Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by Ruthan (20-02-2017 02:43:51)
Running from C:\Users\Ruthan\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-11-22 14:59:18)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-898345549-4091288585-2178738310-500 - Administrator - Disabled)
ETB User (S-1-5-21-898345549-4091288585-2178738310-1001 - Administrator - Enabled) => C:\Users\ETB User
Guest (S-1-5-21-898345549-4091288585-2178738310-501 - Limited - Disabled)
Ruthan (S-1-5-21-898345549-4091288585-2178738310-1000 - Administrator - Enabled) => C:\Users\Ruthan
tUser (S-1-5-21-898345549-4091288585-2178738310-1007 - Administrator - Enabled) => C:\Users\tUser
___VMware_Conv_SA___ (S-1-5-21-898345549-4091288585-2178738310-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.187 - Acronis)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Ansel (Version: 375.95 - NVIDIA Corporation) Hidden
APP Center (HKLM-x32\...\InstallShield_{B164E11B-19B5-432F-ABFA-2D50746C9E50}) (Version: 1.00.1510.2101 - GIGABYTE)
APP Center (x32 Version: 1.00.1510.2101 - GIGABYTE) Hidden
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 11.9.0.27 - Avant Force)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Call of Cthulhu: Dark Corners of the Earth (HKLM\...\Steam App 22340) (Version:  - Headfirst Productions)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CDBurnerXP (HKLM-x32\...\{5932A5C4-BB44-4CFB-AD66-1B826F4D788B}) (Version: 4.3.8.2568 - Canneverbe Limited)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Clink v0.4.2 (HKLM-x32\...\clink_0.4.2) (Version: 0.4.2 - Martin Ridgers)
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
CrystalDiskInfo 6.8.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.8.2 - Crystal Dew World)
CrystalDiskMark 5.1.2 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.1.2 - Crystal Dew World)
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - id Software)
DOOM Demo (HKLM\...\Steam App 479030) (Version:  - id Software)
Drakensang The River of Time (HKLM\...\Steam App 33770) (Version:  - DTP)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.15.1022 - GIGABYTE)
EasyTune (x32 Version: 1.15.1022 - GIGABYTE) Hidden
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKU\S-1-5-21-898345549-4091288585-2178738310-1000\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Heroes of Might & Magic V (HKLM\...\Steam App 15170) (Version:  - Nival)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Network Connections 20.7.67.0 (HKLM\...\PROSetDX) (Version: 20.7.67.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4352 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.4.51 - Intel Corporation)
Ishar - Legend of the Fortress (HKLM-x32\...\1207662343_is1) (Version: 2.1.0.25 - GOG.com)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
JetBrains TeamCity 8.1.5 (HKLM-x32\...\JetBrains TeamCity) (Version: 8.1.5 (build 30240) - JetBrains s.r.o.)
JetBrains TeamCity Tray Notifier (HKLM-x32\...\{C457F35B-3554-426E-BE2E-0601ED8E4637}) (Version: 8.0.294 - JetBrains s.r.o.)
Kingdom Come: Deliverance (Beta Access) (HKLM\...\Steam App 286860) (Version:  - )
Kodi (HKU\S-1-5-21-898345549-4091288585-2178738310-1000\...\Kodi) (Version:  - XBMC-Foundation)
LIMBO (HKLM\...\Steam App 48000) (Version:  - Playdead)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Loki (HKLM-x32\...\Steam App 7260) (Version:  - Cyanide Studios)
Macrium Reflect Free Edition (HKLM\...\{987468EF-5281-47EA-A5C6-A4EF6F49F2FB}) (Version: 5.0.4196 - Paramount Software (UK) Ltd.)
Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version:  - 4A Games)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\{790E02A1-145A-3843-8C13-A4F41C9B48B7}) (Version:  - )
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
NHL™ 09 (HKLM-x32\...\{3C27AAE0-37AF-11DD-AE16-0800200C9A66}) (Version: 2.0.1.0 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.3 - )
NVIDIA Graphics Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Omikron - The Nomad Soul (HKLM\...\Steam App 243000) (Version:  - Quantic Dream)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 41.0.2353.56 (HKLM-x32\...\Opera 41.0.2353.56) (Version: 41.0.2353.56 - Opera Software)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PureSync (x32 Version: 4.0.0 - Jumping Bytes) Hidden
PureSync 4.0.0 (HKLM-x32\...\PureSync) (Version: 4.0.0 - Jumping Bytes)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Quake 3 Arena Demo (HKLM-x32\...\Quake 3 Arena Demo) (Version:  - )
Quake III Arena (HKLM-x32\...\Steam App 2200) (Version:  - id Software)
Rayman Legends Demo (HKLM\...\Steam App 243340) (Version:  - )
Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version:  - Ubisoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Robinson's Requiem (HKLM-x32\...\1207662373_is1) (Version: 2.1.0.5 - GOG.com)
S.T.A.L.K.E.R.: Clear Sky (HKLM\...\Steam App 20510) (Version:  - GSC Game World)
Saints Row: The Third (HKLM\...\Steam App 55230) (Version:  - Volition)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
SimCity 4 Deluxe (HKLM\...\Steam App 24780) (Version:  - EA - Maxis)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Fighter IV (HKLM-x32\...\Steam App 21660) (Version:  - Capcom)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Saboteur™ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
TightVNC 2.0.3 (HKLM-x32\...\TightVNC) (Version: 2.0.3 - GlavSoft LLC.)
TortoiseHg 3.2.1 (x64) (HKLM\...\{E287B8A7-D3E0-4B9F-ADFF-A3658D3A3159}) (Version: 3.2.1 - Steve Borho and others)
Trine 2 (HKLM\...\Steam App 35720) (Version:  - Frozenbyte)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unity Web Player (HKU\S-1-5-21-898345549-4091288585-2178738310-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Tournament 3: Black Edition (HKLM-x32\...\Steam App 13210) (Version:  - Epic Games, Inc.)
Unreal Tournament: Game of the Year Edition (HKLM\...\Steam App 13240) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VBoxVmService 5.1-Plum (HKLM-x32\...\{BAD2E2CE-479E-4FE9-BDCA-D9A5C0ABB566}_is1) (Version: 5.1-Plum - VBoxVmService Developmenet Team)
Vhd Resizer (HKLM-x32\...\{8FAA57C5-7BD1-4285-B4B1-36D7337D7BE5}) (Version: 1.0.42 - Xcarab)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.4 - VMware, Inc)
VMware Player (Version: 7.1.4 - VMware, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wasteland 2: Director's Cut (HKLM-x32\...\Steam App 404730) (Version:  - inXile Entertainment)
Winamp (HKLM-x32\...\Winamp) (Version: 5.62  - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-898345549-4091288585-2178738310-1000\...\ChromeHTML: -> C:\Users\Ruthan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ruthan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Ruthan\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Ruthan\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ruthan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Ruthan\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ruthan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ruthan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ruthan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ruthan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ruthan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}\InprocServer32 -> C:\Program Files\Macrium\Reflect\RShellExt.dll (Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Ruthan\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ruthan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-898345549-4091288585-2178738310-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ruthan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5FA9CA44-179D-4EFD-AADC-5CDF4861A9D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {807149B0-04A8-49B8-84D5-BBD2C1CB6F35} - System32\Tasks\CAM => C:\Programs\NZXT CAM\CAM_Client_V3.exe 
Task: {C15F8E8F-C064-4FEB-AF1A-4C3ACC1A2649} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => %windir%\system32\gatherWiredInfo.vbs 
Task: {C28278BF-1ABF-4595-BB2A-15201DDF25E3} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => %windir%\system32\gatherWirelessInfo.vbs 
Task: {E9C2CE51-B6BD-43C2-B581-AA484B087517} - System32\Tasks\Truecrypt Connect => "C:\Users\Ruthan\Desktop\truecrypt connect volume by cmd.exe" 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ruthan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Benchmarks\Heaven Benchmark 4.0\Heaven Benchmark 4.0.lnk -> C:\Programs\Unigine\Heaven Benchmark\heaven.bat ()
Shortcut: C:\Users\Ruthan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Subsystem for UNIX-based Applications\Download Utilities for Subsystem for UNIX-based Applications.lnk -> hxxp://go.microsoft.com/fwlink/?LinkId=5912

==================== Loaded Modules (Whitelisted) ==============

2011-07-18 22:04 - 2011-07-18 22:04 - 00301568 _____ () C:\Programy\Notepad++\NppShell_04.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-898345549-4091288585-2178738310-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.0.0.138 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: EMDMgmt => 2
MSCONFIG\Services: WinDefend => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: GalaxyClient => C:\Programs\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
MSCONFIG\startupreg: Google Update => "C:\Users\Ruthan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [{13C2ADB6-C145-4357-8E56-ADCFC36BA854}] => (Allow) C:\Programy\EaseUS Todo Backup\bin\Agent.exe
FirewallRules: [{A5E68A19-E663-40EB-892A-CABD4080E9E4}] => (Allow) C:\Programy\EaseUS Todo Backup\bin\Agent.exe
FirewallRules: [UDP Query User{E9254896-5265-40B7-8FD3-967B328F54BA}D:\kodi\kodi.exe] => (Allow) D:\kodi\kodi.exe
FirewallRules: [TCP Query User{A85369D1-1066-47D0-A624-8E9FAD18DB50}D:\kodi\kodi.exe] => (Allow) D:\kodi\kodi.exe
FirewallRules: [UDP Query User{0B4BE96F-670C-4E79-AB10-A9AA532D3D45}C:\teamcity\jre\bin\javaw.exe] => (Allow) C:\teamcity\jre\bin\javaw.exe
FirewallRules: [TCP Query User{0601F615-0F48-48B3-A789-674B14AD5494}C:\teamcity\jre\bin\javaw.exe] => (Allow) C:\teamcity\jre\bin\javaw.exe
FirewallRules: [UDP Query User{F9C79C29-F613-4C1C-AF7A-45E828544483}C:\teamcity\buildagent\jre\bin\javaw.exe] => (Allow) C:\teamcity\buildagent\jre\bin\javaw.exe
FirewallRules: [TCP Query User{88AB81AC-D75B-4687-B1D2-FEA04ACA95CE}C:\teamcity\buildagent\jre\bin\javaw.exe] => (Allow) C:\teamcity\buildagent\jre\bin\javaw.exe
FirewallRules: [UDP Query User{26717C74-CB8A-465B-8251-0C84F113EC59}D:\unity\unity4.2\editor\unity.exe] => (Block) D:\unity\unity4.2\editor\unity.exe
FirewallRules: [TCP Query User{54B38132-144D-435F-9C0D-6032BAA3E193}D:\unity\unity4.2\editor\unity.exe] => (Block) D:\unity\unity4.2\editor\unity.exe
FirewallRules: [UDP Query User{B98EC01E-FC53-4D15-944C-8B335DBAC9EB}X:\games\quake 3 arena demo\quake3.exe] => (Allow) X:\games\quake 3 arena demo\quake3.exe
FirewallRules: [TCP Query User{E22A5F88-7874-499E-BEEA-E3AEC0AC88BA}X:\games\quake 3 arena demo\quake3.exe] => (Allow) X:\games\quake 3 arena demo\quake3.exe
FirewallRules: [{695A51D4-F816-4A7F-87D4-DCF3D91C569F}] => (Allow) C:\Programy\EaseUS Todo Backup\bin\Loader.exe
FirewallRules: [{7F2402AF-5153-4CCB-98FE-BF2BC289E189}] => (Allow) C:\Programy\EaseUS Todo Backup\bin\Loader.exe
FirewallRules: [{37420449-3068-46F0-99E2-9AE5F47686FC}] => (Allow) C:\Programy\EaseUS Todo Backup\bin\Agent.exe
FirewallRules: [{109B8542-A845-4EE5-9940-FD200AA4B70F}] => (Allow) C:\Programy\EaseUS Todo Backup\bin\Agent.exe
FirewallRules: [UDP Query User{0FE70C0C-342F-4B4E-8C83-7876F95B19DE}C:\programy\unity\editor\unity.exe] => (Allow) C:\programy\unity\editor\unity.exe
FirewallRules: [TCP Query User{1DF0C073-D702-4588-AE06-B15D9F6941BE}C:\programy\unity\editor\unity.exe] => (Allow) C:\programy\unity\editor\unity.exe
FirewallRules: [{16B2E7ED-89C6-4072-88F6-D3F589ECE04A}] => (Allow) D:\!NAS\utorrent\uTorrent.exe
FirewallRules: [{C9179EFC-7223-4AD7-9B33-E530B2D29949}] => (Allow) D:\!NAS\utorrent\uTorrent.exe
FirewallRules: [{C1AD4050-6ABE-41E7-ACB2-AFBCE19D93AF}] => (Allow) LPort=80
FirewallRules: [{D086BEAE-454F-4851-B3A4-60871BAE9000}] => (Allow) LPort=989
FirewallRules: [{A5529E6B-EF1F-46AC-B7B3-A3E81EC47C79}] => (Allow) LPort=9
FirewallRules: [{C88A0F06-B7D8-4988-A331-2F1F5523F1B2}] => (Allow) LPort=7
FirewallRules: [UDP Query User{4A4CFC1B-8F53-4231-9FC9-1ABEB72849E8}C:\program files (x86)\gigabyte\smart6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\smart6\updexe.exe
FirewallRules: [TCP Query User{E8F07D8B-7505-43F2-B608-F02BA4300A6D}C:\program files (x86)\gigabyte\smart6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\smart6\updexe.exe
FirewallRules: [UDP Query User{E5CE68B1-8B66-403E-8D15-B7B456CC746A}C:\program files (x86)\gigabyte\coc\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\coc\gbtupd.exe
FirewallRules: [TCP Query User{46F9FC4D-7323-4CCE-9AFF-FA377E0916F2}C:\program files (x86)\gigabyte\coc\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\coc\gbtupd.exe
FirewallRules: [UDP Query User{A3947FF9-6465-4A90-8FFC-632F9C2F75C2}C:\program files (x86)\gigabyte\coc\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\coc\updexe.exe
FirewallRules: [TCP Query User{5D21B224-00BD-40D3-9201-340206E581A3}C:\program files (x86)\gigabyte\coc\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\coc\updexe.exe
FirewallRules: [{C5ACABD6-82D1-4C2B-9E46-C85604533DE5}] => (Allow) LPort=20
FirewallRules: [{D8D4A25D-D21C-40E0-A3CD-01540F9B74CE}] => (Allow) LPort=990
FirewallRules: [{E17EBEA3-5CC5-45F1-98E1-B0C20A41A32A}] => (Allow) LPort=21
FirewallRules: [{DDF5049F-DEAB-4EB8-86FB-9E2A8E82D9E1}] => (Allow) LPort=5555
FirewallRules: [{6DE00F96-632D-457C-98E5-2240F3D81FC2}] => (Allow) C:\Programy\FreeCommander\FreeCommander.exe
FirewallRules: [{41ADAD6D-9EE8-4AD7-A53F-68C053B2B4DA}] => (Allow) C:\Programy\FreeCommander\FreeCommander.exe
FirewallRules: [{58EECB02-7651-425F-ACE3-482F8F6D20C2}] => (Allow) C:\Program Files (x86)\GIGABYTE\COC\Run.exe
FirewallRules: [{0AAE9F6C-9EAF-4F2F-B81B-303007C33B76}] => (Allow) C:\Program Files (x86)\GIGABYTE\COC\Run.exe
FirewallRules: [UDP Query User{579E7040-AC0A-410A-8DC5-DD378BED088B}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{372D0941-52BB-4010-B5B2-3DD55C80B436}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{5390777C-5DFD-4917-A12A-E069F8907AC3}D:\games\quake 3 arena demo\quake3.exe] => (Allow) D:\games\quake 3 arena demo\quake3.exe
FirewallRules: [TCP Query User{C7A4CFCD-C8B2-4961-A256-6E9FC016F7D7}D:\games\quake 3 arena demo\quake3.exe] => (Allow) D:\games\quake 3 arena demo\quake3.exe
FirewallRules: [{D5CAAA6A-6A4D-4C13-935C-8A05091D0D84}] => (Allow) C:\Programy\TightVNC\vncviewer.exe
FirewallRules: [{010EE8D4-C887-4C63-A003-6F1DEB8DB413}] => (Allow) C:\Programy\TightVNC\vncviewer.exe
FirewallRules: [{D7E37515-20F3-41DC-9B8E-40A6C519592A}] => (Allow) C:\Programy\TightVNC\tvnserver.exe
FirewallRules: [{A306E4E3-1A39-46BC-8035-0135E965522E}] => (Allow) C:\Programy\TightVNC\tvnserver.exe
FirewallRules: [UDP Query User{D3E7CE86-1AA8-49FF-A9FF-BFEE3456EEBC}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [TCP Query User{32D7954E-66CA-46D9-A802-CA967D255104}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{26E2F5BF-E173-457A-B265-D1706C51A4C2}C:\program files (x86)\gigabyte\@bios\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gbtupd.exe
FirewallRules: [TCP Query User{BB93C5A4-94A0-48B8-B50A-5B2324C1FEC6}C:\program files (x86)\gigabyte\@bios\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gbtupd.exe
FirewallRules: [UDP Query User{C0B1E064-DE3C-4627-B8EB-B5DC0923043E}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\updexe.exe
FirewallRules: [TCP Query User{C462EFF4-0A15-4379-AE60-487DFFCC38FA}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\updexe.exe
FirewallRules: [UDP Query User{5CFBB054-860C-45AB-AE00-D045791C0063}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [TCP Query User{9AFE57C9-B59D-4C11-BD83-89AA6E5FB2ED}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\gbtupd.exe
FirewallRules: [UDP Query User{730D9B1B-EF7A-45E1-8FDD-B5DF517EE4DB}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [TCP Query User{F4933EDD-0A6B-4C04-8DA2-23FF2C6815AC}C:\program files (x86)\gigabyte\updmanager\runupd.exe] => (Allow) C:\program files (x86)\gigabyte\updmanager\runupd.exe
FirewallRules: [UDP Query User{1DFEC936-E6AD-40A0-9131-1F8D9CC80830}C:\program files (x86)\gigabyte\et6\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\et6\gbtupd.exe
FirewallRules: [TCP Query User{F552A620-B743-4AAF-87BE-F6ED28EED2A6}C:\program files (x86)\gigabyte\et6\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\et6\gbtupd.exe
FirewallRules: [UDP Query User{762B2F68-C16B-4AA3-8F95-DC32C735E4A0}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe
FirewallRules: [TCP Query User{27270243-5D6F-4322-AB7B-C620BA97C2B8}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe
FirewallRules: [{519C77F6-A01B-42EF-A3C0-6315E03ABDB1}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{F02363E6-FA79-4072-BF03-DAB47CC0141C}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{7A26E72F-C1E0-4A7F-8398-263496A623FA}] => (Allow) C:\Programy\EaseUS Todo Backup\bin\Agent.exe
FirewallRules: [{E35A2B6C-FB3C-4516-A884-69AC88178B0C}] => (Allow) C:\Programy\EaseUS Todo Backup\bin\Agent.exe
FirewallRules: [TCP Query User{6D038113-A7A1-4B79-91BC-0EFE9295559C}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe
FirewallRules: [UDP Query User{FE0A08E6-22FC-4267-8DE3-AF1880A2DDB5}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe
FirewallRules: [{A0A8B9C6-6879-4109-9133-061DC08FFA06}] => (Allow) %SystemRoot%\System32\wuapp.exe
FirewallRules: [TCP Query User{40937CB6-3D92-4ED4-A8C0-CF30CD97A3EB}D:\unity\unity4.2\editor\unity.exe] => (Allow) D:\unity\unity4.2\editor\unity.exe
FirewallRules: [UDP Query User{F3323FE0-F61A-4D06-A1E4-1EE614F1C075}D:\unity\unity4.2\editor\unity.exe] => (Allow) D:\unity\unity4.2\editor\unity.exe
FirewallRules: [TCP Query User{77023E65-E9BF-4E55-883A-0918FCBF083F}D:\kodi\kodi.exe] => (Allow) D:\kodi\kodi.exe
FirewallRules: [UDP Query User{C11D5079-728B-46C0-8AB2-8603B1C56170}D:\kodi\kodi.exe] => (Allow) D:\kodi\kodi.exe
FirewallRules: [{FDA8B3E4-CBF2-446D-A0D5-C4700454D141}] => (Allow) LPort=9143
FirewallRules: [{32634561-CDF1-4990-A757-8C9BF7BF3D6F}] => (Allow) LPort=2333
FirewallRules: [{B05C5663-925C-4327-8B29-DF214FF1B195}] => (Allow) %SystemDrive%\Programs\NZXT CAM\CAM_Client_V2.exe
FirewallRules: [{5C78E39A-F354-49F4-B6F0-231AAAC5171B}] => (Allow) %SystemDrive%\Programs\NZXT CAM\CAMLauncher.exe
FirewallRules: [{0872E2EE-EC62-4D3F-92C2-F58B2EA984D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{321325E0-5A59-4F52-B621-8AD44CE6D933}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CD1EFAB2-781D-4481-BDE1-7033A59FC2D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7DE9541D-D9A3-42DE-ACBD-21309C2EAB96}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{68360203-731B-4689-931A-AC8700C4516D}] => (Allow) C:\Programs\LogMeIn Hamachi\hamachi-2.exe
FirewallRules: [{A77DBEAB-CA5B-4A43-A4C3-B3B9549FD05E}] => (Allow) C:\Programs\LogMeIn Hamachi\hamachi-2.exe
FirewallRules: [{0D3ABA55-E774-4F5C-A671-DC593BA7FD1B}] => (Allow) C:\Programs\LogMeIn Hamachi\hamachi-2.exe
FirewallRules: [{4A9BF6FB-6A31-4C8E-AB23-2E00E32B1C62}] => (Allow) C:\Programs\LogMeIn Hamachi\hamachi-2.exe
FirewallRules: [{A599FDA8-2BA4-4726-B0E8-DF8DE46811EF}] => (Allow) C:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{D11B5404-9039-48EF-AD68-4D7875C25A84}] => (Allow) C:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{6F6A66D4-FED1-440B-931D-D6FBF5895031}] => (Allow) C:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{3D099D24-569E-4F6A-B812-F99F919740C9}] => (Allow) C:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe
FirewallRules: [{C03698EF-9886-4336-B47B-A7FCAEAE3891}] => (Allow) C:\Programs\LogMeIn Hamachi\LMIGuardianSvc.exe
FirewallRules: [{8C072643-4A90-4E5E-9271-FCB0DC0820AB}] => (Allow) C:\Programs\LogMeIn Hamachi\LMIGuardianSvc.exe
FirewallRules: [{DF4B13EF-D86B-47ED-8968-EA14CA44B9EA}] => (Allow) C:\Programs\LogMeIn Hamachi\LMIGuardianSvc.exe
FirewallRules: [{F466811F-5872-409A-8BB0-1D0E83CF7D22}] => (Allow) C:\Programs\LogMeIn Hamachi\LMIGuardianSvc.exe
FirewallRules: [{BDEC3675-5ABE-4B43-ABC1-A560D9CAFDB5}] => (Allow) X:\Games\!SteamWin\Steam.exe
FirewallRules: [{2FD6A36A-7352-47F6-B14A-3E83685C069B}] => (Allow) X:\Games\!SteamWin\Steam.exe
FirewallRules: [{0F58E013-1FDC-4963-8674-784F67269C16}] => (Allow) X:\Games\!SteamWin\bin\steamwebhelper.exe
FirewallRules: [{28B93017-40F9-46F4-A0D0-9642ADCCDCF4}] => (Allow) X:\Games\!SteamWin\bin\steamwebhelper.exe
FirewallRules: [{8110C1EE-AD44-4975-B266-300FBF1E3EC4}] => (Allow) X:\Games\!SteamWin\steamapps\common\Quake 3 Arena\quake3.exe
FirewallRules: [{B623385A-9DD0-47C8-B6E8-B6C8E5A3231A}] => (Allow) X:\Games\!SteamWin\steamapps\common\Quake 3 Arena\quake3.exe
FirewallRules: [{B21F2948-656F-4FF4-B76F-D1C9A90B3230}] => (Allow) X:\Games\!SteamWin\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{446B4715-AC82-4D0A-AC89-19981A9E58D6}] => (Allow) X:\Games\!SteamWin\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{7F1ED27E-025E-4C0C-9BEF-E223B1ACF47D}] => (Allow) X:\Games\!SteamWin\steamapps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{AFC79BA3-9567-48CE-A122-0E1C930A7F89}] => (Allow) X:\Games\!SteamWin\steamapps\common\Crysis\Bin32\Crysis.exe
FirewallRules: [{11CBCA80-47E7-44D1-B89D-A936708DB886}] => (Allow) X:\Games\!SteamWin\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{0BC8C569-A1D9-4248-96A3-B1C66B0BD3DD}] => (Allow) X:\Games\!SteamWin\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{130709A0-5485-4988-9827-E65BB46B022D}] => (Allow) X:\Games\!SteamWin\steamapps\common\Street Fighter IV\SF4Launcher.exe
FirewallRules: [{16BF0171-AA9D-42D8-99CF-49F5F5290238}] => (Allow) X:\Games\!SteamWin\steamapps\common\Street Fighter IV\SF4Launcher.exe
FirewallRules: [{5291BC0C-B7CE-4791-A7AB-2961708F6D9F}] => (Allow) X:\Games\!SteamWin\steamapps\common\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{A4EF1E5E-150B-4FB2-B92C-864B8DCE8D66}] => (Allow) X:\Games\!SteamWin\steamapps\common\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{F8D4C4AD-0D77-49DC-BCD4-5CE7B4C68526}] => (Allow) X:\Games\!SteamWin\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{FCF78AF5-A712-4111-9D6B-F01A90B16065}] => (Allow) X:\Games\!SteamWin\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{1D17955B-456E-4F61-93FC-2FBD555251D3}X:\games\!steamwin\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) X:\games\!steamwin\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{E095F70E-0375-4AD8-A8A3-772F950E1C2F}X:\games\!steamwin\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) X:\games\!steamwin\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{CC5E59E1-A33A-4F5D-A5DD-6EABD74F6BBC}] => (Allow) X:\Games\!SteamWin\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{B7AF8C4C-5F9A-475C-9E2B-368EFDA716B3}] => (Allow) X:\Games\!SteamWin\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{EF410AEE-D3AB-4339-9843-7D7DC18E0493}] => (Allow) X:\Games\!SteamWin\steamapps\common\Wasteland 2 Director's Cut\Build\WL2.exe
FirewallRules: [{78CF9037-FC34-4886-84AA-E121FDBC5E9D}] => (Allow) X:\Games\!SteamWin\steamapps\common\Wasteland 2 Director's Cut\Build\WL2.exe
FirewallRules: [{EE66C0E8-52D2-4442-BD86-4F2DE7AA1352}] => (Allow) X:\Games\!SteamWin\steamapps\common\Loki\Loki.exe
FirewallRules: [{10CD722C-C03B-4801-A7ED-16CBEE86B643}] => (Allow) X:\Games\!SteamWin\steamapps\common\Loki\Loki.exe
FirewallRules: [{B5450707-DE25-4339-B42F-E3D554CFAF9E}] => (Allow) X:\Games\!SteamWin\steamapps\common\Loki\Autorun\AutoRun.exe
FirewallRules: [{2182C2AF-1E71-4DC4-9CDE-0448D2635C7C}] => (Allow) X:\Games\!SteamWin\steamapps\common\Loki\Autorun\AutoRun.exe
FirewallRules: [{BBB01159-B389-4702-9D25-3FD12DB40CA5}] => (Allow) X:\Games\!SteamWin\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{8AB16549-F455-4FD4-B45E-DF284ECCA85B}] => (Allow) X:\Games\!SteamWin\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{01D72614-AEA5-43D5-8713-5152A08B1B63}] => (Allow) X:\Games\!SteamWin\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [{6E124028-C7E0-4F78-B99A-7EBD791D6ACC}] => (Allow) X:\Games\!SteamWin\steamapps\common\Metro Last Light Redux\metro.exe
FirewallRules: [TCP Query User{0C52027B-2730-4297-B859-5687FEA8D946}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [UDP Query User{8508FE1B-8F52-4B53-A8BA-5F5BEC22485E}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [{8F933E00-0682-4EC6-A34D-29B176340FB8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A43B3278-F0E3-4502-8ECF-AFE2A22ACC0C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DDD2AB8E-A9F8-43E6-ADD1-6D8E09D44C87}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{91A85BBC-A189-4F87-AB33-F7BBDBF85A73}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{5A91649A-804A-4DB3-A917-6A9F93BFFFE9}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{327670CC-AE94-4C4B-BA3E-342F0560E8AE}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{8A479258-3B28-4210-8BE6-32B2ED335B8F}] => (Allow) X:\Games\!SteamWin\steamapps\common\DOOM Demo\DOOMx64.exe
FirewallRules: [{27B525CF-BD9A-4708-80A9-EF560F484764}] => (Allow) X:\Games\!SteamWin\steamapps\common\DOOM Demo\DOOMx64.exe
FirewallRules: [{E620395B-9BC5-45A6-A4F9-ED46477E3EDD}] => (Allow) X:\Games\!SteamWin\steamapps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{A558E8E4-A18E-4D7F-8A7A-4B22AFCE0694}] => (Allow) X:\Games\!SteamWin\steamapps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{6259E347-3118-467B-8637-790BB1CF8D90}] => (Allow) X:\Games\!SteamWin\steamapps\common\Limbo\limbo.exe
FirewallRules: [{D802A89A-B7F8-44BE-87CB-878C0C217D96}] => (Allow) X:\Games\!SteamWin\steamapps\common\Limbo\limbo.exe
FirewallRules: [{3294CEDD-AC27-46E4-A5C7-48D89B1DE9F3}] => (Allow) X:\Games\!SteamWin\steamapps\common\Heroes of Might and Magic 5\bin\H5_Game.exe
FirewallRules: [{13125C38-E9A1-41A1-A1DD-E973034C9F0A}] => (Allow) X:\Games\!SteamWin\steamapps\common\Heroes of Might and Magic 5\bin\H5_Game.exe
FirewallRules: [{DCDB0F7D-34CE-45A0-AAA1-AA5E74112F67}] => (Allow) X:\Games\!SteamWin\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{C3A0A7A3-1AD4-4E38-971D-2D354D501FD6}] => (Allow) X:\Games\!SteamWin\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{70CEA55D-9790-4CAD-910C-83E6EDAF2F12}] => (Allow) X:\Games\!SteamWin\steamapps\common\Drakensang The River of Time\drakensang.exe
FirewallRules: [{A7FE075A-4056-4B69-A6FF-3CE2ED40E6C9}] => (Allow) X:\Games\!SteamWin\steamapps\common\Drakensang The River of Time\drakensang.exe
FirewallRules: [{EA256E3B-5C9D-4CA3-8106-BD47D3D3D5FD}] => (Allow) X:\Games\!SteamWin\steamapps\common\Omikron\Runtime.exe
FirewallRules: [{E7017D65-6548-4F1F-A83E-42F5DC2F51A8}] => (Allow) X:\Games\!SteamWin\steamapps\common\Omikron\Runtime.exe
FirewallRules: [{E9C015B3-1A34-4BF5-A764-3116BE9528EF}] => (Allow) X:\Games\!SteamWin\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{6DAD26A3-E752-400C-B08D-64668C373D43}] => (Allow) X:\Games\!SteamWin\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{364BECCF-809D-4099-A5F2-908DE9928E12}] => (Allow) X:\Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{75D58AC6-FDCB-4DC4-AEF8-797FC50BB354}] => (Allow) X:\Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{C8A887F6-08A9-4115-81F1-1D601942F292}] => (Allow) X:\Games\!SteamWin\steamapps\common\Call of Cthulhu\Engine\CoCDCoTELauncher.exe
FirewallRules: [{81546D0F-A860-4315-9707-298D53BD89C8}] => (Allow) X:\Games\!SteamWin\steamapps\common\Call of Cthulhu\Engine\CoCDCoTELauncher.exe
FirewallRules: [{A3CA9DD1-B3EC-4EA6-9975-B2E99DBBB5C1}] => (Allow) X:\Games\!SteamWin\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{37956AA1-24E0-4016-8E57-A8CF3B3A232B}] => (Allow) X:\Games\!SteamWin\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{6B18A61E-CF70-47E9-84F6-72239E3C06A4}] => (Allow) X:\Games\Rayman Origins\gu.exe
FirewallRules: [{27FD4292-F162-4DFF-A0F9-728734AF4A7F}] => (Allow) X:\Games\Rayman Origins\gu.exe
FirewallRules: [{7E999BE9-D4B8-48D8-8A38-B45C9CBF5F17}] => (Allow) X:\Games\Rayman Origins\Rayman Origins.exe
FirewallRules: [{8698A7C7-FCDA-4B17-A06D-967CBC2009F0}] => (Allow) X:\Games\Rayman Origins\Rayman Origins.exe
FirewallRules: [{4F80EC44-8FC2-40EF-97B0-18DE1393B2D5}] => (Allow) X:\Games\!SteamWin\steamapps\common\Rayman Legends Demo\Rayman Legends.exe
FirewallRules: [{32CE49AD-7AE2-4C45-AC08-A965D89F1331}] => (Allow) X:\Games\!SteamWin\steamapps\common\Rayman Legends Demo\Rayman Legends.exe
FirewallRules: [{8C89ED35-D65F-485F-B1F9-03914C7161D3}] => (Allow) X:\Games\!SteamWin\steamapps\common\Kingdom Come Deliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{9B81C283-F1F1-487F-8852-533E02DFC30F}] => (Allow) X:\Games\!SteamWin\steamapps\common\Kingdom Come Deliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{A7ACA3E9-72C4-4461-AF03-529A03F0F56C}] => (Allow) X:\Games\!SteamWin\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{254686BB-1480-42D7-A562-A4539D7CD41A}] => (Allow) X:\Games\!SteamWin\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{C4F4F9B0-8E99-4219-B920-4AF0D7A7539C}] => (Allow) LPort=3389
FirewallRules: [{571AC20C-C0AE-4449-9351-75BDB1B0C2D2}] => (Allow) C:\Programs\Mozilla Firefox\firefox.exe
FirewallRules: [{442991BA-A1F9-4BDE-8EC1-B864E7607048}] => (Allow) C:\Programs\Mozilla Firefox\firefox.exe
FirewallRules: [{2ED6C123-E410-4DD5-A0F3-73712EE94F29}] => (Allow) C:\Programs\VmwarePlayer\vmware-authd.exe
FirewallRules: [{02568202-CECB-4E5B-9BC8-4E42C539E030}] => (Allow) C:\Programs\VmwarePlayer\vmware-authd.exe
FirewallRules: [{6894E0B8-2540-47AD-AA11-E845E1EE2955}] => (Allow) C:\Programs\TightVNC\tvnserver.exe
FirewallRules: [{E3BD97DD-4576-4B1C-81B8-6194FC3F0FE5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{403BB27F-6CA3-4264-9327-F110981EBC7E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{85EA2F39-7E89-48DA-910A-FE09FC348E1E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2975C867-23D6-4ADD-B45F-1084C49E50D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: VMware VMCI Host Device
Description: VMware VMCI Host Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: vmci
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2017 02:08:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/20/2017 02:08:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/20/2017 02:08:26 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/20/2017 02:06:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/20/2017 02:05:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/20/2017 02:05:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/20/2017 02:05:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (02/20/2017 02:39:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (02/20/2017 02:39:54 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/20/2017 02:39:54 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/20/2017 02:39:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {8CEC58AE-07A1-11D9-B15E-000D56BFE6EE} did not register with DCOM within the required timeout.

Error: (02/20/2017 02:37:54 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/20/2017 02:37:49 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/20/2017 02:04:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (02/20/2017 02:04:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (02/20/2017 02:04:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (02/20/2017 02:04:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-6500T CPU @ 2.50GHz
Percentage of memory in use: 10%
Total physical RAM: 16336.04 MB
Available physical RAM: 14650.43 MB
Total Virtual: 32670.26 MB
Available Virtual: 31064.66 MB

==================== Drives ================================

Drive c: (Win7-64UltimateSSD) (Fixed) (Total:212.39 GB) (Free:22.48 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive z: (DiskAndRemoteBackups) (Fixed) (Total:1862.89 GB) (Free:82.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 58ECB010)
Partition 1: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 50777930)
Partition 1: (Not Active) - (Size=212.4 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=11.2 GB) - (Type=83)

==================== End of Addition.txt ============================