Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-07-2017 Ran by Julia (15-07-2017 14:57:05) Running from C:\Users\Julia\Downloads Microsoft Windows 10 Home Version 1703 (X86) (2017-07-13 20:42:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3482297185-812369919-341804188-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3482297185-812369919-341804188-503 - Limited - Disabled) Guest (S-1-5-21-3482297185-812369919-341804188-501 - Limited - Disabled) Julia (S-1-5-21-3482297185-812369919-341804188-1000 - Administrator - Enabled) => C:\Users\Julia ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . . (HKLM\...\{4A7F2465-EAE2-4A22-9842-2A0F537F243E}) (Version: 2.6.2.4 - Intel) Hidden µTorrent (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.) Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - ) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software) Bluefish 2.2.10 (HKLM\...\Bluefish) (Version: 2.2.10 - The Bluefish Developers) Canyon USB2.0 PC Camera (HKLM\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Crossout Launcher 1.0.0.28 (HKLM\...\CrossOutLauncher_is1) (Version: - ) D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) EPSON SX100 Series Printer Uninstall (HKLM\...\EPSON SX100 Series) (Version: - SEIKO EPSON Corporation) FileZilla Client 3.25.1 (HKLM\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse) FL Studio 11 (HKLM\...\FL Studio 11) (Version: - Image-Line) FlowStone FL 3.0 (HKLM\...\FlowStone) (Version: - ) Foto Studio 3.0 (HKLM\...\Foto Studio_is1) (Version: - Play.pl) GG (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\GG) (Version: 11 - GG Network S.A.) Google Chrome (HKLM\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GTK+ 2.10.6-1 runtime environment (HKLM\...\WinGTK-2_is1) (Version: - Tor Lillqvist) HTML To PDF 1.0 (HKLM\...\HTML To PDF 1.0) (Version: 1.0 - JBeNas) Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - ) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation) Intel® Driver Update Utility (HKLM\...\{66e8e99a-eb6f-4403-9fc2-0ddd4d6f353e}) (Version: 2.6.2.4 - Intel) Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) JetBrains PhpStorm 2016.3.3 (HKLM\...\PhpStorm 2016.3.3) (Version: 163.13906.21 - JetBrains s.r.o.) Junk Mail filter update (HKLM\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden League of Legends (HKLM\...\{EA8630BD-0DCC-4154-B972-AAA6C8989E1A}) (Version: 4.2.1 - Riot Games) Hidden League of Legends (HKLM\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games) LibreOffice 5.3.4.2 (HKLM\...\{E8FF8837-CDA1-462A-925B-2DA1FE7E263E}) (Version: 5.3.4.2 - The Document Foundation) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (HKLM\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (HKLM\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mobile Photo Enhancer 1.2 (HKLM\...\Mobile Photo Enhancer_is1) (Version: - ) Mozilla Firefox 54.0 (x86 pl) (HKLM\...\Mozilla Firefox 54.0 (x86 pl)) (Version: 54.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) msxml4 (HKLM\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name) PhotoFiltre 7 (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\PhotoFiltre 7) (Version: - ) PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) Robocraft Launcher version 0.4 (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.4 - Freejam Games) SimCity 4 Deluxe (HKLM\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - ) Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) The GIMP 2.2.13 (HKLM\...\WinGimp-2.0_is1) (Version: - ) TmNationsForever (HKLM\...\TmNationsForever_is1) (Version: - Nadeo) TOSHIBA Assist (HKLM\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION) TOSHIBA ConfigFree (HKLM\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.1 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.7 - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA) TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.1 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.5.4 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation) TOSHIBA Wireless LAN Indicator (HKLM\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION) Unity Web Player (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WinZip (HKLM\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Julia\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Julia\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-11] (AVAST Software) ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-11] (AVAST Software) ContextMenuHandlers01: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] () ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-02-11] (WinZip Computing, Inc.) ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-11] (AVAST Software) ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers04: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] () ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-02-11] (WinZip Computing, Inc.) ContextMenuHandlers05: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-10] (Intel Corporation) ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-11] (AVAST Software) ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers06: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] () ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2004-02-11] (WinZip Computing, Inc.) ContextMenuHandlers1_S-1-5-21-3482297185-812369919-341804188-1000: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\Julia\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll [2012-10-13] (GG Network S.A.) ContextMenuHandlers4_S-1-5-21-3482297185-812369919-341804188-1000: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\Julia\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll [2012-10-13] (GG Network S.A.) ContextMenuHandlers5_S-1-5-21-3482297185-812369919-341804188-1000: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => C:\Users\Julia\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll [2012-10-13] (GG Network S.A.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0190D4DF-86D2-4871-9BCF-ED52524EEF3A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {06A30D33-5EC0-459A-8369-33542E94B225} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0AB28D9A-0738-4AF1-A2A4-B760FDF5C6F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {0CF7A9FA-A649-48B4-9220-823757854DC8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software) Task: {1262E975-33E6-42AD-95ED-0BFDB306527C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {15EB95E2-5083-4A4C-A89A-4BAA7FFEDA60} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2453F638-A823-40B8-8EDA-938257DBFE67} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {27C31966-9B9C-43E3-92AF-6D63189C1993} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {2908BB3E-0308-4417-9459-56353E211892} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {29D60CE5-6904-4BA1-923E-1C1240B52123} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2BD1CE38-F3CE-494C-BC75-54BAE8287C78} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {2ED1EFEA-86AB-4A9C-B338-09752126C3C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {34233D13-63B4-4B2B-9217-2E57C0E35062} - \ConfigFree Startup Programs -> No File <==== ATTENTION Task: {3A47C496-A10D-4B4A-B816-D7ABA2292901} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3B0D7749-E57E-4AC6-8022-BA8C3FA68843} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {3E82755E-8781-43BC-A830-9653920D48F3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {4051F50D-B326-4793-94B4-4414DAAF60BB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {4E1B0E2D-383D-4C66-85BF-6D60A0DF4EE2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {57217940-6B5C-4F5D-8FAA-85A79BD61145} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {591BAA87-0DF7-4EBB-B814-37EAECB04F3D} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {59C0E173-30BA-4696-9755-BF01DABD6DEF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {5BBCE789-9A61-4F2D-89EF-E76673B923A7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {6EB53E98-184B-46D7-91A2-618F2752AB11} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {72EBA1F3-B93E-4FD9-B7FA-CE63A2701D8E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {74179CA7-B496-4480-9F65-7A9B4B269A75} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {830452A8-4B8E-4EB2-9989-AF4356B4EBDB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {88A01322-11DA-44C6-86CA-9266FC2F5999} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8B689AB0-2A00-409F-9B5B-4EBA34E6509A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {910C13B3-0302-44FA-BDDE-D4246E243075} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {92290E28-FCBD-4534-BC22-7FC45E12CF77} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {9D113242-CBC5-49D1-BC0F-C59888CA7F92} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {A5035ACC-9C15-441A-A7DC-01C8A646E0E8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {A6A02278-10DA-491E-B954-625934E8193B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {AAF0D632-4C4E-4879-9577-3DFD962EB25D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {C5510CDF-CC2D-49D8-9C0A-05A5FBA7A282} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {D5C06EAE-4A31-45C9-9384-8F1EE428DC86} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {D7C11BEB-B270-4323-B6C6-C52980CEB40B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {DC002C39-AFFE-4A3D-B455-A24B9152E8B5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E36DA76C-8571-47B9-8921-50DB9A903E7B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E3F18128-323F-43EE-958B-B3D9ECBE0349} - System32\Tasks\e-pity2015a_styczen => C:\Program Files\e-file\e-pity2015\Assets\signxml.exe Task: {E846CDE6-DA77-464D-AF5E-41685F9E2EE3} - System32\Tasks\e-pity2015a_kwiecien => C:\Program Files\e-file\e-pity2015\Assets\signxml.exe Task: {F0B3066D-246E-4285-BC14-1A34DFD4A850} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F137336C-55E4-46CE-A5DA-BFF583E8F47F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {F8115B6F-2BD6-4579-8C64-02E30B1669C1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-11] (AVAST Software) Task: {FBEFCBCF-3B4E-4FA7-8824-79F56FDBBFF2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FD2240EA-AEF6-4214-A0CF-7F22939B52EB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {FD727965-1FE8-4066-95D4-8192CBD98F3B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Julia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2017-03-18 20:19 - 2017-03-18 20:19 - 00116824 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 20:19 - 2017-03-18 22:25 - 01456128 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-10 02:27 - 2017-03-10 02:27 - 00112264 _____ () C:\Windows\System32\IccLibDll.dll 2010-11-19 03:18 - 2010-11-19 03:18 - 11205120 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2010-12-09 01:35 - 2010-12-09 01:35 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2017-07-11 15:21 - 2017-07-11 15:21 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-07-12 17:52 - 2017-07-12 17:52 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll 2017-07-11 15:22 - 2017-07-11 15:22 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-07-11 15:22 - 2017-07-11 15:22 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-07-11 15:22 - 2017-07-11 15:22 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-07-11 15:21 - 2017-07-11 15:22 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll 2017-07-11 15:22 - 2017-07-11 15:22 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2013-01-21 14:52 - 2016-04-22 00:18 - 03716144 _____ () C:\Users\Julia\AppData\Local\GG\Application\xulrunner\mozjs.dll 2013-01-21 14:52 - 2014-06-11 19:57 - 16361120 _____ () C:\Users\Julia\AppData\Local\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll 2017-06-21 13:02 - 2017-06-21 13:03 - 00064512 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeHost.exe 2017-06-21 13:02 - 2017-06-21 13:03 - 00170496 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-06-28 22:44 - 2017-06-23 04:21 - 02877272 _____ () C:\Program Files\Google\Chrome\Application\59.0.3071.115\libglesv2.dll 2017-06-28 22:44 - 2017-06-23 04:21 - 00086360 _____ () C:\Program Files\Google\Chrome\Application\59.0.3071.115\libegl.dll 2017-06-08 11:09 - 2017-06-08 11:09 - 02578344 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-06-22 13:25 - 2017-06-22 13:26 - 06573568 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x86__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2017-06-22 13:25 - 2017-06-22 13:26 - 01670144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x86__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2017-06-22 13:25 - 2017-06-22 13:26 - 00621056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x86__8wekyb3d8bbwe\WinStore.Vui.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2016-06-03 07:31 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3482297185-812369919-341804188-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Julia\Desktop\e534367ada3c2ef.jpg DNS Servers: 192.168.0.1 - 192.168.0.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: BthHFSrv => 3 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: EasyAntiCheat => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: WMPNetworkSvc => 3 MSCONFIG\Services: XblAuthManager => 3 MSCONFIG\Services: XblGameSave => 3 MSCONFIG\Services: XboxGipSvc => 3 MSCONFIG\Services: XboxNetApiSvc => 3 MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: GG => "C:\Users\Julia\AppData\Local\GG\Application\gghub.exe" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: VMonitorVMUVC => "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\StartupApproved\Run: => "DAEMON Tools Lite" HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{EB8718E1-8443-4432-BF4E-D9910F93EB23}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [UDP Query User{77B5361B-1B72-4F37-A704-F6BD6CBF77DF}C:\program files\jetbrains\phpstorm 2016.3.3\bin\phpstorm.exe] => (Block) C:\program files\jetbrains\phpstorm 2016.3.3\bin\phpstorm.exe FirewallRules: [TCP Query User{E101BDF1-7F71-429B-8845-81E78699191C}C:\program files\jetbrains\phpstorm 2016.3.3\bin\phpstorm.exe] => (Block) C:\program files\jetbrains\phpstorm 2016.3.3\bin\phpstorm.exe FirewallRules: [UDP Query User{4E6F33E8-CA1F-43A2-B8A9-5DEC0E798192}C:\program files\crossout\launcher.exe] => (Allow) C:\program files\crossout\launcher.exe FirewallRules: [TCP Query User{FD0F3E67-F1B7-42D8-8B4C-291AA71AD741}C:\program files\crossout\launcher.exe] => (Allow) C:\program files\crossout\launcher.exe FirewallRules: [{8C83E2B3-7111-4B78-A174-0E7E2543674F}] => (Allow) C:\Windows\System32\PnkBstrB.exe FirewallRules: [{43D10286-9BD2-49D8-9960-9CB5E1142024}] => (Allow) C:\Windows\System32\PnkBstrB.exe FirewallRules: [{7DD626EA-6545-40BE-A302-041C726EE12D}] => (Allow) C:\Windows\System32\PnkBstrA.exe FirewallRules: [{EE47F82A-0AC1-4532-95F5-3F524C8F3971}] => (Allow) C:\Windows\System32\PnkBstrA.exe FirewallRules: [{CA79E6B3-E97A-4E58-ABE5-1C37B484CE55}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{6486CD12-70DD-4D21-83D3-E1D65E13ACA7}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{7136E8D2-2B24-4394-9C18-13FD220447BD}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [{EB708579-4177-46C4-A21B-D3C8070315E8}] => (Allow) C:\Program Files\Steam\Steam.exe FirewallRules: [UDP Query User{84657473-5FA9-42FF-9460-2A4795DC9659}C:\program files\tmnationsforever\tmforever.exe] => (Block) C:\program files\tmnationsforever\tmforever.exe FirewallRules: [TCP Query User{83A0259C-7007-4088-A7CF-03FBAF6E8497}C:\program files\tmnationsforever\tmforever.exe] => (Block) C:\program files\tmnationsforever\tmforever.exe FirewallRules: [{B835EEA4-62AD-4E62-8CB0-8FECB04AAB72}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{4B024137-C011-4015-9538-4A3CF1CA022C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{B7079948-CEB7-4652-B732-9A65A5A97857}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{5058A76A-4057-43A3-BFE3-27D3B2314F94}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{6A10AE65-60A0-4D69-A3A8-397FD9DCB60E}C:\program files\tmnationsforever\tmforever.exe] => (Allow) C:\program files\tmnationsforever\tmforever.exe FirewallRules: [TCP Query User{0ACB00CF-25E7-447A-829B-953B33D4EF2D}C:\program files\tmnationsforever\tmforever.exe] => (Allow) C:\program files\tmnationsforever\tmforever.exe FirewallRules: [UDP Query User{43561801-929E-4B19-BC4E-08A4BB6341C0}C:\users\julia\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Block) C:\users\julia\appdata\roaming\utorrent\updates\3.4.3_40298.exe FirewallRules: [TCP Query User{0A768608-85A4-4551-94EA-46C5943CD0A7}C:\users\julia\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Block) C:\users\julia\appdata\roaming\utorrent\updates\3.4.3_40298.exe FirewallRules: [{C4353C3A-452B-4E0F-9873-5007DE4164DE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{E9DC300D-98D1-4D21-80DD-AEC821E3BF3A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{D5C545F9-EECF-44F6-A7C6-C96BF690A851}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{7391F156-DDAF-43F6-9DB6-8DF99F581E04}] => (Allow) C:\Users\Julia\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D0078550-569C-4A7F-A702-AF5F71F604C9}] => (Allow) C:\Users\Julia\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B295B403-D3B4-43BB-92F3-8CDD0C556C63}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{4CF76B47-A572-4517-B383-939D018F92B4}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe FirewallRules: [{1CC0B5FF-006C-4A48-AFF1-6E65A9CC7475}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{CD54BBE5-ED5D-4517-B280-4B1580CD61D3}] => (Allow) LPort=1900 FirewallRules: [{928A9364-107A-4641-9058-6190DCF72D38}] => (Allow) LPort=2869 FirewallRules: [{B3E15F7F-1B5C-4557-9462-1C4A2777FA3E}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{48885787-BDB5-4882-BB7C-55C704BAE5D5}] => (Allow) C:\Program Files\Heroes & Generals\live\hng.exe FirewallRules: [{F0052571-B545-4F0C-BBEE-97496634234B}] => (Allow) C:\Program Files\Heroes & Generals\live\hng.exe ==================== Restore Points ========================= 14-07-2017 06:58:38 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/15/2017 11:47:48 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\asio4all v2\a4apanel64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/14/2017 09:52:57 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\asio4all v2\a4apanel64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/14/2017 06:58:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (07/14/2017 06:48:50 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files\asio4all v2\a4apanel64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/13/2017 10:47:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NEWS) Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/13/2017 10:47:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: NEWS) Description: App Microsoft.Getstarted_5.10.1441.0_x86__8wekyb3d8bbwe+App did not launch within its allotted time. Error: (07/13/2017 10:34:56 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object. Error: (07/13/2017 10:32:49 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: ) Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A Error: (07/13/2017 10:25:38 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: ) Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A Error: (07/13/2017 10:25:38 PM) (Source: MSDTC 2) (EventID: 4104) (User: ) Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A System errors: ============= Error: (07/13/2017 11:00:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/13/2017 11:00:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/13/2017 11:00:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/13/2017 11:00:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/13/2017 10:47:38 PM) (Source: DCOM) (EventID: 10010) (User: NEWS) Description: The server Microsoft.Getstarted_5.10.1441.0_x86__8wekyb3d8bbwe!App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca did not register with DCOM within the required timeout. Error: (07/13/2017 10:40:42 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error: (07/13/2017 10:33:15 PM) (Source: WinRM) (EventID: 10142) (User: ) Description: The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists. Error: (07/13/2017 10:23:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (07/13/2017 10:23:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CldFlt service failed to start due to the following error: The request is not supported. Error: (07/13/2017 10:16:31 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz Percentage of memory in use: 83% Total physical RAM: 2765.86 MB Available physical RAM: 448.02 MB Total Virtual: 5581.86 MB Available Virtual: 2744.43 MB ==================== Drives ================================ Drive c: (S3A8972D003) (Fixed) (Total:460.47 GB) (Free:378.87 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (New Volume) (Fixed) (Total:124.83 GB) (Free:108.68 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 7B6475E8) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=460.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=801 MB) - (Type=27) Partition 4: (Not Active) - (Size=124.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================