Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2016 Ran by Ness (2016-07-19 01:35:39) Running from D:\ Windows 7 Ultimate (X64) (2013-02-16 19:27:24) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2907090157-1393807016-3485923136-500 - Administrator - Disabled) Guest (S-1-5-21-2907090157-1393807016-3485923136-501 - Limited - Enabled) Ness (S-1-5-21-2907090157-1393807016-3485923136-1000 - Administrator - Enabled) => C:\Users\Ness ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Action Replay PowerSaves 3DS version 1.28 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.28 - Datel Design & Development) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Aquaria (HKLM-x32\...\Steam App 24420) (Version: - Bit Blot) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Bastion (HKLM-x32\...\1423058311_is1) (Version: 2.0.0.6 - GOG.com) Black Chocobo (HKLM-x32\...\Black_Chocobo) (Version: - ) Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version: - ) calibre (HKLM-x32\...\{5A119A69-9ACD-4287-97FB-1EC30DE71459}) (Version: 2.31.0 - Kovid Goyal) calibre (HKLM-x32\...\{87CE002F-33CD-4C3A-95CA-6EC98DC1A6C3}) (Version: 0.9.21 - Kovid Goyal) CanoScan LiDE 100 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413) (Version: - ) CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Cockatrice (HKLM-x32\...\Cockatrice) (Version: - ) Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{E5C1C342-5E78-4D91-85BE-40C716B09391}) (Version: 3.55.7671.0901 - Sony Computer Entertainment Inc.) ControlConsole API version 2.60 (HKLM-x32\...\{E6C0F5ED-B5EA-451D-8CB1-57902AA188DE}_is1) (Version: 2.60 - Enstone) Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) dBpoweramp [ReplayGain] Codec (HKLM-x32\...\dBpoweramp [ReplayGain] Codec) (Version: Release 2 - Illustrate) dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 8 - Illustrate) dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.3 - Illustrate) dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version: Release 22 (Vorbis v1.3.3) - Illustrate) DC++ 0.851 (HKLM-x32\...\DC++) (Version: 0.851 - Jacek Sieka) Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - ) devkitProUpdater 1.5.4 (HKLM-x32\...\devkitProUpdater) (Version: 1.5.4 - devkitPro) Discord (HKU\S-1-5-21-2907090157-1393807016-3485923136-1000\...\Discord) (Version: 0.0.292 - Hammer & Chisel, Inc.) DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - ) Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ETDWare PS/2-X64 10.7.17.5_WHQL (HKLM\...\Elantech) (Version: 10.7.17.5 - ELAN Microelectronic Corp.) f.lux (HKU\S-1-5-21-2907090157-1393807016-3485923136-1000\...\Flux) (Version: - ) FileZilla Client 3.7.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1.1 - Tim Kosse) FINAL FANTASY VII (HKLM\...\Steam App 39140) (Version: - Square Enix) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Git version 2.8.3 (HKLM\...\Git_is1) (Version: 2.8.3 - The Git Development Community) GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Gtk# for .Net 2.12.10 (HKLM-x32\...\{550B72C4-F404-4812-971F-947E835A877E}) (Version: 2.12.10 - Novell, Inc.) HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) Hex Workshop v6.8 (HKLM\...\{A36AC685-4435-4C16-861F-221231DE165D}) (Version: 6.8.0.5419 - BreakPoint Software) HHD Software Free Hex Editor Neo 6.20 (HKU\S-1-5-21-2907090157-1393807016-3485923136-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.20.2.5651 - HHD Software, Ltd.) Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - ) HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - ) HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz) Hyper Light Drifter (HKLM\...\aHlwZXJsaWdodGRyaWZ0ZXI_is1) (Version: 1 - ) IconPackager (HKLM-x32\...\IconPackager) (Version: - Stardock Corporation) IconPackager (x32 Version: 4.20 - Stardock Corporation) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) InFlac 1.1.1 (HKLM-x32\...\InFlac) (Version: 1.1.1 - Michael Facquet) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) IsoBuster 3.2 (HKLM-x32\...\IsoBuster_is1) (Version: 3.2 - Smart Projects) Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation) JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH) La-Mulana (HKLM-x32\...\La-Mulana_is1) (Version: - GOG.com) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) LeechFTP (HKLM-x32\...\LeechFTP) (Version: - ) Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech) Magic 2014 — Duels of the Planeswalkers (HKLM-x32\...\Magic 2014 — Duels of the Planeswalkers_is1) (Version: - ) Magic 2015 (HKLM-x32\...\Magic 2015_is1) (Version: - ) Magic Duels (HKLM-x32\...\Steam App 316010) (Version: - Stainless Games Ltd.) Magic The Gathering - Duels of the Planeswalkers 2013 (HKLM-x32\...\Magic The Gathering - Duels of the Planeswalkers 2013_is1) (Version: - ) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net) MetaX for Windows (HKLM-x32\...\{608204F3-D2D0-4878-B377-A410C4E1CC95}) (Version: 2.50 - No Bull Software) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) mIRC (HKLM-x32\...\mIRC) (Version: 7.34 - mIRC Co. Ltd.) Momodora III (HKLM-x32\...\Momodora III_is1) (Version: - ) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Motorola Device Software Update (x32 Version: 13.02.1402 - Motorola Mobility) Hidden Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.3.0 - Mozilla) Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich) MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Music Manager (HKU\S-1-5-21-2907090157-1393807016-3485923136-1000\...\MusicManager) (Version: - Google, Inc.) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team) NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - ) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.8.12 - Prolific Technology INC) PS3 Cheats Editor (HKLM-x32\...\PS3 Cheats Editor) (Version: - ) puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) Python 2.7 Pillow-2.5.3 (HKU\S-1-5-21-2907090157-1393807016-3485923136-1000\...\Pillow-py2.7) (Version: - ) Python 2.7 pycrypto-2.6 (HKLM\...\pycrypto-py2.7) (Version: - ) Python 2.7 Twisted-15.2.1 (HKLM-x32\...\{B0D9B41F-CC4C-40B3-ADA6-D8E54D3B4E88}) (Version: 15.2.1 - Twisted Matrix Laboratories) Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation) Python 3.5.1 (64-bit) (HKU\S-1-5-21-2907090157-1393807016-3485923136-1000\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation) Python 3.5.1 Add to Path (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Core Interpreter (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Development Libraries (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Documentation (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Executables (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation) Python 3.5.1 pip Bootstrap (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Standard Library (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Tcl/Tk Support (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Test Suite (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden Python 3.5.1 Utility Scripts (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden Python Launcher (64-bit) (HKLM\...\{1CB6C42B-5887-47CF-AF21-988256F0455B}) (Version: 1.0.1.5 - Vinay Sajip) Qcma (HKLM\...\Qcma) (Version: 0.3.9 - codestation) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) QuickSFV (HKLM\...\{89B56CFC-0270-4ACF-8BF1-048251FD9E08}) (Version: 3.0.0 - Totally Useful Software, Inc.) QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.) Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.) ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions) SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.2.0.4 - GOG.com) Terraria version 1.3.0.8 (HKLM-x32\...\{D790E8D1-A817-49AA-9A71-47F7741BB669}_is1) (Version: 1.3.0.8 - Re-Logic) theRenamer 7.69 (HKLM-x32\...\{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1) (Version: - theRenamer) TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom) Transistor (HKLM-x32\...\Transistor_is1) (Version: - ) Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte) Undertale (HKLM-x32\...\VW5kZXJ0YWxl_is1) (Version: 1 - ) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VPNetwork LLC - TorGuard - Online Privacy Protection Services (HKLM-x32\...\VPNetwork LLC TorGuard) (Version: "0.3.43" - "VPNetwork LLC") Waterfox 43.0.4 (x64 en-US) (HKLM\...\Waterfox 43.0.4 (x64 en-US)) (Version: 43.0.4 - Mozilla) WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.0.1 - Shark007) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows 7 Portable Device Enabling Kit for MTP - Tools,Version 7R2 (HKLM-x32\...\{F04FB07B-0C96-48F8-95BB-FF8CAD522D2F}) (Version: 1 - Microsoft Corporation) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Driver Package - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation) WinImage (HKU\S-1-5-21-2907090157-1393807016-3485923136-1000\...\WinImage) (Version: - ) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl) x64 Components v4.0.1 (HKLM\...\x64 Components_is1) (Version: 4.0.1 - Shark007) xat.com Image Optimizer (HKLM-x32\...\xat.com Image Optimizer) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {086CE6C7-A48D-4F48-97F4-BE45D6D81886} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2907090157-1393807016-3485923136-1000Core => C:\Users\Ness\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.) Task: {09EC15DC-43EF-4B15-9E33-9CC6A3B6AB23} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.) Task: {166B58A6-B045-4C9B-81CA-84B5ADCABE58} - System32\Tasks\{6740AB46-91E9-4BD1-910F-16423883C75D} => pcalua.exe -a C:\Users\Ness\Desktop\pecsetup.exe -d C:\Users\Ness\Desktop Task: {29A2E223-6655-42AA-B3C0-A3A850573A30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {2E2535D2-E920-4299-8397-1F8A4292336D} - \AutoKMS -> No File <==== ATTENTION Task: {3F96BA6C-9CC5-4EB7-B76F-EB47608E9EE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-31] (Google Inc.) Task: {448314F1-D738-4DBD-987E-C415E5D3A6A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-31] (Google Inc.) Task: {4C8BAEBB-6AAF-45E4-B4D8-F0534A3D648C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated) Task: {5009812D-B882-4AAE-AD70-68975D0D2253} - System32\Tasks\{C627F6B6-90C5-416A-B70E-8FAEF09E2FB2} => pcalua.exe -a C:\Users\Ness\Desktop\dBpoweramp-Codec-[ReplayGain].exe -d C:\Users\Ness\Desktop Task: {51E019AE-B653-4EBB-A614-2F698E66CF77} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {5B5A2BED-995F-4AA2-933E-4F5734F41B8B} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics) Task: {6EA9422D-CF73-4E82-BDA1-C5E1784CFFBC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.) Task: {6FAE38C2-0707-4CFF-B26A-FB417E68A613} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2907090157-1393807016-3485923136-1000UA => C:\Users\Ness\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-04] (Google Inc.) Task: {873D1ED3-B98E-42F4-9E9B-648296128459} - System32\Tasks\{7D9D183F-D901-40FF-8C04-F546912BDB52} => pcalua.exe -a "D:\Computer Restore Files\Drivers\Install\Inst_WIFI.exe" -d "D:\Computer Restore Files\Drivers\Install" Task: {8D1C7C8A-7AC1-466D-8E6F-29AB460512D5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.) Task: {95A61BFC-58C7-4272-ABD4-58B8EA5D6026} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.) Task: {97554B52-AF07-4B5A-A36E-788AF1F78084} - System32\Tasks\DuckDNS Updater => C:\Users\Ness\ness151-comics.vbs [2015-12-03] () Task: {A3F690A0-D441-451D-A9F7-1938E1A1EDE3} - System32\Tasks\{9CD70AE8-6B5A-41FF-A348-37CD01A3A0C0} => pcalua.exe -a C:\Users\Ness\Desktop\winsdk_web.exe -d C:\Users\Ness\Desktop Task: {A785AD3A-FAA0-41F9-817A-FEB7E84EFAF8} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.) Task: {A865F896-2F07-4787-90E1-3097B1269151} - System32\Tasks\{2A7B8747-9974-42F4-B52C-9540FB5DF56D} => pcalua.exe -a C:\Users\Ness\AppData\Local\Temp\jre-8u91-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 Task: {B618C9A7-B22F-41DD-A514-B2FAE6A0C44D} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics) Task: {B99F122A-F06C-4E75-BDBA-6FE128C3FD4C} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions) Task: {BF030806-B299-47AF-BAE2-6DC6480D91D4} - System32\Tasks\{91CB682F-3713-4166-8588-9960B5490584} => T:\WiiU\loadiine ready\Virtual Console\DS\DS Editors\crystaltile2\CrystalTile2.exe Task: {D1B32F1C-44EA-40DB-91E7-3FBEEC0434E0} - System32\Tasks\{E262CF04-57A1-498A-8AEC-E4FAE7EA5718} => T:\WiiU\loadiine ready\Virtual Console\DS\DS Editors\crystaltile2\CrystalTile2.exe Task: {E69D739C-88AF-486E-BFB5-EC35ED7FCF61} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {ED4FCDFC-4E7A-4753-A1F4-1F45C7BE2574} - System32\Tasks\{64AD4A64-61CC-4055-85CE-714820CC86A4} => pcalua.exe -a "C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe" -d "C:\Program Files (x86)\Sony\Content Manager Assistant" Task: {ED6FF2ED-CD79-4EEF-8D7F-70D3A1AC49F6} - System32\Tasks\{04A004D1-E6D2-4B5A-817A-F2483E669CF7} => T:\WiiU\loadiine ready\Virtual Console\DS\DS Editors\crystaltile2\CrystalTile2.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2907090157-1393807016-3485923136-1000Core.job => C:\Users\Ness\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2907090157-1393807016-3485923136-1000UA.job => C:\Users\Ness\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Ness\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Ness\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86" ShortcutWithArgument: C:\Users\Ness\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Ness\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64" ShortcutWithArgument: C:\Users\Ness\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Ness\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64" ShortcutWithArgument: C:\Users\Ness\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi ShortcutWithArgument: C:\Users\Ness\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disk-cache-dir="d:\chrome_cache" ==================== Loaded Modules (Whitelisted) ============== 2016-02-04 13:08 - 2016-01-22 20:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-24 00:59 - 2016-04-24 00:59 - 00310272 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\cd7f212403e8b77a3f868557a9295cb9\ReactiveSockets.ni.dll 2014-05-02 11:52 - 2014-05-02 11:52 - 00599040 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\irrKlang.NET4.dll 2014-05-02 06:55 - 2014-05-02 06:55 - 00185344 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpflac.dll 2014-05-02 06:05 - 2014-05-02 06:05 - 00173056 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpmp3.dll 2013-02-16 14:53 - 2012-02-07 19:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2012-01-10 14:41 - 2015-07-13 13:55 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe 2014-06-23 18:46 - 2012-02-13 15:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe 2013-04-01 15:13 - 2013-03-01 17:45 - 00856016 _____ () C:\Program Files\Core Temp\Core Temp.exe 2012-03-26 18:33 - 2012-03-26 18:33 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll 2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2015-05-24 02:39 - 2016-05-02 01:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-11-17 12:44 - 2015-11-17 12:44 - 00117248 _____ () C:\Users\Ness\AppData\Local\Programs\Google\MusicManager\libaacdec.dll 2015-11-17 12:45 - 2015-11-17 12:45 - 00234496 _____ () C:\Users\Ness\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll 2015-11-17 12:45 - 2015-11-17 12:45 - 00253440 _____ () C:\Users\Ness\AppData\Local\Programs\Google\MusicManager\libid3tag.dll 2015-11-17 12:44 - 2015-11-17 12:44 - 00344064 _____ () C:\Users\Ness\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll 2014-06-23 18:46 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll 2014-05-03 12:48 - 2014-05-03 12:48 - 00100352 _____ () C:\Program Files (x86)\Deluge\win32api.pyd 2014-05-03 12:46 - 2014-05-03 12:46 - 00110080 _____ () C:\Program Files (x86)\Deluge\pywintypes26.dll 2014-05-03 12:49 - 2014-05-03 12:49 - 00396800 _____ () C:\Program Files (x86)\Deluge\pythoncom26.dll 2010-08-24 13:47 - 2010-08-24 13:47 - 00040448 _____ () C:\Program Files (x86)\Deluge\_socket.pyd 2010-08-24 13:48 - 2010-08-24 13:48 - 00720896 _____ () C:\Program Files (x86)\Deluge\_ssl.pyd 2015-09-12 10:59 - 2015-09-12 10:59 - 00019968 _____ () C:\Program Files (x86)\Deluge\zope.interface._zope_interface_coptimizations.pyd 2015-09-12 10:59 - 2015-09-12 10:59 - 00006656 _____ () C:\Program Files (x86)\Deluge\twisted.python._initgroups.pyd 2010-08-24 13:48 - 2010-08-24 13:48 - 00011776 _____ () C:\Program Files (x86)\Deluge\select.pyd 2010-08-24 13:48 - 2010-08-24 13:48 - 00073728 _____ () C:\Program Files (x86)\Deluge\_ctypes.pyd 2010-08-24 13:48 - 2010-08-24 13:48 - 00286208 _____ () C:\Program Files (x86)\Deluge\_hashlib.pyd 2011-09-02 06:55 - 2011-09-02 06:55 - 00010752 _____ () C:\Program Files (x86)\Deluge\OpenSSL.rand.pyd 2011-09-02 06:55 - 2011-09-02 06:55 - 00056320 _____ () C:\Program Files (x86)\Deluge\OpenSSL.crypto.pyd 2011-09-02 06:55 - 2011-09-02 06:55 - 00043520 _____ () C:\Program Files (x86)\Deluge\OpenSSL.SSL.pyd 2014-05-03 12:47 - 2014-05-03 12:47 - 00036864 _____ () C:\Program Files (x86)\Deluge\win32process.pyd 2014-05-03 12:47 - 2014-05-03 12:47 - 00119808 _____ () C:\Program Files (x86)\Deluge\win32file.pyd 2014-05-03 12:47 - 2014-05-03 12:47 - 00018432 _____ () C:\Program Files (x86)\Deluge\win32event.pyd 2014-05-03 12:48 - 2014-05-03 12:48 - 00167936 _____ () C:\Program Files (x86)\Deluge\win32gui.pyd 2010-08-24 13:48 - 2010-08-24 13:48 - 00585728 _____ () C:\Program Files (x86)\Deluge\unicodedata.pyd 2014-05-03 12:47 - 2014-05-03 12:47 - 00024064 _____ () C:\Program Files (x86)\Deluge\win32pipe.pyd 2015-09-12 10:58 - 2015-09-12 10:58 - 01029120 _____ () C:\Program Files (x86)\Deluge\PIL._imaging.pyd 2014-10-04 10:48 - 2014-10-04 10:48 - 00008704 _____ () C:\Program Files (x86)\Deluge\markupsafe._speedups.pyd 2011-08-15 21:12 - 2011-08-15 21:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll 2011-08-15 21:15 - 2011-08-15 21:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll 2011-08-17 17:41 - 2011-08-17 17:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll 2011-08-17 17:48 - 2011-08-17 17:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll 2011-11-25 14:29 - 2011-11-25 14:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll 2011-08-15 21:12 - 2011-08-15 21:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll 2011-08-17 17:48 - 2011-08-17 17:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll 2011-08-15 20:23 - 2011-08-15 20:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll 2011-11-25 14:28 - 2011-11-25 14:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll 2011-11-25 14:42 - 2011-11-25 14:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll 2011-11-25 14:26 - 2011-11-25 14:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll 2014-06-23 18:46 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll 2016-06-17 16:52 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-17 16:52 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2013-02-16 14:53 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5 [146] AlternateDataStreams: C:\Users\Public\DRM:احتضان [48] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\regfile\DefaultIcon: C:\Windows\Resources\Themes\Icons\iconpackager\Token(Dark)\Token(Dark) Icon 43.ico,0 <===== ATTENTION HKU\S-1-5-21-2907090157-1393807016-3485923136-1000\Software\Classes\.exe: => <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2016-05-12 13:12 - 00000223 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 cod-orc.com 127.0.0.1 www.cod-orc.com 31.170.160.249 fort42.hostei.com 198.41.208.137 reddit.com 88.208.18.30 www.xhamster.com 0.0.0.0 serius.mwbsys.com 0.0.0.0 keystone.mwbsys.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2907090157-1393807016-3485923136-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ness\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 4.2.2.2 - 4.2.2.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Google Update => "C:\Users\Ness\AppData\Local\Google\Update\GoogleUpdate.exe" /c ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{A19D5A83-D70C-4B67-8405-0A00FE5AA19B}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [UDP Query User{3EAD5071-CE37-4A4D-A232-85D04DD501E2}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [TCP Query User{DD60E61C-E598-4B7B-9408-5DD33A49CD09}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{6CB3995D-B4E1-4E81-8639-8D9145CD3238}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{5B93BF8A-72D0-4C21-900E-F3E0836446FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{326C8B81-FBA3-42C4-9703-57CE3864470D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AB30CF04-336A-47B5-AD97-4D0009AF0BDF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0DD06DF9-25DF-43D8-AFFB-CB77DB763DF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [{6C3E6568-910F-4286-B96B-844641148FA7}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe FirewallRules: [{75A23442-B2E8-4279-A533-04C0E0E6A911}] => (Allow) D:\Games\Steam\steamapps\common\Aquaria\Aquaria.exe FirewallRules: [{0176C953-869D-4758-9059-92113FE67522}] => (Allow) D:\Games\Steam\steamapps\common\Aquaria\Aquaria.exe FirewallRules: [TCP Query User{D9810292-C9B8-413F-950F-4BA6D3391E8F}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [UDP Query User{6378EA32-925C-4ECC-90F2-9A734D7C61DC}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe FirewallRules: [TCP Query User{4E262F5C-0EF5-4225-9E0B-1D03D824B05C}D:\l39\contents\launcher.exe] => (Allow) D:\l39\contents\launcher.exe FirewallRules: [UDP Query User{D37A8549-91C3-4D32-81A8-FABDFBF8ED43}D:\l39\contents\launcher.exe] => (Allow) D:\l39\contents\launcher.exe FirewallRules: [TCP Query User{2511A70B-2E1F-411E-B692-9EFAF5393F80}C:\program files (x86)\leechftp\leechftp.exe] => (Allow) C:\program files (x86)\leechftp\leechftp.exe FirewallRules: [UDP Query User{861738E3-3C5F-4BDA-8072-B6BE19BDAC8C}C:\program files (x86)\leechftp\leechftp.exe] => (Allow) C:\program files (x86)\leechftp\leechftp.exe FirewallRules: [TCP Query User{5FB000F4-3AD2-436E-9AAA-32DBD6C14A0F}C:4\m39\launcher.exe] => (Allow) C:4\m39\launcher.exe FirewallRules: [UDP Query User{3CC2D231-8F3E-4154-8C5D-E228E28C6C1B}C:4\m39\launcher.exe] => (Allow) C:4\m39\launcher.exe FirewallRules: [TCP Query User{D12D2FCE-6027-4254-8390-EAD2C0443F16}D:\m39\contents\launcher.exe] => (Allow) D:\m39\contents\launcher.exe FirewallRules: [UDP Query User{31547DCD-EED1-483E-A50F-C91C2E99874B}D:\m39\contents\launcher.exe] => (Allow) D:\m39\contents\launcher.exe FirewallRules: [TCP Query User{C9200F39-6863-4268-BCF4-18725E7C3E6A}D:\tricoro\contents\launcher.exe] => (Allow) D:\tricoro\contents\launcher.exe FirewallRules: [UDP Query User{AD241B5B-70F4-4E90-8EFB-7653D3BC75A8}D:\tricoro\contents\launcher.exe] => (Allow) D:\tricoro\contents\launcher.exe FirewallRules: [{4157FD90-2AC9-4545-8F74-682D9ECB776A}] => (Allow) D:\Games\Steam\steamapps\common\Trine 2\trine2_launcher.exe FirewallRules: [{CE4314B7-3EE2-48EF-9889-163A4AA0C89A}] => (Allow) D:\Games\Steam\steamapps\common\Trine 2\trine2_launcher.exe FirewallRules: [{F72CAC21-339F-4DB9-B472-C7C9AB8E503E}] => (Allow) D:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe FirewallRules: [{FAE2830F-50E9-45C7-8C9E-E40E5835496F}] => (Allow) D:\Games\Steam\steamapps\common\hotline_miami\HotlineMiami.exe FirewallRules: [TCP Query User{9C799AE7-E13E-425E-9BB7-82925CCF4231}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe FirewallRules: [UDP Query User{6A5DF3E3-4E38-4177-AD5B-56D68C7970A8}C:\program files (x86)\filezilla ftp client\filezilla.exe] => (Allow) C:\program files (x86)\filezilla ftp client\filezilla.exe FirewallRules: [TCP Query User{F2BF830B-B4E6-4408-B211-36AAC4FA420A}D:\games\steam\steam.exe] => (Allow) D:\games\steam\steam.exe FirewallRules: [UDP Query User{E3F4B253-2BAF-4539-BB41-2EEBC77A533A}D:\games\steam\steam.exe] => (Allow) D:\games\steam\steam.exe FirewallRules: [TCP Query User{46B925D9-5E06-40D5-BF24-0EAA1103C2C6}D:\games\emulators\ppsspp\ppssppwindows64.exe] => (Allow) D:\games\emulators\ppsspp\ppssppwindows64.exe FirewallRules: [UDP Query User{B044628D-DE22-4E88-BAB7-B0F9A249CE88}D:\games\emulators\ppsspp\ppssppwindows64.exe] => (Allow) D:\games\emulators\ppsspp\ppssppwindows64.exe FirewallRules: [{C92D839D-9BEA-47E0-B829-B39175213F78}] => (Block) D:\games\emulators\ppsspp\ppssppwindows64.exe FirewallRules: [{6461548F-9AF3-473C-8118-4E12932DE168}] => (Block) D:\games\emulators\ppsspp\ppssppwindows64.exe FirewallRules: [TCP Query User{04550082-D13C-4017-8CD9-A24E13ACB663}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe FirewallRules: [UDP Query User{3D15D6DA-273B-4F07-B487-031FA05B11D3}C:\program files (x86)\sony\content manager assistant\cma.exe] => (Allow) C:\program files (x86)\sony\content manager assistant\cma.exe FirewallRules: [{0B31619A-D368-46AF-923B-55863DF6C1BA}] => (Block) C:\program files (x86)\sony\content manager assistant\cma.exe FirewallRules: [{28917E57-F442-49F0-BE27-9C01F56775F5}] => (Block) C:\program files (x86)\sony\content manager assistant\cma.exe FirewallRules: [{10708946-FCC3-4EF9-9746-C57A147E68E8}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{D3513E37-B182-4A6A-91AC-C0D690C87EB0}] => (Allow) C:\Program Files (x86)\Action Replay PowerSaves 3DS\PowerSaves3DS.exe FirewallRules: [{E428C072-AC73-4B62-B49F-33031222A82A}] => (Allow) C:\Program Files (x86)\Action Replay PowerSaves 3DS\PowerSaves3DS.exe FirewallRules: [{316F5286-6F3D-4D6E-83CB-F6C8FC3CBED4}] => (Allow) C:\Program Files (x86)\Action Replay PowerSaves 3DS\PowerSaves3DS.exe FirewallRules: [{0C686AB0-CFB4-4F62-87F0-2F52B81C5A79}] => (Allow) C:\Program Files (x86)\Action Replay PowerSaves 3DS\PowerSaves3DS.exe FirewallRules: [{109DE175-3432-4EFC-A444-1BAB329F7A02}] => (Allow) D:\Games\Steam\steamapps\common\left 4 dead\left4dead.exe FirewallRules: [{FF48522C-4E21-4624-8B2C-06B7507573A2}] => (Allow) D:\Games\Steam\steamapps\common\left 4 dead\left4dead.exe FirewallRules: [TCP Query User{52F0FCAF-D112-498F-8665-C49A5B718AEA}C:\program files (x86)\mircbot\mirc.exe] => (Allow) C:\program files (x86)\mircbot\mirc.exe FirewallRules: [UDP Query User{EB13B8C7-8172-4435-989E-5C0064B5BF83}C:\program files (x86)\mircbot\mirc.exe] => (Allow) C:\program files (x86)\mircbot\mirc.exe FirewallRules: [{0B38AA83-7B3D-4C2C-8FB9-07940D61679C}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe FirewallRules: [{A5A4BF1C-33E1-454D-B740-34FD754B68A3}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{38DE451B-F9CC-4247-8AD9-F930CBA63DD5}C:\program files (x86)\cockatrice\servatrice.exe] => (Block) C:\program files (x86)\cockatrice\servatrice.exe FirewallRules: [UDP Query User{D27F3B20-50AB-4562-8454-0DA708A53157}C:\program files (x86)\cockatrice\servatrice.exe] => (Block) C:\program files (x86)\cockatrice\servatrice.exe FirewallRules: [{F9DE4AAD-0B12-4B86-BF86-7804868E215A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{4698C1EE-B3C9-4D29-9037-327C0BC6ADBC}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{62BA8881-D27E-4CE2-A2E2-F7FE2C1A9EC3}D:9\xbmc\xbmc.exe] => (Block) D:9\xbmc\xbmc.exe FirewallRules: [UDP Query User{855C6232-9D11-4D61-8F24-5CFDBF1DEFD0}D:9\xbmc\xbmc.exe] => (Block) D:9\xbmc\xbmc.exe FirewallRules: [{7DC19B55-1F97-4489-8105-B9EF013414F3}] => (Allow) D:\Games\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe FirewallRules: [{A26D6CF0-C3AF-47D8-87A2-008B4FD48DA6}] => (Allow) D:\Games\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe FirewallRules: [{F95D414F-F661-4399-8433-8B901A6603B4}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{56297CC7-6405-41E1-A248-36FE6B16CD3C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [TCP Query User{7B64F608-B942-468A-9433-521E12387D83}C:\users\ness\desktop\skfupr0xy\skfupr0xy.exe] => (Allow) C:\users\ness\desktop\skfupr0xy\skfupr0xy.exe FirewallRules: [UDP Query User{C6D403C4-BE05-416C-91C4-439A00FC4F0E}C:\users\ness\desktop\skfupr0xy\skfupr0xy.exe] => (Allow) C:\users\ness\desktop\skfupr0xy\skfupr0xy.exe FirewallRules: [TCP Query User{D84A83EC-C303-4F83-ADAD-542104837EDE}C:\users\ness\desktop\skfupr0xy\nginx server\nginx.exe] => (Allow) C:\users\ness\desktop\skfupr0xy\nginx server\nginx.exe FirewallRules: [UDP Query User{28784C79-1EB3-45B5-89D8-98FE621676B7}C:\users\ness\desktop\skfupr0xy\nginx server\nginx.exe] => (Allow) C:\users\ness\desktop\skfupr0xy\nginx server\nginx.exe FirewallRules: [TCP Query User{9EE0CD16-71C6-4C40-8613-24AD7CBFC662}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe FirewallRules: [UDP Query User{AA607C11-8A60-4E44-A842-EE59A623FF47}C:\program files\dc++\dcplusplus.exe] => (Allow) C:\program files\dc++\dcplusplus.exe FirewallRules: [TCP Query User{F17A4AF6-ACC4-44F2-A44F-7C6FBB70109E}C:\python27\python.exe] => (Allow) C:\python27\python.exe FirewallRules: [UDP Query User{E706DCCE-B28E-462C-909D-BBEFD2EDE902}C:\python27\python.exe] => (Allow) C:\python27\python.exe FirewallRules: [TCP Query User{5E03A1A5-979B-4790-A52B-A9169644DD0F}C:\users\ness\desktop\mh4u decryption tools\skfuproxy\skfupr0xy.exe] => (Allow) C:\users\ness\desktop\mh4u decryption tools\skfuproxy\skfupr0xy.exe FirewallRules: [UDP Query User{4B735370-0F01-4EF9-AF2A-025EE6BD541E}C:\users\ness\desktop\mh4u decryption tools\skfuproxy\skfupr0xy.exe] => (Allow) C:\users\ness\desktop\mh4u decryption tools\skfuproxy\skfupr0xy.exe FirewallRules: [TCP Query User{6FA5717C-608C-4F68-89B0-C6D0F2042C09}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe FirewallRules: [UDP Query User{EA3CB305-38A1-4084-99B9-101EEC18C473}C:\program files\qcma\qcma.exe] => (Allow) C:\program files\qcma\qcma.exe FirewallRules: [TCP Query User{9DE508D0-503B-4E36-8253-C25A0A220C49}C:\users\ness\appdata\local\temp\rar$exa0.120\vita_update_blocker_v1.2.exe] => (Allow) C:\users\ness\appdata\local\temp\rar$exa0.120\vita_update_blocker_v1.2.exe FirewallRules: [UDP Query User{C3554E59-D540-4430-B006-8BF4E80BE47A}C:\users\ness\appdata\local\temp\rar$exa0.120\vita_update_blocker_v1.2.exe] => (Allow) C:\users\ness\appdata\local\temp\rar$exa0.120\vita_update_blocker_v1.2.exe FirewallRules: [TCP Query User{6F6EF3F8-DB70-4C56-A5F0-177EEC2718D3}C:\users\ness\appdata\local\temp\rar$exa0.118\vita_update_blocker_v1.2.exe] => (Allow) C:\users\ness\appdata\local\temp\rar$exa0.118\vita_update_blocker_v1.2.exe FirewallRules: [UDP Query User{E5421468-B25A-4867-98A3-C3B2E27400AE}C:\users\ness\appdata\local\temp\rar$exa0.118\vita_update_blocker_v1.2.exe] => (Allow) C:\users\ness\appdata\local\temp\rar$exa0.118\vita_update_blocker_v1.2.exe FirewallRules: [TCP Query User{34B27B07-CC6F-4325-B845-4A71A443D43B}C:\users\ness\desktop\rejuvinate\vita_update_blocker_v1.2.exe] => (Allow) C:\users\ness\desktop\rejuvinate\vita_update_blocker_v1.2.exe FirewallRules: [UDP Query User{E1A79F4A-5C41-4961-B7EA-630C0C598242}C:\users\ness\desktop\rejuvinate\vita_update_blocker_v1.2.exe] => (Allow) C:\users\ness\desktop\rejuvinate\vita_update_blocker_v1.2.exe FirewallRules: [TCP Query User{B6781CEB-1FBB-40AB-AF7D-0D16C28E3CE1}C:\users\ness\desktop\rejuvinate\vitadefilerunity.exe] => (Allow) C:\users\ness\desktop\rejuvinate\vitadefilerunity.exe FirewallRules: [UDP Query User{0F1E2475-939B-4B0D-9195-D8E3F20F5D05}C:\users\ness\desktop\rejuvinate\vitadefilerunity.exe] => (Allow) C:\users\ness\desktop\rejuvinate\vitadefilerunity.exe FirewallRules: [TCP Query User{7D01EE9C-BD5B-496A-B58B-9A735D4FED12}C:\reju\vitadefilerunity.exe] => (Allow) C:\reju\vitadefilerunity.exe FirewallRules: [UDP Query User{22CCC59E-002B-4898-BC22-B423B0B8DD0E}C:\reju\vitadefilerunity.exe] => (Allow) C:\reju\vitadefilerunity.exe FirewallRules: [TCP Query User{E6AABCF4-08BD-4B4B-B7BD-6B1608432075}E:\vitadefilerunity.exe] => (Allow) E:\vitadefilerunity.exe FirewallRules: [UDP Query User{F29CB6F7-8C62-4DA3-90FD-0FB2C144C5F8}E:\vitadefilerunity.exe] => (Allow) E:\vitadefilerunity.exe FirewallRules: [TCP Query User{C7A91C48-EB45-42CB-A9EE-0892C0B8718C}C:0\vitadefilerunity.exe] => (Allow) C:0\vitadefilerunity.exe FirewallRules: [UDP Query User{DD228B3B-0D36-4711-9716-DAD09B01DA06}C:0\vitadefilerunity.exe] => (Allow) C:0\vitadefilerunity.exe FirewallRules: [TCP Query User{E32F3D9D-A2C6-4A34-A897-BD0DBC591C36}C:0\vitadefilerunity.exe] => (Allow) C:0\vitadefilerunity.exe FirewallRules: [UDP Query User{BE12643D-B541-46CF-B387-22F1E9A43E93}C:0\vitadefilerunity.exe] => (Allow) C:0\vitadefilerunity.exe FirewallRules: [{30021FEE-EA89-4A63-829D-81B56324D0DB}] => (Allow) C:\Program Files\Waterfox\waterfox.exe FirewallRules: [{50666C6E-1507-41D2-AE91-782627A3B20D}] => (Allow) C:\Program Files\Waterfox\waterfox.exe FirewallRules: [TCP Query User{6C0FF3F9-FB70-4EBA-85BC-413ACBFB058F}C:\reju\vub\vita_update_blocker_v1.2.exe] => (Allow) C:\reju\vub\vita_update_blocker_v1.2.exe FirewallRules: [UDP Query User{BECD7861-9F76-4CBB-9CC6-D069989AD578}C:\reju\vub\vita_update_blocker_v1.2.exe] => (Allow) C:\reju\vub\vita_update_blocker_v1.2.exe FirewallRules: [TCP Query User{81083849-96DD-4D62-B524-D8E9796B56C8}C:\reju\vub\vub.exe] => (Allow) C:\reju\vub\vub.exe FirewallRules: [UDP Query User{295BCDA0-21AB-4F6B-BB9F-43F1D924BA2B}C:\reju\vub\vub.exe] => (Allow) C:\reju\vub\vub.exe FirewallRules: [TCP Query User{43DC1693-82B2-4B8F-872B-56FC6AD6B028}E:\vita_update_blocker_v1.2.exe] => (Allow) E:\vita_update_blocker_v1.2.exe FirewallRules: [UDP Query User{F400CC20-1E08-411A-BF06-7A8C88092568}E:\vita_update_blocker_v1.2.exe] => (Allow) E:\vita_update_blocker_v1.2.exe FirewallRules: [{CFC1AF01-7511-4911-85C8-953F386E89F4}] => (Block) E:\vita_update_blocker_v1.2.exe FirewallRules: [{1B7F9238-5130-47C7-9E26-10C2C462FBA1}] => (Block) E:\vita_update_blocker_v1.2.exe FirewallRules: [TCP Query User{40B25C90-E9D9-47AD-A70E-4C600F383B19}D:\psvita custom psp game bubbles creation\vup.exe] => (Allow) D:\psvita custom psp game bubbles creation\vup.exe FirewallRules: [UDP Query User{F7DD96BC-5CF7-43B7-9003-4FF7998E2BA1}D:\psvita custom psp game bubbles creation\vup.exe] => (Allow) D:\psvita custom psp game bubbles creation\vup.exe FirewallRules: [TCP Query User{6F515EDE-52D7-46ED-9C0C-39119BB02D8F}I:\vitadefilerunity.exe] => (Allow) I:\vitadefilerunity.exe FirewallRules: [UDP Query User{DE7DE6F2-25EC-445A-8194-1C5CCAE74338}I:\vitadefilerunity.exe] => (Allow) I:\vitadefilerunity.exe FirewallRules: [{A923FD90-67CF-4F78-960B-CCAB0B07C990}] => (Block) I:\vitadefilerunity.exe FirewallRules: [{6D3CBD07-9565-46D2-A17A-ADBF5A559E1E}] => (Block) I:\vitadefilerunity.exe FirewallRules: [TCP Query User{DF4F3884-B202-4FD4-855C-21FEC9C50E58}E:\vup.exe] => (Allow) E:\vup.exe FirewallRules: [UDP Query User{CA112E67-65B0-4904-89E2-BDFA91E2D87D}E:\vup.exe] => (Allow) E:\vup.exe FirewallRules: [{D283A06D-195E-4BBE-8CA0-4612C08A4CF1}] => (Allow) D:\Games\Steam\steamapps\common\Magic Duels\MagicDuels.exe FirewallRules: [{45A4C062-9603-426A-8E63-DFD11C496BB9}] => (Allow) D:\Games\Steam\steamapps\common\Magic Duels\MagicDuels.exe FirewallRules: [{B017DC3B-100E-4553-B71E-F6B6ACC91D31}] => (Allow) D:\Games\Steam\steamapps\common\Magic Duels\MagicDuels.exe FirewallRules: [{B15B514D-D076-4E6C-8B93-0306385414B8}] => (Allow) D:\Games\Steam\steamapps\common\Magic Duels\MagicDuels.exe FirewallRules: [TCP Query User{8E2993A4-5B42-4FAF-AF05-7E74F51EC14C}D:\n3ds cia files\new folder\ntrviewer\ntrviewer.exe] => (Allow) D:\n3ds cia files\new folder\ntrviewer\ntrviewer.exe FirewallRules: [UDP Query User{56A20FC3-739C-48C9-B6B8-6E24B86BBB51}D:\n3ds cia files\new folder\ntrviewer\ntrviewer.exe] => (Allow) D:\n3ds cia files\new folder\ntrviewer\ntrviewer.exe FirewallRules: [TCP Query User{778D0344-EA3C-4974-81C4-F8F884277142}D:\n3ds cia files\new folder\fakeproxy\server.exe] => (Allow) D:\n3ds cia files\new folder\fakeproxy\server.exe FirewallRules: [UDP Query User{D7E9A9E7-E829-4F31-A580-319F367B2E46}D:\n3ds cia files\new folder\fakeproxy\server.exe] => (Allow) D:\n3ds cia files\new folder\fakeproxy\server.exe FirewallRules: [{7E718C9A-7F3C-4454-B715-81C4C3982728}] => (Block) D:\n3ds cia files\new folder\fakeproxy\server.exe FirewallRules: [{75CEDD2A-DE32-43F7-931F-7CB4B7044667}] => (Block) D:\n3ds cia files\new folder\fakeproxy\server.exe FirewallRules: [{25D7AEEF-3B06-435B-8A5B-B1E03EEFF408}] => (Allow) D:\n3ds CIA files\New folder\NTRDebugger\ntrclient.exe FirewallRules: [{F62DCC23-24C9-4B08-9EEB-56114C9DDDA2}] => (Allow) D:\n3ds CIA files\New folder\NTRDebugger\ntrclient.exe FirewallRules: [{D5D96C80-4EA6-42E2-B149-A91221C4B7B3}] => (Allow) D:\n3ds CIA files\New folder\NTRDebugger\ntrclient.exe FirewallRules: [{9B243A31-37A0-41C0-8C27-5E6C6236256E}] => (Allow) D:\n3ds CIA files\New folder\NTRDebugger\ntrclient.exe FirewallRules: [{0FBEE1CE-AEE7-4FD8-B6A6-261D290250E3}] => (Allow) D:\Games\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe FirewallRules: [{E4830CEE-61FB-407B-B257-2AB55C87484E}] => (Allow) D:\Games\Steam\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe FirewallRules: [TCP Query User{7D65041C-2AD8-45C7-8C2F-95F18AA09C83}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe FirewallRules: [UDP Query User{D53BE2A5-102C-4DF8-8B88-2EC27EB544A6}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe FirewallRules: [{935A9032-2E8F-45D4-A3B0-481E90702A01}] => (Block) C:\program files (x86)\deluge\deluge.exe FirewallRules: [{81CEE5F3-13A3-456A-8C48-87DDBC5E661B}] => (Block) C:\program files (x86)\deluge\deluge.exe FirewallRules: [TCP Query User{05101F45-A76C-4F6B-8EED-5BC129FDDD47}C:\program files (x86)\deluge\deluged.exe] => (Allow) C:\program files (x86)\deluge\deluged.exe FirewallRules: [UDP Query User{DCD45F2B-5A49-4FA2-8038-6777E13A35A2}C:\program files (x86)\deluge\deluged.exe] => (Allow) C:\program files (x86)\deluge\deluged.exe FirewallRules: [{A01E8F61-A42E-4A72-B779-6C9D4834B821}] => (Block) C:\program files (x86)\deluge\deluged.exe FirewallRules: [{C64B0CB3-86B8-452B-8AD9-04076F8BCE3A}] => (Block) C:\program files (x86)\deluge\deluged.exe FirewallRules: [TCP Query User{3B290406-5FA8-4C9E-AD63-460EB450BC1E}D:\downloads\aria2c\aria2c.exe] => (Allow) D:\downloads\aria2c\aria2c.exe FirewallRules: [UDP Query User{18A56B76-FEE0-46C4-B6C5-4C2A3672403C}D:\downloads\aria2c\aria2c.exe] => (Allow) D:\downloads\aria2c\aria2c.exe FirewallRules: [{B7E0F0B8-A8AE-4EAE-A071-C49B98999390}] => (Block) D:\downloads\aria2c\aria2c.exe FirewallRules: [{5D0F2D88-5B1A-4624-B07F-81522C0756BC}] => (Block) D:\downloads\aria2c\aria2c.exe FirewallRules: [{871450A5-1C1D-491F-A0BD-8E5C58FCBB4B}] => (Allow) D:\n3ds cia files\new folder\ntrviewer\ntrviewer.exe FirewallRules: [{004C733A-A080-42BB-BE46-6135233900C9}] => (Allow) D:\n3ds cia files\new folder\ntrviewer\ntrviewer.exe FirewallRules: [{E76F2F8A-EBD7-46E8-9783-BA7FD7B582F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{7E57F0C1-F5FA-4CFC-80FB-E451BC249B89}D:\cafiine\server\cafiine_server.exe] => (Allow) D:\cafiine\server\cafiine_server.exe FirewallRules: [UDP Query User{AF500EE2-FAF9-456B-BD03-4E45775556FF}D:\cafiine\server\cafiine_server.exe] => (Allow) D:\cafiine\server\cafiine_server.exe FirewallRules: [{1A497C4C-8C4B-4C31-8649-285044FF6959}] => (Block) D:\cafiine\server\cafiine_server.exe FirewallRules: [{DB5E270C-2E90-4C57-A638-CF4994098ECC}] => (Block) D:\cafiine\server\cafiine_server.exe ==================== Restore Points ========================= 15-07-2016 04:36:06 Windows Update 18-07-2016 12:49:35 Windows Defender Checkpoint ==================== Faulty Device Manager Devices ============= Name: WebCam SC-13HDL12131N Description: USB Video Device Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: avgtp Description: avgtp Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: avgtp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft Virtual WiFi Miniport Adapter #2 Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport Adapter #3 Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/18/2016 04:40:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume (C:) was not defragmented because an error was encountered: An attempt was made to load a program with an incorrect format. (0x8007000B) Error: (07/13/2016 04:55:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume (C:) was not defragmented because an error was encountered: An attempt was made to load a program with an incorrect format. (0x8007000B) Error: (07/11/2016 01:22:49 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SFEGecko.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1acc Start Time: 01d1dba01619f4f7 Termination Time: 4 Application Path: D:\Wiiu games\FE RAM Editor\SFEGecko.exe Report Id: 0e9804f9-4794-11e6-8870-c8f7334ac463 Error: (07/06/2016 02:04:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: msi.dll, version: 5.0.7601.18896, time stamp: 0x557f4749 Exception code: 0xc0000005 Fault offset: 0x00000000001f1132 Faulting process id: 0x974 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (07/03/2016 10:58:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Gecko dNet.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1c68 Start Time: 01d1d5a7eebbf8c1 Termination Time: 2 Application Path: D:\Wiiu games\TCPGeckodNET\Gecko dNet.exe Report Id: 8772811c-419b-11e6-8870-c8f7334ac463 Error: (07/03/2016 07:00:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: dmhkcore.exe, version: 3.2.8.40, time stamp: 0x4fc61650 Faulting module name: MMDevApi.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b892 Exception code: 0xc0000005 Fault offset: 0x00023b0f Faulting process id: 0xc5c Faulting application start time: 0xdmhkcore.exe0 Faulting application path: dmhkcore.exe1 Faulting module path: dmhkcore.exe2 Report Id: dmhkcore.exe3 Error: (06/22/2016 06:27:26 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume (C:) was not defragmented because an error was encountered: An attempt was made to load a program with an incorrect format. (0x8007000B) Error: (06/20/2016 01:45:40 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume (C:) was not defragmented because an error was encountered: An attempt was made to load a program with an incorrect format. (0x8007000B) Error: (06/18/2016 10:10:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mpc-hc64.exe version 1.7.6.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1cbc Start Time: 01d1c98f6d3a5c8f Termination Time: 18 Application Path: C:\Program Files (x86)\MPC-HC\mpc-hc64.exe Report Id: 65521037-35cb-11e6-8e82-c8f7334ac463 Error: (06/17/2016 01:59:28 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ntrclient.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 33dc Start Time: 01d1c865a803693f Termination Time: 3 Application Path: D:\n3ds CIA files\New folder\NTRDebugger\ntrclient.exe Report Id: 066572f4-3459-11e6-8e82-c8f7334ac463 System errors: ============= Error: (07/18/2016 01:53:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. Error: (07/18/2016 01:50:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: avgtp trkgg Error: (07/18/2016 01:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PST Service service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/18/2016 01:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The EMS Inter-Link driver V3.0 service failed to start due to the following error: %%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Error: (07/18/2016 01:49:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (07/18/2016 01:49:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (07/18/2016 01:49:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bluetooth Device Monitor service. Error: (07/18/2016 01:48:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 = An instance of the service is already running. Error: (07/18/2016 01:48:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (07/18/2016 01:48:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-07-18 13:49:59.595 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\EMSLink_amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-18 13:49:59.580 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\EMSLink_amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-18 13:02:06.107 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\EMSLink_amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-18 13:02:06.076 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\EMSLink_amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-18 12:32:34.717 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\EMSLink_amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-18 12:32:34.686 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\EMSLink_amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-03 19:17:54.074 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\EMSLink_amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-03 19:17:54.043 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\EMSLink_amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-03 18:54:50.560 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\EMSLink_amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-07-03 18:54:50.528 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\EMSLink_amd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3635QM CPU @ 2.40GHz Percentage of memory in use: 68% Total physical RAM: 7893.54 MB Available physical RAM: 2504.37 MB Total Virtual: 21979.02 MB Available Virtual: 15632.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:5.67 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Stuff) (Fixed) (Total:831.51 GB) (Free:151.02 GB) NTFS Drive g: (ReadyBoost) (Fixed) (Total:7.46 GB) (Free:0.1 GB) NTFS Drive r: (Game Backups) (Network) (Total:1862.98 GB) (Free:86.28 GB) NTFS Drive s: (Downloads) (Network) (Total:465.76 GB) (Free:268.8 GB) NTFS Drive t: (iPod Music and TV) (Network) (Total:465.76 GB) (Free:157.04 GB) NTFS Drive u: (Television) (Network) (Total:1863.02 GB) (Free:11.22 GB) NTFS Drive v: (Television 2) (Network) (Total:931.51 GB) (Free:71.31 GB) NTFS Drive w: (Anime) (Network) (Total:931.51 GB) (Free:256.69 GB) NTFS Drive x: (Anime 2) (Network) (Total:465.76 GB) (Free:271.99 GB) NTFS Drive y: (Movies) (Network) (Total:1863.01 GB) (Free:139.14 GB) NTFS Drive z: (Movies 2) (Network) (Total:931.51 GB) (Free:364.64 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DFB2B9D1) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=831.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.5 GB) (Disk ID: 74F02DEA) Partition 1: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================