Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016 Ran by pahmadi (2016-08-11 17:24:19) Running from C:\Users\pahmadi\Desktop Windows 10 Home Version 1511 (X64) (2016-04-03 03:15:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3840187337-3860288294-2545479360-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3840187337-3860288294-2545479360-503 - Limited - Disabled) Guest (S-1-5-21-3840187337-3860288294-2545479360-501 - Limited - Disabled) pahmadi (S-1-5-21-3840187337-3860288294-2545479360-1001 - Administrator - Enabled) => C:\Users\pahmadi ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Ansel (Version: 368.81 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software) Avira Launcher (HKLM-x32\...\{05f7f410-0274-45d0-91dc-712a62aadd96}) (Version: 1.2.68.19138 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.2.68.19138 - Avira Operations GmbH & Co. KG) Hidden Batman - The Telltale Series (HKLM-x32\...\2140144872_is1) (Version: 2.0.0.3 - GOG.com) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Borderlands The Pre-Sequel (HKLM-x32\...\Borderlands The Pre-Sequel_is1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform) DARK SOULS III (HKLM\...\Steam App 374320) (Version: - FromSoftware, Inc.) Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - ) Dishonored Game of the Year Edition (HKLM-x32\...\RGlzaG9ub3JlZA==_is1) (Version: 1 - ) Dragonball Xenoverse Bundle Edition (HKLM-x32\...\Dragonball Xenoverse Bundle Edition_is1) (Version: - ) Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - ) FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.44.20513.9 - Electronic Arts) Fraps (HKLM-x32\...\Fraps) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - ) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.) Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel) Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation) iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mass Effect 2 (HKLM-x32\...\{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1) (Version: - ) Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC (HKLM-x32\...\Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC_is1) (Version: Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC - Repack by Fenixx (09.03.2013)) Matlab R2015a (HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\webfas-79f28e00@@WEBFAS.Matlab R2015a) (Version: 1.0 - Delivered by Citrix) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version: - ) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6741.2056 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD) NBA 2K16 (HKLM-x32\...\NBA 2K16_is1) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA Miracast Virtual Audio 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 359.06 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1034 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.10.2.4863 - Electronic Arts, Inc.) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.40.723.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder) Rocket League (HKLM\...\Steam App 252950) (Version: - Psyonix) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Sleeping Dogs Definitive Edition (HKLM-x32\...\Sleeping Dogs Definitive Edition_is1) (Version: - ) SPSS 23 (HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\...\webfas-79f28e00@@WEBFAS.SPSS 23) (Version: 1.0 - Delivered by Citrix) STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM\...\Steam App 208580) (Version: - Obsidian Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.6.0 - GOG.com) The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.0.10.0 - GOG.com) The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.0.0 - GOG.com) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.6 - Tweaking.com) Undertale (HKLM-x32\...\1456487183_is1) (Version: 2.0.0.2 - GOG.com) Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3840187337-3860288294-2545479360-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\pahmadi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03EEA146-A8F7-49FA-9FDC-399368674EBE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {13E8B8C4-C62B-4E52-A1AC-7CB36D3E7A00} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {1478BDEB-6CB6-41D7-BE28-582335D29A47} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd) Task: {1A3AA77B-A047-4E7B-A823-CE7EA658195D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-10] (Google Inc.) Task: {293ECE89-1EE4-481A-AE73-CE2D69592DAC} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Users\pahmadi\Desktop\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com) Task: {3E5E4F43-1A81-435E-B999-AB12C152B330} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation) Task: {4BB79EB5-74C8-4D3C-98D1-3E99B181E8D8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {700D2B53-DD55-4F8C-A9E7-895A62C8ADFD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {821E7EB7-7543-444B-A88C-8B1EDC7A6EAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation) Task: {89E097FA-DA17-4C9A-957B-93DD2C09FC1E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {95A3C0B9-6682-4846-A2E3-CCA42F2DC98C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {989EE0F6-AFD0-4B85-AE8D-58D8F526A7CD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-07-20] (Microsoft Corporation) Task: {99D12236-AA79-432C-BFF3-9FBB52A21D9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {B43CE578-C76D-4C15-8EFF-C332E27064A9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {B442857B-BD6F-4744-A28C-B653D64E8026} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {BA705F22-48E7-4913-9B25-D9EC64128D57} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated) Task: {BDDF6595-A1A3-42F2-9D03-474FA9CBC650} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {D0EDADF9-4A01-4254-9D41-D40B97401A8B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {D1B26571-4B28-4800-97D8-F55B8F0EB175} - System32\Tasks\SafeZone scheduled Autoupdate 1452366284 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software) Task: {D7B59B03-2FA9-4CBB-B0F4-47AC7A303123} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {D97F2DB2-BA09-4225-8AAE-8201753A71EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-10] (Google Inc.) Task: {DE20F9E1-FFA9-4DB7-86EA-2960E6284B2B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-20] (Microsoft Corporation) Task: {E65BBCF6-7621-49C4-B0B6-B1E3169F4DB4} - System32\Tasks\SafeZone scheduled Autoupdate 1458685729 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software) Task: {E883FB0E-8377-4836-A330-D7F83E9B8DD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {E8E3B91E-C159-4695-9523-B6E0FF7B272C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-30] (AVAST Software) Task: {F72F5F3D-7C5A-4160-A80A-57C25D1765CF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {FB512603-5E29-4042-92AD-F00704EAD5DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-20] (Microsoft Corporation) Task: {FFA4B6B6-FBD2-46CF-A37D-95B6F8476D37} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-12 20:49 - 2016-07-01 00:48 - 02656408 _____ () c:\windows\system32\CoreUIComponents.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-01-30 00:24 - 2016-07-03 07:04 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2016-04-20 01:24 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2015-12-27 22:26 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-04-20 01:24 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-04-20 01:24 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-04-20 01:24 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-04-20 01:24 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-04-20 01:24 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-01-22 00:41 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-07-12 20:49 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-12 20:49 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-08-08 15:12 - 2016-08-08 15:12 - 00959168 _____ () C:\Users\pahmadi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-05-17 20:31 - 2016-07-03 10:14 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2014-05-01 10:13 - 2016-07-20 22:58 - 00592384 _____ () C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX64.dll 2015-04-15 16:13 - 2015-04-15 16:13 - 00222720 _____ () E:\Notepad++\NppShell_06.dll 2016-01-06 12:41 - 2016-01-06 12:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll 2016-04-03 03:07 - 2016-04-03 03:07 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 20:50 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-04-20 01:24 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-04-20 01:24 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-04-20 17:51 - 2016-04-20 17:52 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-07-12 20:49 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-12 20:49 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-12 20:49 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-12 20:49 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-06-30 15:54 - 2016-06-30 15:54 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-08-11 15:45 - 2016-08-11 15:45 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16081106\algo.dll 2016-06-30 15:54 - 2016-06-30 15:54 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-06-30 15:54 - 2016-06-30 15:54 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-11-10 13:12 - 2014-11-10 13:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-12-10 23:21 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-05-17 20:31 - 2016-07-03 09:42 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll 2014-05-01 10:15 - 2016-07-20 22:58 - 00564224 _____ () C:\Users\pahmadi\AppData\Local\MEGAsync\ShellExtX32.dll 2016-08-08 17:49 - 2016-08-02 20:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-08 17:49 - 2016-08-02 20:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll 2016-04-20 17:51 - 2016-04-20 17:52 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-20 17:51 - 2016-04-20 17:52 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3840187337-3860288294-2545479360-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pahmadi\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: avast! Antivirus => 2 MSCONFIG\Services: AvastVBoxSvc => 3 MSCONFIG\Services: BFE => 2 MSCONFIG\Services: lfsvc => 3 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{12532985-8E2E-4E08-BD0B-5F51C6D1B918}] => (Block) E:\Games\WWE 2K16\WWE2K16.exe FirewallRules: [{524F7B37-3DAB-4C8B-9210-6BFB66ACB0D9}] => (Block) E:\Games\WWE 2K16\WWE2K16.exe FirewallRules: [{16677B84-4748-4237-B403-E469364BE627}] => (Block) %ProgramFiles%\Sony\Vegas Pro 12.0\vegas120.exe FirewallRules: [{C75099FD-5390-4559-8402-46DB636B455F}] => (Block) %ProgramFiles%\Sony\Vegas Pro 12.0\vegas120.exe FirewallRules: [{2BBA9712-5A40-4D84-A468-12E10347C57F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{3C2C5BEA-A485-452B-B949-F14A3F9A26A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F2C0810A-DCF7-4535-A50D-A1D1456D81E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{D2D16456-5462-43A5-9952-B86A731BEF1A}E:\games\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe] => (Allow) E:\games\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe FirewallRules: [TCP Query User{41A32F6C-725C-44AA-A33F-55A0DCF2FDC5}E:\games\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe] => (Allow) E:\games\mass effect 3.deluxe edition.v 1.5.5427.124 + 14 dlc\binaries\win32\masseffect3.exe FirewallRules: [UDP Query User{978D1139-1FC1-4243-923F-BEA0D15F4858}E:\games\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) E:\games\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe FirewallRules: [TCP Query User{AFBEE18E-242D-4129-9359-89A9D426F29A}E:\games\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) E:\games\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe FirewallRules: [UDP Query User{D0B18DAB-1886-4A2F-95CF-976AC12D838D}E:\games\mass effect 2\binaries\masseffect2.exe] => (Block) E:\games\mass effect 2\binaries\masseffect2.exe FirewallRules: [TCP Query User{C387CD3A-976C-4FE2-A43A-100D61105E8A}E:\games\mass effect 2\binaries\masseffect2.exe] => (Block) E:\games\mass effect 2\binaries\masseffect2.exe FirewallRules: [UDP Query User{C6319E23-8E89-4DBD-A16D-9D18815EDFFE}E:\games\grand theft auto v\gta5.exe] => (Block) E:\games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{46589999-D8D3-413C-9367-315AFCF8FB1B}E:\games\grand theft auto v\gta5.exe] => (Block) E:\games\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{7B70A298-F8C9-4FFA-ABA6-8BC9BEA6F9E1}E:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) E:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [TCP Query User{25E0CD3E-D64B-4D03-ABDF-159D0DAB5F17}E:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) E:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [{4B86F244-3CF5-4EE8-89D3-399EF653E8C1}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [{BE3A0F63-2D5A-419C-979C-9F7FF66162F1}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [UDP Query User{F3A8869C-2FD0-4FAB-9378-D7EAA12867AB}E:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Block) E:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe FirewallRules: [TCP Query User{3B9C4912-B9FF-41FA-A101-14A7746128CE}E:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe] => (Block) E:\program files (x86)\origin games\fifa 16 demo\fifa16_demo.exe FirewallRules: [UDP Query User{1099DD03-C3B6-46FE-B456-34236D2D1C41}E:\program files\deluge\deluge.exe] => (Block) E:\program files\deluge\deluge.exe FirewallRules: [TCP Query User{417CC0D1-BF2E-49E3-A7CD-9332F0E162BD}E:\program files\deluge\deluge.exe] => (Block) E:\program files\deluge\deluge.exe FirewallRules: [{C0035F1A-4351-448B-B6C7-B18D2FAA8CB7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{179DA074-1FAF-4DBF-84D5-C2DC74D1690F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{3DB5D397-B204-452C-880B-600000979E70}] => (Allow) C:\Users\pahmadi\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{88C51A6B-E858-474E-8B91-1F1D4544146E}] => (Allow) C:\Users\pahmadi\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8C0AC25C-317B-4A99-A39A-601F4D50DF8A}] => (Allow) C:\Users\pahmadi\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F9C66C01-FB83-4C11-9148-E6E3EF431F41}] => (Allow) C:\Users\pahmadi\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BB2FEC9F-C8C0-4FDA-9F53-F673519368CD}] => (Allow) C:\Users\pahmadi\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7921DCC1-A9EC-4E17-9699-9C06F169CF2D}] => (Allow) C:\Users\pahmadi\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{53340FB0-430E-48D2-975A-8629E682008F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{FA146FD5-EAE5-4D45-9A89-564DC41F81B1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{A6882C60-CA13-4CD0-A35D-4ED83A85E011}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{878AB48C-196F-4928-B019-9A1EE47529F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D8C889D6-15D6-4734-BF3E-D78FC7F8FC21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{8CE5FFE2-192E-4CDA-A327-6A82EB45867D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{2624D44D-E951-4818-B3D2-A05C13D528E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{31187DC1-BB7D-459F-BFB3-E8708B80D62C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{7C8B3530-4E30-4552-B34D-CE8824F4E03E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{69C86825-0EB8-4EF1-ACB5-DED432DA300B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{973A5728-39A3-445A-B02A-53254C878AC7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{A2A341C9-BEE9-4EC8-B47D-B603684241F5}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifa16.exe FirewallRules: [{4431F62C-829D-498E-9500-10F6F961B08C}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifa16.exe FirewallRules: [TCP Query User{E3D8EBF8-AC60-4308-9A6E-46D7D36C2365}E:\games\dishonored\binaries\win32\dishonored.exe] => (Block) E:\games\dishonored\binaries\win32\dishonored.exe FirewallRules: [UDP Query User{332770D5-E53D-4743-8A26-2805899A5A95}E:\games\dishonored\binaries\win32\dishonored.exe] => (Block) E:\games\dishonored\binaries\win32\dishonored.exe FirewallRules: [{D89E3131-F69B-4B4A-ABC7-D367B96222A1}] => (Allow) E:\SteamGames\steamapps\common\Knights of the Old Republic II\swkotor2.exe FirewallRules: [{6750CE87-3CC1-4B3C-9328-2F0C6BDCA554}] => (Allow) E:\SteamGames\steamapps\common\Knights of the Old Republic II\swkotor2.exe FirewallRules: [{CEE51D2C-6F58-4B44-80DF-7470B507D4F7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{E7715403-9932-4AF9-8953-BB02F2C4D663}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{06A73CF3-ABEF-4176-89D1-E807574C9970}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{A39AF055-600B-4253-B2EE-ECDB074B96DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{7E08FE27-CB5C-482A-A25C-619A1EAD9F45}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{72F3F686-5200-440A-81C2-CAF8AF62B920}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{D05F73FB-88F9-4AAE-BC0B-4358B2456875}] => (Allow) E:\SteamGames\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{FAFA0526-FAC1-47F4-A30B-1EE844DEF1E3}] => (Allow) E:\SteamGames\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{98C04D4E-6EFA-4B27-964C-97B953F3834F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E90ABA9B-BFCA-4476-9673-1EED03FEBBA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{479A758F-34EE-490E-A221-82B7A23CA629}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C7FE888D-076D-4A20-84AF-925C498F5EA7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{627A26E1-1584-483D-BC62-DBBA6A247927}] => (Allow) E:\iTunes.exe FirewallRules: [{93CBB83E-0C93-4305-9392-9D978371724C}] => (Allow) E:\SteamGames\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{10233B56-586B-4772-B3C2-858CF018A27A}] => (Allow) E:\SteamGames\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{75734CAC-C059-4420-AAD2-A28090C70C80}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [{39119A8F-C236-4AFE-9241-27FACC37C380}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe FirewallRules: [{72357AE1-B4F6-41EE-845A-62D898A90AEF}] => (Allow) E:\Just.Cause.3.XL.Edition.SteamRip-Fisher\Just Cause 3\Steam\Steam.exe FirewallRules: [{44D63FB1-C32C-4A37-8A64-E266B25D83CA}] => (Allow) E:\Just.Cause.3.XL.Edition.SteamRip-Fisher\Just Cause 3\Steam\Steam.exe FirewallRules: [{70A1569B-F366-480A-88B0-52A1FB6CEC6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 26-07-2016 16:37:40 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 03-08-2016 14:12:32 Scheduled Checkpoint 08-08-2016 16:36:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11-08-2016 17:16:03 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2016 04:45:15 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/11/2016 12:17:54 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/11/2016 03:27:42 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 52.0.2743.116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1654 Start Time: 01d1f34f9eccbdcf Termination Time: 12 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: 12a59c4a-5f95-11e6-828a-d8cb8a7af687 Faulting package full name: Faulting package-relative application ID: Error: (08/11/2016 02:04:49 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418220 Error: (08/10/2016 07:38:54 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/10/2016 04:37:26 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "SRH,type="win32",version="1.0.0.0"1". Dependent Assembly SRH,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (08/10/2016 12:33:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PouriaPC) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/10/2016 12:31:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PouriaPC) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/10/2016 12:29:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: PouriaPC) Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Error: (08/10/2016 12:20:37 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (08/11/2016 05:08:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Media Player Network Sharing Service service terminated with the following error: %%1008 Error: (08/11/2016 05:08:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroupListener service terminated with the following service-specific error: %%2147944153 Error: (08/11/2016 05:08:22 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error: (08/11/2016 05:07:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The WWAN AutoConfig service terminated with the following error: %%997 Error: (08/11/2016 05:07:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_4b922 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/11/2016 05:07:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/11/2016 05:07:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Error: (08/11/2016 05:07:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/11/2016 05:07:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/11/2016 05:07:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-08-10 12:02:32.167 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 02:04:52.215 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-28 00:25:15.871 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-20 13:15:10.537 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 14:51:44.857 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 10:49:53.942 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-13 11:32:24.051 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-10 21:40:29.796 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-28 16:40:03.656 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-21 12:47:06.464 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz Percentage of memory in use: 40% Total physical RAM: 8143.88 MB Available physical RAM: 4878.25 MB Total Virtual: 12751.88 MB Available Virtual: 8993.62 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:231.93 GB) (Free:169.21 GB) NTFS Drive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:284.44 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================