2724434003-2614323792-1005 - Limited - Enabled) => C:\Users\Safe ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\uTorrent) (Version: 3.4.2.36615 - BitTorrent Inc.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 11 ActiveX (HKLM-x32\...\{E94EFAB6-653F-4837-9E8A-F6377CA1EC0D}) (Version: 11.8.800.175 - Adobe Systems Incorporated) Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment) Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden Akamai NetSession Interface (HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\Akamai) (Version: - Akamai Technologies, Inc) Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version: - ) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Belfius Smart Card Reader Chrome-App (HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\{a0c67901-ec44-4d21-b576-214f3f9b4d21}) (Version: 2.3.3.0 - VASCO Data Security) Belfius Smart Card Reader Chrome-App (x32 Version: 2.3.3.0 - VASCO Data Security) Hidden CADdy++ - SEE Electrical schoolversie (HKLM-x32\...\{E040012F-A895-482E-87EF-D747ABB0F1D6}) (Version: - ) Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - ) Catalyst Control Center Next Localization BR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) De Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.) Farming Simulator 15 (HKLM-x32\...\FarmingSimulator2015INT_is1) (Version: 1.4.0.0 - GIANTS Software) Fraps (HKLM-x32\...\Fraps) (Version: - ) Geeks3D.com FurMark 1.9.1 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games) GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Minecraft 1.8.1 version 1.8.1 (HKLM-x32\...\Minecraft 1.8.1_is1) (Version: 1.8.1 - ) Need for Speed - Rivals (HKLM-x32\...\Need for Speed - Rivals_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) OMSI 2 (HKLM-x32\...\Steam App 252530) (Version: - MR-Software GbR) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenTTD 1.5.2 (HKLM-x32\...\OpenTTD) (Version: 1.5.2 - OpenTTD) Oracle VM VirtualBox 5.0.12 (HKLM\...\{6F93731D-89E1-4A8F-BDA9-D104860DDB02}) (Version: 5.0.12 - Oracle Corporation) PlanetSide 2 (HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment) PlanetSide 2 (HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment) PlanetSide 2 (HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment) PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.9.2-r111395-release - Plays.tv, LLC) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) Prison Architect (HKLM-x32\...\1441974651_is1) (Version: 2.1.0.3 - GOG.com) Real Time Stat Tracker (HKLM-x32\...\{E8E4D4FD-D449-4CF2-AA23-2191B76AE3B4}) (Version: 0.9.2.8 - Recursion) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.12.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.12.0 - Renesas Electronics Corporation) Hidden Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games) S4 League (HKLM-x32\...\S4 League) (Version: - ) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype Web Plugin (HKLM-x32\...\{A51A9885-30AA-4736-BECA-5DB4BCB1A2EA}) (Version: 7.17.0.43 - Skype Technologies S.A.) Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version: - Unreal Software) System Requirements Lab Detection (HKLM-x32\...\{3707AD31-8966-42C6-8FEE-003E16ABD706}) (Version: 6.1.1.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer) Unity Web Player (HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) War Thunder Launcher 1.0.1.530 (HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment) WinDirStat 1.1.2 (HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\WinDirStat) (Version: - ) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) World of Tanks (HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) XSplit Gamecaster (HKLM-x32\...\{5AADA165-FB60-41C0-8825-3E5B6C5F244C}) (Version: 2.1.1412.1628 - SplitmediaLabs) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3377807318-2724434003-2614323792-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\deckx\AppData\Roaming\inminet\sencolny.dll => No File <==== ATTENTION CustomCLSID: HKU\S-1-5-21-3377807318-2724434003-2614323792-1005_Classes\CLSID\{8CE9991C-CC9B-42FA-85CF-BEFCB1F5DC30}\InprocServer32 -> C:\Users\Safe\AppData\Local\SkypePlugin\7.17.0.43\GatewayActiveX-x64.dll (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-3377807318-2724434003-2614323792-1005_Classes\CLSID\{AFD4369B-8A38-4407-882D-8297641DCFDF}\localserver32 -> C:\Users\Safe\AppData\Local\SkypePlugin\7.17.0.43\GatewayVersion-x64.exe (Skype Technologies S.A.) CustomCLSID: HKU\S-1-5-21-3377807318-2724434003-2614323792-1005_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Safe\AppData\Local\SkypePlugin\7.17.0.43\EdgeCalling.exe (Skype Technologies S.A.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D2F7F9A-3726-4F93-9A2A-DF9544913515} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-29] (AVAST Software) Task: {1F50FF00-29C2-4E27-82CD-C44B11DD3EF4} - System32\Tasks\{C0D68CA8-984B-408C-A1BB-55CC30E9C653} => C:\Program Files (x86)\Call of Duty- Modern Warfare 3\iw5sp.exe [2011-11-08] () Task: {3209CC58-B468-4AE3-9202-33B867F487BD} - System32\Tasks\{6D14CE76-F58C-4DF9-AFFF-B96CBEB5FD99} => pcalua.exe -a E:\SETUP.EXE -d E:\ Task: {3718E21B-186B-4818-982F-E75B044F1AC6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated) Task: {3E4B8DB8-F305-48AA-8115-04FB36F55515} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-04-29] (AVAST Software) Task: {4720B4A9-55A3-423B-AC31-C29DD0B4CA53} - System32\Tasks\MailRuUpdater => C:\Users\deckx\AppData\Local\Mail.Ru\MailRuUpdater.exe Task: {529C265C-12A1-443C-8C54-031C67E6E53B} - \ProPCCleaner_Start -> No File <==== ATTENTION Task: {75B0DAC0-EAF3-470C-8E7B-7FDBE52157D2} - \osTip -> No File <==== ATTENTION Task: {798159E1-D9E0-4D02-AF28-A01CE0563108} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {7DD79FAE-A97C-4389-A4D2-E847F23E2E8B} - System32\Tasks\Minecraft Checksum Validator => C:\Program Task: {83B62C9D-8023-471D-A310-F4CD23813609} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {98923B31-D77D-4603-B0F1-B6FCED0E3601} - \ProPCCleaner_Popup -> No File <==== ATTENTION Task: {A75AA65A-A86B-4A96-A86E-F9B01A60424C} - System32\Tasks\SafeZone scheduled Autoupdate 1461951063 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {C47D7E56-7DF1-4C67-B2A5-1BE8A06FB72C} - System32\Tasks\{015D44F5-2E15-43B1-B934-1C9090AFA537} => C:\Program Files (x86)\Call of Duty- Modern Warfare 3\iw5sp.exe [2011-11-08] () Task: {C685A4AC-E59B-407A-9644-78A700FA2A4B} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-04-04] (Advanced Micro Devices, Inc.) Task: {CA5760CC-10AE-4536-BB49-D2C5E23AD438} - \Pwtyfemuk Cache -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=821637" ShortcutWithArgument: C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=821637" ==================== Loaded Modules (Whitelisted) ============== 2015-08-04 00:25 - 2015-08-04 00:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll 2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-04-29 19:29 - 2016-04-29 19:29 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-04-29 19:29 - 2016-04-29 19:29 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-05-01 10:48 - 2016-05-01 10:48 - 02892288 _____ () C:\Program Files\AVAST Software\Avast\defs\16050100\algo.dll 2016-04-29 19:29 - 2016-04-29 19:29 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2015-11-24 22:48 - 2015-11-24 22:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd 2015-11-24 22:46 - 2015-11-24 22:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll 2015-11-24 22:48 - 2015-11-24 22:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd 2015-11-24 22:48 - 2015-11-24 22:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd 2015-11-24 22:46 - 2015-11-24 22:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll 2015-11-24 22:48 - 2015-11-24 22:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd 2015-12-07 22:57 - 2015-12-07 22:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd 2015-11-24 22:47 - 2015-11-24 22:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd 2015-11-24 22:43 - 2015-11-24 22:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd 2016-04-29 19:29 - 2016-04-29 19:29 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-04-12 08:48 - 2016-04-06 12:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll 2016-04-12 08:48 - 2016-04-06 12:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll 2016-04-04 03:57 - 2016-04-04 03:57 - 00186368 _____ () C:\Windows\SysWOW64\GameManager32.dll 2014-12-04 20:49 - 2016-03-11 02:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-01-20 01:52 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-01-20 01:52 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-01-20 01:52 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-12-04 20:49 - 2016-03-31 22:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll 2014-12-04 20:49 - 2016-02-09 01:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-12-04 20:49 - 2016-02-09 01:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-12-04 20:49 - 2016-02-09 01:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-12-04 20:49 - 2016-02-09 01:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2014-12-04 20:49 - 2016-02-09 01:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2014-12-04 20:49 - 2016-03-31 22:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2014-12-04 20:49 - 2016-02-09 03:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\...\aeriagames.com -> hxxp://aeriagames.com IE trusted site: HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\aeriagames.com -> hxxp://aeriagames.com IE trusted site: HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\...\sony.com -> sony.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2016-04-29 15:19 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3377807318-2724434003-2614323792-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg HKU\S-1-5-21-3377807318-2724434003-2614323792-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Safe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{75AFC00E-B5BF-48BA-8A7D-22D014212197}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe FirewallRules: [UDP Query User{52319B67-8F16-41A1-9A05-141A314C1437}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe FirewallRules: [{9DE55365-03AA-44BC-A4BF-7174F06612E8}] => (Allow) C:\Users\deckx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0C190ED4-0994-4A2E-AB18-6ABDAB1850CF}] => (Allow) C:\Users\deckx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{E0053363-D133-4B7A-8526-CC43B9E9634E}C:\users\deckx\downloads\utorrent.exe] => (Allow) C:\users\deckx\downloads\utorrent.exe FirewallRules: [UDP Query User{F58577E1-8901-437B-B2CF-A00C6FE0761E}C:\users\deckx\downloads\utorrent.exe] => (Allow) C:\users\deckx\downloads\utorrent.exe FirewallRules: [{6C63EF59-92E1-4F28-A604-4C407CD617FD}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe FirewallRules: [{152EABFC-B959-4F51-A6F9-D33345F48BF3}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe FirewallRules: [{667982F1-D3F9-40B0-BDB0-880A0A5A06F8}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe FirewallRules: [{6E6295D6-6E30-4391-8462-25A5385B9A3D}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe FirewallRules: [{F93B650F-6752-447E-A7A6-B52610C70BB3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5403F337-6EF3-4C63-B077-52000107E955}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3E9B0FBA-622F-4883-BF07-1A0FEAA00E68}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{3285AEF4-6880-42DA-BAAE-4F2BE98405A6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9E0D252C-152C-4210-AB40-8501554A881C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{9800B55F-182B-44D0-8FF3-A9B0A9CCA7FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{64109355-7751-48DD-AF45-DCE4AD4854E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{400F2907-5CCC-4015-843F-9B4EDF51B60B}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [UDP Query User{437B66D8-E3F4-4B6D-9C5F-AAA7CAACBB6E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe FirewallRules: [TCP Query User{595768F6-F850-48EF-A59E-7E7872CC9ACE}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe FirewallRules: [UDP Query User{97CE6732-0E68-40D4-8155-CACB5E172BB2}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe FirewallRules: [{AB5BF077-77C0-487E-9B0C-C3CEAC66A495}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OMSI 2\Omsi.exe FirewallRules: [{B614DC3D-782B-42AD-961E-EE5BF9A47D52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OMSI 2\Omsi.exe FirewallRules: [TCP Query User{5F78F50B-F820-45DB-A1BF-553D9B0AF903}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [UDP Query User{1E98E320-BE9B-4613-9D73-CB07F8D4C8D9}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [TCP Query User{37F8C74E-0202-4BC7-86BE-C59283AFCB0A}C:\users\safe\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\safe\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{C2C3DB72-9F43-41B2-B978-95E139A0ED1A}C:\users\safe\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\safe\appdata\local\akamai\netsession_win.exe FirewallRules: [{27BC9547-AF6D-4B3C-95B2-E5981820A534}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{928C02F9-0D5F-4F69-9B06-46A7EFB96713}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{EBA5865F-B156-4BCB-910F-08C6A6B6CEA0}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{73A786ED-2FAA-4C29-9920-272681A56F9F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [TCP Query User{EE08E713-AAED-42DE-8DE9-5E681FD0FDF8}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe FirewallRules: [UDP Query User{035CF7C3-5EF0-45C0-BD5E-02BC6117D922}C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\dota_ugc\game\bin\win64\dota2.exe FirewallRules: [{5F6136AB-B6C3-4EB2-91FB-5B0A39285B35}] => (Allow) C:\Users\deckx\AppData\Local\Temp\java.exe FirewallRules: [{99DFD5FF-5D9E-4736-953C-A050EF064125}] => (Allow) C:\Users\deckx\AppData\Local\Temp\java.exe FirewallRules: [TCP Query User{D39349DA-7A07-4D2D-B4E5-D7CAD7C70FEB}C:\users\safe\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\safe\appdata\local\warthunder\launcher.exe FirewallRules: [UDP Query User{E7CD1D84-74A9-452D-8007-038DA514759C}C:\users\safe\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\safe\appdata\local\warthunder\launcher.exe FirewallRules: [TCP Query User{DF37AF0A-B348-4F75-A57E-DFF863441DE0}C:\users\safe\appdata\local\warthunder\aces.exe] => (Allow) C:\users\safe\appdata\local\warthunder\aces.exe FirewallRules: [UDP Query User{F98EDEAD-25CA-42EE-85FD-749D3EC5F880}C:\users\safe\appdata\local\warthunder\aces.exe] => (Allow) C:\users\safe\appdata\local\warthunder\aces.exe FirewallRules: [{D1CD2526-3193-4256-A3FA-AF8B540FEC00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8DA0F1FF-B4E4-4E03-A6DF-D3339CE25ED5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{26774203-1A88-4BC8-8017-5B3730306191}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{281B8B11-D831-43BF-89A3-CEA284CD60C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{85A813D2-71FE-4054-8A4E-CBD257FD4515}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{CF2427FE-F130-44CF-B3B3-409631461C68}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{70F452DC-B9A5-48DA-8910-A7C21EB84385}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{E4DBAB29-01F4-429B-8963-A1FCD7B3C31D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{4910A5BA-54F2-49D6-A635-36B38704EDDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{400F8B26-691B-4894-B291-39D955D01AE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A3D9E849-5DEB-4F3C-9801-C2DA7467D39E}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{F2FFE286-5C86-4273-AEB6-49C56CEB3C76}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe FirewallRules: [{5D796E1D-B84D-4EC0-92AE-703137B3A1F3}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{4C017A41-CAF6-4ADB-9559-B639F511BDC6}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\x86\FarmingSimulator2015Game.exe FirewallRules: [{F1641788-CF8B-4501-AFEA-2598697FE1F7}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [{1ECCA029-8006-43AE-A888-D6831A99CED1}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\x64\FarmingSimulator2015Game.exe FirewallRules: [TCP Query User{E51B6043-CF76-430F-855A-F12E43FC4A0B}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe FirewallRules: [UDP Query User{995F646F-3D22-4D74-BF37-73001E2F4E9E}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe FirewallRules: [{35C61AB3-437A-42C9-B797-EED05A191B43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{DE490620-46DC-4268-9292-E6DE72E2E4D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [TCP Query User{A097FC18-9883-46D7-A7CD-2D1FACD56281}C:\users\deckx\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\deckx\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [UDP Query User{4A048336-5AC5-4B04-9C2D-3C2A39EFF7E7}C:\users\deckx\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\deckx\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [{A61B4CB7-6710-4A9D-8749-A7DF1D4124FA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{0D317B24-C120-4B6C-907A-533522EAD880}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3A9948BC-C66C-4C47-A96C-A62F03EF66FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{04845E2D-0A08-4F93-AC4B-5C38AF0A79BF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{9B956437-05AF-4A27-9580-AE498BF9D7A1}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe FirewallRules: [UDP Query User{92CFB42A-EEE4-488C-93D0-935C5768272F}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe FirewallRules: [TCP Query User{74564905-DF1F-4E9C-8EC6-A4A105CE3CB3}C:\users\safe\appdata\local\skypeplugin\7.17.0.43\pluginhost.exe] => (Allow) C:\users\safe\appdata\local\skypeplugin\7.17.0.43\pluginhost.exe FirewallRules: [UDP Query User{99A9DCAD-99EE-49D6-A004-6158A1D3B217}C:\users\safe\appdata\local\skypeplugin\7.17.0.43\pluginhost.exe] => (Allow) C:\users\safe\appdata\local\skypeplugin\7.17.0.43\pluginhost.exe FirewallRules: [{4726765E-F9FD-427A-BA85-3A88F42A8641}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{9B3895A0-0E92-41CD-BD8D-1CE84E46A39F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{E3A9069A-2E00-42FE-9EAA-EBDD0BF0EF8B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{4DFCFE35-351A-4FC7-88C5-E8B633F551E0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{2CBD3521-EC8A-401C-AF6B-D6DC1E451EF4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{8CD64E2D-94F2-4DCB-AE00-1071ACAAABD0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [TCP Query User{93F21D55-9FCB-448D-87A5-CDED161B24BB}C:\users\safe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\safe\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{2AE6595D-B9D6-43BD-9F62-90ABCDA5B98D}C:\users\safe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\safe\appdata\roaming\spotify\spotify.exe FirewallRules: [{118FAA22-9B48-44A4-8CC7-895A38E7AA02}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{19EEEEDB-1391-4870-A720-4FF7BA459682}C:\users\deckx\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\deckx\appdata\roaming\utorrent\updates\3.4.6_42094.exe FirewallRules: [UDP Query User{DEE3418A-3C51-475B-9B52-6BD48F96D958}C:\users\deckx\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\deckx\appdata\roaming\utorrent\updates\3.4.6_42094.exe FirewallRules: [TCP Query User{E0468C53-5C36-4025-B043-781A6FF0EA52}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe FirewallRules: [UDP Query User{8A107B0F-5206-4B0A-9AD7-1B96EE428D01}C:\program files\call of duty black ops iii\blackops3.exe] => (Allow) C:\program files\call of duty black ops iii\blackops3.exe FirewallRules: [{868F346C-CAA7-4942-ADA4-DDE42F681222}] => (Allow) C:\Windows\Temp\download\MiniThunderPlatform.exe FirewallRules: [{CDE0C5D6-7266-4DD7-8DB9-84D8C45E4C1A}] => (Allow) C:\Windows\Temp\download\MiniThunderPlatform.exe FirewallRules: [{5C8392CB-853D-46AA-A75A-FD66B119F480}] => (Allow) C:\Users\deckx\AppData\Roaming\UPUpdata\download\MiniThunderPlatform.exe FirewallRules: [{6FBEE467-8749-469C-81FE-5589323CDD8D}] => (Allow) C:\Users\deckx\AppData\Roaming\UPUpdata\download\MiniThunderPlatform.exe FirewallRules: [{9F202A1A-5C73-47DC-A6C5-2B7B250C6D63}] => (Allow) C:\Users\deckx\AppData\Local\Temp\18194\download\MiniThunderPlatform.exe FirewallRules: [{9C6AB2DE-B4BA-4995-A0E6-66D1AD9358F6}] => (Allow) C:\Users\deckx\AppData\Local\Temp\18194\download\MiniThunderPlatform.exe ==================== Restore Points ========================= 26-04-2016 15:30:16 Scheduled Checkpoint 29-04-2016 12:08:46 Windows Update 29-04-2016 15:22:07 Windows Defender Checkpoint 29-04-2016 16:08:20 Removed Microsoft Office Professional Plus 2010 29-04-2016 19:39:41 Revo Uninstaller's restore point - UC浏览器 ==================== Faulty Device Manager Devices ============= Name: AODDriver4.1 Description: AODDriver4.1 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AODDriver4.1 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/01/2016 09:19:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (05/01/2016 09:15:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/01/2016 07:49:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (05/01/2016 07:44:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/01/2016 02:02:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (05/01/2016 01:56:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/01/2016 10:56:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x113c Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (05/01/2016 10:55:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1074 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (05/01/2016 10:53:40 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (05/01/2016 10:48:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/01/2016 09:14:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MPC Core Protect Service service failed to start due to the following error: %%2 Error: (05/01/2016 09:14:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Hardlock service failed to start due to the following error: %%1275 Error: (05/01/2016 09:14:55 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\hardlock.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (05/01/2016 09:14:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.1 service failed to start due to the following error: %%3 Error: (05/01/2016 07:44:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MPC Core Protect Service service failed to start due to the following error: %%2 Error: (05/01/2016 07:44:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Hardlock service failed to start due to the following error: %%1275 Error: (05/01/2016 07:44:05 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\SysWow64\drivers\hardlock.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (05/01/2016 07:44:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.1 service failed to start due to the following error: %%3 Error: (05/01/2016 01:56:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MPC Core Protect Service service failed to start due to the following error: %%2 Error: (05/01/2016 01:56:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Hardlock service failed to start due to the following error: %%1275 CodeIntegrity: =================================== Date: 2014-12-02 13:43:59.698 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-02 13:43:59.667 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-02 13:42:29.109 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-02 13:42:29.078 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-02 13:36:25.843 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-02 13:36:25.812 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX(tm)-6300 Six-Core Processor Percentage of memory in use: 28% Total physical RAM: 8140.05 MB Available physical RAM: 5830.11 MB Total Virtual: 16278.29 MB Available Virtual: 13837.06 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:653.78 GB) NTFS Drive d: (Farming Simulator 15 Gold) (CDROM) (Total:3.22 GB) (Free:0 GB) UDF Drive f: (INTENSO) (Fixed) (Total:465.76 GB) (Free:439.18 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 79997AC5) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 2731DE17) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================