Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017 Ran by paulinka (09-05-2017 19:25:07) Running from C:\Users\paulinka\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-12-05 18:42:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1822749172-3988503527-1915266406-500 - Administrator - Disabled) Guest (S-1-5-21-1822749172-3988503527-1915266406-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1822749172-3988503527-1915266406-1003 - Limited - Enabled) paulinka (S-1-5-21-1822749172-3988503527-1915266406-1000 - Administrator - Enabled) => C:\Users\paulinka ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . (Version: 7.1 - Intel) Hidden . . . (x32 Version: 2.7.2.4 - Intel) Hidden µTorrent (HKU\S-1-5-21-1822749172-3988503527-1915266406-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros) BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION) CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft) Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GG (HKU\S-1-5-21-1822749172-3988503527-1915266406-1000\...\GG) (Version: 11 - GG Network S.A.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) Hola™ 1.34.855 - Better Internet (HKLM\...\Hola) (Version: 1.34.855 - Hola Networks Ltd.) <==== ATTENTION HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.) HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HWiNFO64 Version 5.50 (HKLM\...\HWiNFO64_is1) (Version: 5.50 - Martin Malík - REALiX) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{954190cd-c66c-4650-bd15-f3dd85f2ae15}) (Version: 2.7.2.4 - Intel) ipla 2.9 (HKLM-x32\...\ipla) (Version: 2.9 - Cyfrowy Polsat S.A.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 11.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.6.5 - ) Malwarebytes (wersja 3.0.6.1469) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-1822749172-3988503527-1915266406-1000\...\MyFreeCodec) (Version: - ) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1822749172-3988503527-1915266406-1000\...\Spotify) (Version: 1.0.44.100.ga60c0ce1 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION) TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.) TOSHIBA ConfigFree (HKLM-x32\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - ) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation) Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA) TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64M - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.10010 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation) TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - ) TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation) TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION) TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - ) TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden USB Serial Port Driver (HKLM-x32\...\{FE11883D-EA67-473C-BDD1-8D6B6DFCBEAC}) (Version: 1.1.8.1526 - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft) WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft) WinUSB Drivers ext (HKLM-x32\...\{B7F55FF1-607A-4E12-BF64-8770BC618D12}) (Version: 1.1.23.1526 - Microsoft) WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. ) WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}) (Version: 3.5.9658 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1822749172-3988503527-1915266406-1000_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll => No File CustomCLSID: HKU\S-1-5-21-1822749172-3988503527-1915266406-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\paulinka\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07C4453A-0F97-4B51-BC08-5292F11113FE} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {14907EEB-F90C-4D5D-9B6D-6F24AC88A670} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION) Task: {289BCE26-3CB5-4B12-8614-9F67AB64DCF4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation) Task: {56B275D6-A749-4024-AE4A-17160AD00370} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP) Task: {5A2E3EFA-328B-4C97-A80A-344BF517DC3E} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe Task: {813CC27D-1124-4CFE-A7A9-1BF8D640A797} - System32\Tasks\DigitalSite => C:\Users\paulinka\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {98635374-0B80-4DBC-9879-C1FA2465D8C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated) Task: {E0974E39-12D1-4F48-A2CB-CB5D4918E8C3} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs" Task: {EB72C77A-E10E-450A-97E2-30B3FFAF81CB} - System32\Tasks\HPCustPartic.exe_{ABCAEADD-36C6-4AE7-AED0-9C3D0F695CDD} => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\paulinka\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\paulinka\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\paulinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ==================== Loaded Modules (Whitelisted) ============== 2017-03-07 19:04 - 2017-03-07 19:04 - 00157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe 2011-04-04 18:18 - 2011-04-04 18:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-02-03 18:56 - 2011-02-03 18:56 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll 2017-04-13 20:41 - 2017-03-07 19:15 - 00824592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe 2017-04-13 20:41 - 2017-03-07 19:18 - 01981712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll 2017-04-13 20:41 - 2017-03-07 19:10 - 00248080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll 2017-04-13 20:41 - 2017-03-07 19:09 - 00213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll 2017-04-13 20:41 - 2017-03-07 19:10 - 00175376 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll 2017-04-13 20:41 - 2017-03-07 19:09 - 00204048 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll 2017-04-13 20:41 - 2017-03-07 19:08 - 00337680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll 2017-04-13 20:41 - 2017-03-07 19:05 - 00148240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll 2017-04-13 20:41 - 2017-03-07 19:05 - 00178448 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_acdc_setting_input.dll 2017-04-13 20:41 - 2017-03-07 19:10 - 00213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll 2017-04-13 20:41 - 2017-03-07 19:06 - 00229648 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll 2017-04-13 20:41 - 2017-03-07 19:07 - 00225040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll 2017-04-13 20:41 - 2017-03-07 19:05 - 00212752 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll 2017-04-13 20:41 - 2017-03-07 19:07 - 00220432 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll 2017-05-09 18:52 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-05-09 18:52 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1822749172-3988503527-1915266406-1000\...\hola.org -> hxxp://hola.org ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1822749172-3988503527-1915266406-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\paulinka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 62.179.1.61 - 62.179.1.63 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: Facebook Update => "C:\Users\paulinka\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: GoogleChromeAutoLaunch_2E119C8AC6D29D1729B0F73DCB9126A3 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe MSCONFIG\startupreg: IPLA! => C:\Program Files (x86)\ipla\ipla.exe /autorun MSCONFIG\startupreg: Legion => C:\Program Files (x86)\Legion\Legion.exe MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{DD76B88C-933A-4D1D-B2FE-6AC465B3BBCC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{F8AAFFDD-CB9D-4576-829B-0F805B7E20BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{A467D23B-AA56-454A-969E-C35E4955B64C}] => (Allow) LPort=2869 FirewallRules: [{DB485AE4-96E8-4217-9156-DED45AFBE9B8}] => (Allow) LPort=1900 FirewallRules: [{5463F49F-7DE1-4B59-ADB9-2E471D291519}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{AC98DE6D-FEB7-4934-8B01-5369EFD90205}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{9930456D-2D80-4472-8DDB-13D63F7B5A03}] => (Allow) C:\Program Files (x86)\BitSpirit\BitSpirit.exe FirewallRules: [{6144FF1E-3823-43C6-B51D-B4B2EF5AC019}] => (Allow) C:\Program Files (x86)\BitSpirit\BitSpirit.exe FirewallRules: [TCP Query User{2234C25D-93E8-4255-BF28-19A43F053B44}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\lxdnmon.exe FirewallRules: [UDP Query User{2BAF4049-D5DE-4232-86A5-542B75129506}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\lxdnmon.exe FirewallRules: [TCP Query User{69140AFD-D52A-4E7E-BAFB-ED2579287D2A}C:\program files (x86)\gadu-gadu 10\gg.exe] => (Allow) C:\program files (x86)\gadu-gadu 10\gg.exe FirewallRules: [UDP Query User{2305D2A8-626B-4373-9257-7B7C4985250A}C:\program files (x86)\gadu-gadu 10\gg.exe] => (Allow) C:\program files (x86)\gadu-gadu 10\gg.exe FirewallRules: [{D60ADCC9-4E9C-4E04-A568-1394DEC57DBE}] => (Allow) C:\Program Files (x86)\Samsung\Smart Home Control\Smart Home Control.exe FirewallRules: [{12F5FE84-334D-49C8-91A7-91C5F6FCFC57}] => (Allow) C:\Program Files (x86)\Samsung\Smart Home Control\Smart Home Control.exe FirewallRules: [{DC1EDF69-735F-4D7A-B4A6-E66D89ED0966}] => (Allow) LPort=7878 FirewallRules: [{F44B7A44-A294-479B-8EF9-40D8CF561FEF}] => (Allow) LPort=20102 FirewallRules: [{4BA6C0AF-12F6-4596-B64E-A25969B85079}] => (Allow) LPort=1900 FirewallRules: [{866E0AAE-2AD6-490E-936D-7F7A78EA9A63}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{A01FA680-D786-4574-8F1F-9596D38725F1}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{289B8CED-7970-4D3E-B1FB-A1585907E565}] => (Allow) C:\Users\paulinka\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7508B601-4086-4F9F-AF4B-FA5D67766613}] => (Allow) C:\Users\paulinka\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{67DEBD61-8D4F-499D-8574-187C87AE289C}] => (Allow) C:\Users\paulinka\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{44154B80-4F0F-4D33-B086-8FA1ABAE671E}] => (Allow) C:\Users\paulinka\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{20A0D757-F978-4A51-AC2E-01EF8B10FF1B}] => (Allow) C:\Users\paulinka\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3E692161-C9F4-48DE-860F-AA77FA3A6FB5}] => (Allow) C:\Users\paulinka\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0DB4DB83-D602-4FF0-ADC8-A07A0210E521}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe FirewallRules: [{DE7621A1-49BF-4C2D-88B1-C6C33AA178A9}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{32459DFE-74FB-4933-BD6B-8B145A76BE8E}C:\users\paulinka\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paulinka\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{D0B35845-78AA-470F-B975-3FF82F019BA3}C:\users\paulinka\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\paulinka\appdata\roaming\spotify\spotify.exe FirewallRules: [{C7AAC132-F6C2-4A1C-8E9F-DC0FAFED3B6E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled 30-04-2017 19:00:20 Windows Backup 08-05-2017 21:13:13 Windows Backup ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/09/2017 04:52:05 PM) (Source: Google Update) (EventID: 20) (User: paulinka-TOSH) Description: Event-ID 20 Error: (05/09/2017 02:14:57 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (05/09/2017 02:06:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/09/2017 02:05:42 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Click-2-Run package registration failure. Error: (05/09/2017 02:05:42 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=B8C} The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7145.5001.sft' (rc 24600F0A-10000001, original rc 24600F0A-10000001). Error: (05/09/2017 12:22:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/09/2017 11:34:44 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. Error: (05/09/2017 11:25:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/09/2017 11:25:30 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Click-2-Run package registration failure. Error: (05/09/2017 11:25:30 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=CD0} The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7145.5001.sft' (rc 24600F0A-10000001, original rc 24600F0A-10000001). System errors: ============= Error: (05/09/2017 06:54:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (05/09/2017 02:05:28 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (05/09/2017 02:04:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SupportSoft RemoteAssist service failed to start due to the following error: The system cannot find the file specified. Error: (05/09/2017 12:21:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (05/09/2017 12:21:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (05/09/2017 12:21:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (05/09/2017 12:21:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (05/09/2017 12:21:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (05/09/2017 12:21:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (05/09/2017 12:21:05 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} CodeIntegrity: =================================== Date: 2014-06-03 06:36:06.439 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-03 06:36:06.375 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-01 07:53:09.992 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-01 07:53:09.972 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-01 07:51:22.292 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-01 07:51:22.230 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-31 14:06:23.173 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-31 14:06:23.123 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-30 13:11:36.909 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-05-30 13:11:36.857 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz Percentage of memory in use: 55% Total physical RAM: 4043.86 MB Available physical RAM: 1803.63 MB Total Virtual: 8085.9 MB Available Virtual: 5886.91 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:232.34 GB) (Free:100.42 GB) NTFS Drive d: (Data) (Fixed) (Total:233.03 GB) (Free:98.92 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================