Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Crawford (22-08-2016 19:36:41)
Running from C:\Users\Crawford\Desktop
Windows 10 Home Version 1511 (X64) (2015-11-20 14:53:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1377893165-587043373-3523778680-500 - Administrator - Disabled)
Crawford (S-1-5-21-1377893165-587043373-3523778680-1002 - Administrator - Enabled) => C:\Users\Crawford
DefaultAccount (S-1-5-21-1377893165-587043373-3523778680-503 - Limited - Disabled)
Guest (S-1-5-21-1377893165-587043373-3523778680-501 - Limited - Disabled)
indot_000 (S-1-5-21-1377893165-587043373-3523778680-1114 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avast Antivirus Gratuit (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Baldur's Gate Enhanced Edition (HKLM-x32\...\Baldur's Gate Enhanced Edition) (Version: 0.2.3.0 - Beamdog)
Baldur's Gate II Enhanced Edition (HKLM-x32\...\Baldur's Gate II Enhanced Edition) (Version: 0.2.8.0 - Beamdog)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Cossacks Anthology (HKLM-x32\...\Cossacks Anthology_is1) (Version: - GOG.com)
Cossacks II (HKLM-x32\...\Cossacks II) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Diablo (HKLM-x32\...\Diablo) (Version: - )
Diablo (HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\Diablo) (Version: - )
Dropbox (HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
EA Installer (HKLM-x32\...\EA Installer.-1202606811) (Version: 2.2.0.62 - Electronic Arts, Inc.)
EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)
EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hellfire (HKLM-x32\...\Hellfire) (Version: - )
Heroes of Might and Magic IV: Winds of War (HKLM-x32\...\Heroes of Might and Magic IV) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 47.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 fr)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.56.1 - Black Tree Gaming)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA GeForce Experience 2.5.13.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.13.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{121727D5-FDF3-4723-BA57-EB383440ED72}) (Version: 4.11.9775 - Apache Software Foundation)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XnView 2.00 (HKLM-x32\...\XnView_is1) (Version: 2.00 - Gougelet Pierre-e)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Crawford\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04A2D2A5-7625-4BA0-BC94-4270EFE1C70B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-21] (Microsoft Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {34C00A4B-E65C-4703-A274-C917EC37BD3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4232EE16-2B9A-4510-9193-34E8247B6B8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {5BC4198A-CDEB-4599-8FE9-1EB0A86D11A8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5FB78F47-3511-4040-893D-AB70B0CD0791} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {727FF33D-5FF5-45CA-B162-78781AB89D59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {777A9CFD-12BC-4238-81E6-F1E763051FDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {89B57D88-1511-4554-B5CB-4C4C010C81E2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {91744975-C2F9-4A9C-81B4-045F4C5E52BD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {93B12FF7-077D-4CD3-B858-C7B335FB7595} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9905D83B-CBF2-4A0B-B91E-8F4548561965} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AB598790-0EE3-4D62-AEFF-AB02ED671D64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {AD5C65C9-231E-4092-997B-E173E640E0E6} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1377893165-587043373-3523778680-1002
Task: {B176D498-2306-4156-80D8-65DEB3FF57D2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BAC0428A-08FE-464A-9EC6-01E630A6EF5E} - System32\Tasks\SafeZone scheduled Autoupdate 1468488345 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {BE629B65-8EEC-424F-AA06-9D864F9EA80B} - System32\Tasks\avastBCLRestartS-1-5-21-1377893165-587043373-3523778680-1002 => Chrome.exe
Task: {C74D0ABE-E6BF-4902-8837-C5F062710D71} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-12] (AVAST Software)
Task: {D523BD26-9B12-4A31-BDE2-9E4B37630C7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D7D6602A-9808-465B-85EF-E367B240F0B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DEA569AB-3E50-40B9-8F53-1E2CD31FB357} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {EC95F4E8-FEE5-41DD-A3F4-11B6B1E11D4A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {F38E54D7-04A9-480B-9D5A-F4C61D13DF74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FE899730-96AD-43FD-AE61-5D10C7F206CB} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {FF2ADC3E-F5AE-4B50-B849-D200C8002740} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Crawford\AppData\Local\Microsoft\Windows\GameExplorer\{6A0B26EE-49C0-4990-BD48-60B1D9379346}\SupportTasks\0\Autres jeux de Microsoft.lnk -> hxxp://www.blizzard.com/diablo2/
Shortcut: C:\Users\Crawford\AppData\Local\Microsoft\Windows\GameExplorer\{28BECE37-5BB8-47FD-A5DD-CB02B0B17987}\SupportTasks\0\Autres jeux de Microsoft.lnk -> hxxp://www.blizzard.com/diablo2/
Shortcut: C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSC Game World\Cossacks II\Official Cossacks II Website .lnk -> hxxp://www.cossacks2.com/
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8e5c0db72600a899\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ghifackarapulyfinck
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-07-13 20:45 - 2015-07-13 20:45 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-11-20 16:17 - 2015-07-13 19:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-13 11:01 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-07-13 11:01 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-19 18:50 - 2016-04-19 18:51 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-17 21:18 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 11:05 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 11:05 - 2016-07-01 05:49 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-07-13 11:01 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 11:01 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 11:01 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 11:01 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 18:30 - 2015-07-10 18:30 - 00117920 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
2016-07-12 05:20 - 2016-07-12 05:20 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-12 05:20 - 2016-07-12 05:20 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-22 14:13 - 2016-08-22 14:13 - 03015680 _____ () C:\Program Files\AVAST Software\Avast\defs\16082200\algo.dll
2013-10-18 12:46 - 2013-10-18 12:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-04-19 18:50 - 2016-04-19 18:51 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 18:50 - 2016-04-19 18:51 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-07-13 20:45 - 2015-07-13 20:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-04-08 21:54 - 2015-08-18 01:31 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-08-24 18:17 - 2012-08-24 18:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2016-07-12 05:20 - 2016-07-12 05:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-10-06 01:27 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:AD022376 [276]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk [2444]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2016-06-27 18:06 - 00001065 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Crawford\Pictures\Wallpaper\184442.jpg
DNS Servers: 89.2.0.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "YouCam Service6"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "GameTracker"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EC749187-14AE-45BF-8DB0-3E4A620F0604}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B731702-704E-4F90-8C88-CE38C02AD6D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BC88437-EFAC-44E6-9A11-AF9BB550F8B2}] => (Allow) C:\Users\Crawford\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27960550-4D3D-4C26-A0F4-8DB5F32BB491}] => (Allow) C:\Users\Crawford\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{AE8DEB42-2875-47F9-9CD1-2C77C38262A4}C:\program files (x86)\baldur's gate enhanced edition\data\00766\baldur.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\data\00766\baldur.exe
FirewallRules: [TCP Query User{13F2CA68-9DDD-499D-984E-FEFC23D49599}C:\program files (x86)\baldur's gate enhanced edition\data\00766\baldur.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\data\00766\baldur.exe
FirewallRules: [UDP Query User{625F3084-B99B-490F-9481-42F8B2B8F2C7}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe
FirewallRules: [TCP Query User{871A75E1-95AF-4D8D-99CF-83A4092B964A}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe
FirewallRules: [UDP Query User{72A3CD17-EFFA-4B77-A04C-AA854C065BFF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5D2427B4-083C-4ADC-88AC-06277D53205B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0B477E56-EE5C-4870-A2F7-DBC6407290BD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8CBA6007-70A0-4162-9F5E-99EA5BB281AC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{267CE454-5B5D-4859-84A0-BE44468CABC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E2563E0A-80D2-4BEA-8912-D4F1D463060C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{404E589C-FCF2-451C-99AF-D9D68ACADEC5}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe
FirewallRules: [UDP Query User{B0A9E2E2-4A63-4F0E-9E09-B8B015247E0C}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe
FirewallRules: [TCP Query User{43323F34-536B-4764-B73E-83A8DB18C25A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D7E937B3-BC6F-4A9A-B468-E6DE0BC8F3B9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{656D8671-63E9-4DC5-BECD-DF7040976D01}C:\program files (x86)\baldur's gate ii enhanced edition\bg2ee.exe] => (Allow) C:\program files (x86)\baldur's gate ii enhanced edition\bg2ee.exe
FirewallRules: [UDP Query User{66336978-1B46-43F7-ADAB-23712C59F231}C:\program files (x86)\baldur's gate ii enhanced edition\bg2ee.exe] => (Allow) C:\program files (x86)\baldur's gate ii enhanced edition\bg2ee.exe
FirewallRules: [{BD6119F6-5F37-4744-98E3-158C2021E2C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7A8FEBE4-5C7F-4C22-9459-CA6BC9BB2240}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{040597AE-0908-4B2D-8FA9-9C8E1CA8A3DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0000AD6C-64D6-41F1-AA0A-D5540C630DE6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{363E7968-5B26-4C92-BD1E-C153FB5861DD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{B90B5D3A-CF3E-4427-9532-A6DBDDEEF919}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{C9ACCB51-A1E9-4347-BF82-D28A42417FFD}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{84D52FE5-B146-4030-B845-78DF38022D49}D:\games\left 4 dead 2 - v2.0.1.1 (patched for online gameplay) proper .full-rip. [blaze69]\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2 - v2.0.1.1 (patched for online gameplay) proper .full-rip. [blaze69]\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{D63C2FE9-EB28-4173-BD62-116C218876E2}D:\games\left 4 dead 2 - v2.0.1.1 (patched for online gameplay) proper .full-rip. [blaze69]\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2 - v2.0.1.1 (patched for online gameplay) proper .full-rip. [blaze69]\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [{6ACDAFF3-4892-4A8E-9222-17A985D10E3C}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{231BA3F2-EF03-4D41-92AF-2419830D214E}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{4DE2BDAC-0E0E-4A78-97C7-1C60F6394B43}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{692ACC0C-41AC-4994-8EE7-A69B0D441EC7}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{CBD58FC7-4E39-497E-A157-B06C76237B30}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5AD356B8-3400-47EA-AC37-0CB54657B513}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{4008B674-6341-43A2-B9B1-A267BAA90678}C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe] => (Allow) C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe
FirewallRules: [UDP Query User{3894098B-4D1E-4ABF-9228-8648EBEADBA0}C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe] => (Allow) C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe
FirewallRules: [{67C4153F-ADA0-4CAE-820A-726B49A5BFE1}] => (Block) C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe
FirewallRules: [{C456A7B6-B979-478E-BA96-1411B0F4739C}] => (Block) C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe
FirewallRules: [{E3FC7FA4-6E68-481C-8C00-85DAC7D92CFA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3FE14DED-A533-4BF4-AE8E-EF13590E3AC4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B7437DF6-9F24-4DF9-98D2-9895F433F302}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{868639DD-75A4-43A3-8E42-52DEE720ABCD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{33506F03-6724-479A-8A1C-CF1294F0227F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1C6EBDDE-5314-4868-986F-BBC938628B81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{9C27C7B4-C5A7-4B83-A65D-225E0793BD43}C:\users\crawford\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\crawford\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5C2E2E31-B0C3-4A31-B575-CA3D6DD50527}C:\users\crawford\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\crawford\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6D872F92-A9BE-4C7D-A9D1-0E9FB74FC4D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1DF56F1F-33FA-4AB0-8352-99C28DE13092}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F8923E4C-D637-4588-9B11-C1265798FCFD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A8394415-1E3D-426F-B9F4-84F4BE53893A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{17461EB2-81F5-4D8B-9C7C-5C4CA937A44E}] => (Allow) C:\Users\Crawford\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6282915-4800-4F5D-A4F1-B105795E2ED4}] => (Allow) C:\Users\Crawford\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{5E9F4086-C922-4F10-957F-6F81CBE76E02}D:\games\diablo ii\game.exe] => (Allow) D:\games\diablo ii\game.exe
FirewallRules: [UDP Query User{B9025BE6-81CF-4297-A508-CC48EBD7E2DA}D:\games\diablo ii\game.exe] => (Allow) D:\games\diablo ii\game.exe
FirewallRules: [{8020181D-7323-4C35-A2F3-699B03BB7D20}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5A1081F0-E208-4B36-A872-E324B29053C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{81808EEB-CD61-4B12-B35D-AD88C1E21947}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{16D0A9F2-EF89-49C6-A17C-0AFB91719C60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF727C38-C97B-4AF9-A4C0-B5CFC70437BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{38B1E2F2-1CEA-4019-8389-DA428B6588C3}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe
FirewallRules: [UDP Query User{60A5A159-C4E3-4DD6-A055-40F7F2FA8AAF}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe
FirewallRules: [{531F8FDE-C472-4A8E-9E9E-728E9311FE8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
03-08-2016 17:59:04 Scheduled Checkpoint
21-08-2016 23:11:02 Windows Update
21-08-2016 23:13:08 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/21/2016 11:31:55 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$IHR8
Error: (08/21/2016 11:13:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (08/21/2016 11:11:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (08/21/2016 01:22:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NAURA)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/05/2016 10:11:49 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$IHR8
Error: (08/04/2016 06:24:21 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$IHR8
Error: (08/03/2016 05:59:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (08/02/2016 10:00:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.494, time stamp: 0x5775e715
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000005
Fault offset: 0x000000000002fe34
Faulting process ID: 0x2fa8
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report ID: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5
Error: (08/02/2016 10:00:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: EMODEL.dll, version: 11.0.10586.494, time stamp: 0x5775e561
Exception code: 0xc0000409
Fault offset: 0x0000000000129baf
Faulting process ID: 0x1570
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report ID: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (08/02/2016 09:56:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: NAURA)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
System errors:
=============
Error: (08/22/2016 07:35:38 PM) (Source: DCOM) (EventID: 10010) (User: NAURA)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (08/22/2016 06:12:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2fb15 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/22/2016 06:12:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_2fb15 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/22/2016 06:12:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_2fb15 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/22/2016 06:12:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2fb15 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/22/2016 06:12:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (08/21/2016 06:20:32 PM) (Source: DCOM) (EventID: 10010) (User: NAURA)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (08/21/2016 06:20:02 PM) (Source: DCOM) (EventID: 10010) (User: NAURA)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (08/21/2016 06:19:32 PM) (Source: DCOM) (EventID: 10010) (User: NAURA)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (08/21/2016 04:01:20 PM) (Source: DCOM) (EventID: 10010) (User: NAURA)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
CodeIntegrity:
===================================
Date: 2016-08-22 06:21:25.329
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-15 03:17:04.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-14 11:26:17.512
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-14 09:59:05.666
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.601
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.523
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.457
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.370
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.303
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.222
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 6021.53 MB
Available physical RAM: 3677.93 MB
Total Virtual: 6981.53 MB
Available Virtual: 4518.06 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:138.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:398.18 GB) (Free:21.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: B2973CD1)
Partition: GPT.
==================== End of Addition.txt ============================
Ran by Crawford (22-08-2016 19:36:41)
Running from C:\Users\Crawford\Desktop
Windows 10 Home Version 1511 (X64) (2015-11-20 14:53:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1377893165-587043373-3523778680-500 - Administrator - Disabled)
Crawford (S-1-5-21-1377893165-587043373-3523778680-1002 - Administrator - Enabled) => C:\Users\Crawford
DefaultAccount (S-1-5-21-1377893165-587043373-3523778680-503 - Limited - Disabled)
Guest (S-1-5-21-1377893165-587043373-3523778680-501 - Limited - Disabled)
indot_000 (S-1-5-21-1377893165-587043373-3523778680-1114 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avast Antivirus Gratuit (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Baldur's Gate Enhanced Edition (HKLM-x32\...\Baldur's Gate Enhanced Edition) (Version: 0.2.3.0 - Beamdog)
Baldur's Gate II Enhanced Edition (HKLM-x32\...\Baldur's Gate II Enhanced Edition) (Version: 0.2.8.0 - Beamdog)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Cossacks Anthology (HKLM-x32\...\Cossacks Anthology_is1) (Version: - GOG.com)
Cossacks II (HKLM-x32\...\Cossacks II) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Diablo (HKLM-x32\...\Diablo) (Version: - )
Diablo (HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\Diablo) (Version: - )
Dropbox (HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
EA Installer (HKLM-x32\...\EA Installer.-1202606811) (Version: 2.2.0.62 - Electronic Arts, Inc.)
EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)
EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hellfire (HKLM-x32\...\Hellfire) (Version: - )
Heroes of Might and Magic IV: Winds of War (HKLM-x32\...\Heroes of Might and Magic IV) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 47.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 fr)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.56.1 - Black Tree Gaming)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA GeForce Experience 2.5.13.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.13.6 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{121727D5-FDF3-4723-BA57-EB383440ED72}) (Version: 4.11.9775 - Apache Software Foundation)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XnView 2.00 (HKLM-x32\...\XnView_is1) (Version: 2.00 - Gougelet Pierre-e)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Crawford\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1377893165-587043373-3523778680-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Crawford\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04A2D2A5-7625-4BA0-BC94-4270EFE1C70B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-21] (Microsoft Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {34C00A4B-E65C-4703-A274-C917EC37BD3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4232EE16-2B9A-4510-9193-34E8247B6B8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {5BC4198A-CDEB-4599-8FE9-1EB0A86D11A8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5FB78F47-3511-4040-893D-AB70B0CD0791} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {727FF33D-5FF5-45CA-B162-78781AB89D59} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {777A9CFD-12BC-4238-81E6-F1E763051FDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {89B57D88-1511-4554-B5CB-4C4C010C81E2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {91744975-C2F9-4A9C-81B4-045F4C5E52BD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {93B12FF7-077D-4CD3-B858-C7B335FB7595} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9905D83B-CBF2-4A0B-B91E-8F4548561965} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AB598790-0EE3-4D62-AEFF-AB02ED671D64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {AD5C65C9-231E-4092-997B-E173E640E0E6} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1377893165-587043373-3523778680-1002
Task: {B176D498-2306-4156-80D8-65DEB3FF57D2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BAC0428A-08FE-464A-9EC6-01E630A6EF5E} - System32\Tasks\SafeZone scheduled Autoupdate 1468488345 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {BE629B65-8EEC-424F-AA06-9D864F9EA80B} - System32\Tasks\avastBCLRestartS-1-5-21-1377893165-587043373-3523778680-1002 => Chrome.exe
Task: {C74D0ABE-E6BF-4902-8837-C5F062710D71} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-12] (AVAST Software)
Task: {D523BD26-9B12-4A31-BDE2-9E4B37630C7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D7D6602A-9808-465B-85EF-E367B240F0B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DEA569AB-3E50-40B9-8F53-1E2CD31FB357} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {EC95F4E8-FEE5-41DD-A3F4-11B6B1E11D4A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {F38E54D7-04A9-480B-9D5A-F4C61D13DF74} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FE899730-96AD-43FD-AE61-5D10C7F206CB} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {FF2ADC3E-F5AE-4B50-B849-D200C8002740} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Crawford\AppData\Local\Microsoft\Windows\GameExplorer\{6A0B26EE-49C0-4990-BD48-60B1D9379346}\SupportTasks\0\Autres jeux de Microsoft.lnk -> hxxp://www.blizzard.com/diablo2/
Shortcut: C:\Users\Crawford\AppData\Local\Microsoft\Windows\GameExplorer\{28BECE37-5BB8-47FD-A5DD-CB02B0B17987}\SupportTasks\0\Autres jeux de Microsoft.lnk -> hxxp://www.blizzard.com/diablo2/
Shortcut: C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSC Game World\Cossacks II\Official Cossacks II Website .lnk -> hxxp://www.cossacks2.com/
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Chrome App Launcher.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Crawford\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8e5c0db72600a899\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ghifackarapulyfinck
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> "hxxp://safesurfs.net/?ssid=1470118706&a=1024132&src=sh&uuid=4c7d8fad-d4e6-444d-8311-31bfa53cfcac"
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-07-13 20:45 - 2015-07-13 20:45 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-11-20 16:17 - 2015-07-13 19:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-13 11:01 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-07-13 11:01 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-19 18:50 - 2016-04-19 18:51 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-17 21:18 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 11:05 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 11:05 - 2016-07-01 05:49 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-07-13 11:01 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 11:01 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 11:01 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 11:01 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 18:30 - 2015-07-10 18:30 - 00117920 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
2016-07-12 05:20 - 2016-07-12 05:20 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-12 05:20 - 2016-07-12 05:20 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-22 14:13 - 2016-08-22 14:13 - 03015680 _____ () C:\Program Files\AVAST Software\Avast\defs\16082200\algo.dll
2013-10-18 12:46 - 2013-10-18 12:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-04-19 18:50 - 2016-04-19 18:51 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 18:50 - 2016-04-19 18:51 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-07-13 20:45 - 2015-07-13 20:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-04-08 21:54 - 2015-08-18 01:31 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2012-08-24 18:17 - 2012-08-24 18:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2016-07-12 05:20 - 2016-07-12 05:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-10-06 01:27 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:AD022376 [276]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk [2444]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2016-06-27 18:06 - 00001065 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Crawford\Pictures\Wallpaper\184442.jpg
DNS Servers: 89.2.0.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "YouCam Service6"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "GameTracker"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1377893165-587043373-3523778680-1002\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EC749187-14AE-45BF-8DB0-3E4A620F0604}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B731702-704E-4F90-8C88-CE38C02AD6D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BC88437-EFAC-44E6-9A11-AF9BB550F8B2}] => (Allow) C:\Users\Crawford\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27960550-4D3D-4C26-A0F4-8DB5F32BB491}] => (Allow) C:\Users\Crawford\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{AE8DEB42-2875-47F9-9CD1-2C77C38262A4}C:\program files (x86)\baldur's gate enhanced edition\data\00766\baldur.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\data\00766\baldur.exe
FirewallRules: [TCP Query User{13F2CA68-9DDD-499D-984E-FEFC23D49599}C:\program files (x86)\baldur's gate enhanced edition\data\00766\baldur.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\data\00766\baldur.exe
FirewallRules: [UDP Query User{625F3084-B99B-490F-9481-42F8B2B8F2C7}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe
FirewallRules: [TCP Query User{871A75E1-95AF-4D8D-99CF-83A4092B964A}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe
FirewallRules: [UDP Query User{72A3CD17-EFFA-4B77-A04C-AA854C065BFF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5D2427B4-083C-4ADC-88AC-06277D53205B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0B477E56-EE5C-4870-A2F7-DBC6407290BD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8CBA6007-70A0-4162-9F5E-99EA5BB281AC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{267CE454-5B5D-4859-84A0-BE44468CABC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E2563E0A-80D2-4BEA-8912-D4F1D463060C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{404E589C-FCF2-451C-99AF-D9D68ACADEC5}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe
FirewallRules: [UDP Query User{B0A9E2E2-4A63-4F0E-9E09-B8B015247E0C}C:\program files (x86)\baldur's gate enhanced edition\bgee.exe] => (Allow) C:\program files (x86)\baldur's gate enhanced edition\bgee.exe
FirewallRules: [TCP Query User{43323F34-536B-4764-B73E-83A8DB18C25A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D7E937B3-BC6F-4A9A-B468-E6DE0BC8F3B9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{656D8671-63E9-4DC5-BECD-DF7040976D01}C:\program files (x86)\baldur's gate ii enhanced edition\bg2ee.exe] => (Allow) C:\program files (x86)\baldur's gate ii enhanced edition\bg2ee.exe
FirewallRules: [UDP Query User{66336978-1B46-43F7-ADAB-23712C59F231}C:\program files (x86)\baldur's gate ii enhanced edition\bg2ee.exe] => (Allow) C:\program files (x86)\baldur's gate ii enhanced edition\bg2ee.exe
FirewallRules: [{BD6119F6-5F37-4744-98E3-158C2021E2C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7A8FEBE4-5C7F-4C22-9459-CA6BC9BB2240}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{040597AE-0908-4B2D-8FA9-9C8E1CA8A3DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0000AD6C-64D6-41F1-AA0A-D5540C630DE6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{363E7968-5B26-4C92-BD1E-C153FB5861DD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{B90B5D3A-CF3E-4427-9532-A6DBDDEEF919}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{C9ACCB51-A1E9-4347-BF82-D28A42417FFD}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{84D52FE5-B146-4030-B845-78DF38022D49}D:\games\left 4 dead 2 - v2.0.1.1 (patched for online gameplay) proper .full-rip. [blaze69]\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2 - v2.0.1.1 (patched for online gameplay) proper .full-rip. [blaze69]\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{D63C2FE9-EB28-4173-BD62-116C218876E2}D:\games\left 4 dead 2 - v2.0.1.1 (patched for online gameplay) proper .full-rip. [blaze69]\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) D:\games\left 4 dead 2 - v2.0.1.1 (patched for online gameplay) proper .full-rip. [blaze69]\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [{6ACDAFF3-4892-4A8E-9222-17A985D10E3C}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{231BA3F2-EF03-4D41-92AF-2419830D214E}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{4DE2BDAC-0E0E-4A78-97C7-1C60F6394B43}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{692ACC0C-41AC-4994-8EE7-A69B0D441EC7}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{CBD58FC7-4E39-497E-A157-B06C76237B30}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5AD356B8-3400-47EA-AC37-0CB54657B513}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{4008B674-6341-43A2-B9B1-A267BAA90678}C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe] => (Allow) C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe
FirewallRules: [UDP Query User{3894098B-4D1E-4ABF-9228-8648EBEADBA0}C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe] => (Allow) C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe
FirewallRules: [{67C4153F-ADA0-4CAE-820A-726B49A5BFE1}] => (Block) C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe
FirewallRules: [{C456A7B6-B979-478E-BA96-1411B0F4739C}] => (Block) C:\program files (x86)\baldur's gate ii enhanced edition\data\00783\baldur.exe
FirewallRules: [{E3FC7FA4-6E68-481C-8C00-85DAC7D92CFA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3FE14DED-A533-4BF4-AE8E-EF13590E3AC4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B7437DF6-9F24-4DF9-98D2-9895F433F302}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{868639DD-75A4-43A3-8E42-52DEE720ABCD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{33506F03-6724-479A-8A1C-CF1294F0227F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1C6EBDDE-5314-4868-986F-BBC938628B81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{9C27C7B4-C5A7-4B83-A65D-225E0793BD43}C:\users\crawford\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\crawford\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5C2E2E31-B0C3-4A31-B575-CA3D6DD50527}C:\users\crawford\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\crawford\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6D872F92-A9BE-4C7D-A9D1-0E9FB74FC4D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1DF56F1F-33FA-4AB0-8352-99C28DE13092}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F8923E4C-D637-4588-9B11-C1265798FCFD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A8394415-1E3D-426F-B9F4-84F4BE53893A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{17461EB2-81F5-4D8B-9C7C-5C4CA937A44E}] => (Allow) C:\Users\Crawford\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6282915-4800-4F5D-A4F1-B105795E2ED4}] => (Allow) C:\Users\Crawford\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{5E9F4086-C922-4F10-957F-6F81CBE76E02}D:\games\diablo ii\game.exe] => (Allow) D:\games\diablo ii\game.exe
FirewallRules: [UDP Query User{B9025BE6-81CF-4297-A508-CC48EBD7E2DA}D:\games\diablo ii\game.exe] => (Allow) D:\games\diablo ii\game.exe
FirewallRules: [{8020181D-7323-4C35-A2F3-699B03BB7D20}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5A1081F0-E208-4B36-A872-E324B29053C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{81808EEB-CD61-4B12-B35D-AD88C1E21947}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{16D0A9F2-EF89-49C6-A17C-0AFB91719C60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CF727C38-C97B-4AF9-A4C0-B5CFC70437BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{38B1E2F2-1CEA-4019-8389-DA428B6588C3}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe
FirewallRules: [UDP Query User{60A5A159-C4E3-4DD6-A055-40F7F2FA8AAF}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe
FirewallRules: [{531F8FDE-C472-4A8E-9E9E-728E9311FE8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
03-08-2016 17:59:04 Scheduled Checkpoint
21-08-2016 23:11:02 Windows Update
21-08-2016 23:13:08 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/21/2016 11:31:55 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$IHR8
Error: (08/21/2016 11:13:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (08/21/2016 11:11:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (08/21/2016 01:22:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NAURA)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/05/2016 10:11:49 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$IHR8
Error: (08/04/2016 06:24:21 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$IHR8
Error: (08/03/2016 05:59:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (08/02/2016 10:00:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.494, time stamp: 0x5775e715
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000005
Fault offset: 0x000000000002fe34
Faulting process ID: 0x2fa8
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report ID: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5
Error: (08/02/2016 10:00:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: EMODEL.dll, version: 11.0.10586.494, time stamp: 0x5775e561
Exception code: 0xc0000409
Fault offset: 0x0000000000129baf
Faulting process ID: 0x1570
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report ID: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (08/02/2016 09:56:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: NAURA)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
System errors:
=============
Error: (08/22/2016 07:35:38 PM) (Source: DCOM) (EventID: 10010) (User: NAURA)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (08/22/2016 06:12:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2fb15 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/22/2016 06:12:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_2fb15 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/22/2016 06:12:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_2fb15 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/22/2016 06:12:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2fb15 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/22/2016 06:12:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (08/21/2016 06:20:32 PM) (Source: DCOM) (EventID: 10010) (User: NAURA)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (08/21/2016 06:20:02 PM) (Source: DCOM) (EventID: 10010) (User: NAURA)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (08/21/2016 06:19:32 PM) (Source: DCOM) (EventID: 10010) (User: NAURA)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (08/21/2016 04:01:20 PM) (Source: DCOM) (EventID: 10010) (User: NAURA)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
CodeIntegrity:
===================================
Date: 2016-08-22 06:21:25.329
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-15 03:17:04.195
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-14 11:26:17.512
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-14 09:59:05.666
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.601
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.523
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.457
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.370
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.303
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-14 09:59:05.222
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 6021.53 MB
Available physical RAM: 3677.93 MB
Total Virtual: 6981.53 MB
Available Virtual: 4518.06 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:138.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:398.18 GB) (Free:21.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: B2973CD1)
Partition: GPT.
==================== End of Addition.txt ============================