Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015 Ran by Cezary at 2015-06-29 20:14:12 Running from C:\Users\Cezary\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-669934448-3564392166-1087876309-500 - Administrator - Disabled) Cezary (S-1-5-21-669934448-3564392166-1087876309-1001 - Administrator - Enabled) => C:\Users\Cezary Guest (S-1-5-21-669934448-3564392166-1087876309-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-669934448-3564392166-1087876309-1005 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5} AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-669934448-3564392166-1087876309-1001\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated) Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated) ALL YouTube Downloader (HKLM-x32\...\ALL YouTube Downloader_is1) (Version: 2.3 - ALLPlayer Ltd.) ALLMediaServer (HKLM-x32\...\{FE77909E-B782-4554-A92A-4D887CEF0ACC}_is1) (Version: 0.94 - ALLCinema Ltd.) ALLPlayer V5.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) ALLPlayer.TV (HKU\S-1-5-21-669934448-3564392166-1087876309-1001\...\1651857074.api.allplayer.nextplus.pl) (Version: - api.allplayer.nextplus.pl) ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS) ChomikBox (HKLM-x32\...\{26050F54-3928-4D9C-849A-C48A9E831E6F}) (Version: 2.0.5.0 - Chomikuj.pl) CodeBlocks (HKU\S-1-5-21-669934448-3564392166-1087876309-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team) COMODO Antivirus (HKLM\...\{4C5D0B6A-944A-47A6-A2F3-BCB58E05CA5D}) (Version: 8.2.0.4591 - COMODO Security Solutions Inc.) GG (HKU\S-1-5-21-669934448-3564392166-1087876309-1001\...\GG) (Version: 11 - GG Network S.A.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{89D2FA50-6002-4AFB-8586-3E38B355E891}) (Version: 15.05.2000.1462 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 pl)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) NapiProjekt 2.0.0 (build 2151) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM-x32\...\{90150000-001F-0415-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Notowania OnLine 3.0 DM BOS S.A. (HKLM-x32\...\Notowania OnLine 3.0 DM BOS S.A._is1) (Version: - COMARCH S.A.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony) UsbFix (HKLM-x32\...\Usbfix) (Version: 7.959 - El Desaparecido - www.usbfix.net - www.sosvirus.net) Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH) WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-669934448-3564392166-1087876309-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Cezary\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-669934448-3564392166-1087876309-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Cezary\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) CustomCLSID: HKU\S-1-5-21-669934448-3564392166-1087876309-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Cezary\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 09-06-2015 17:40:11 Scheduled Checkpoint 16-06-2015 22:33:25 Sony PC Companion 23-06-2015 17:22:30 Installing COMODO Antivirus 29-06-2015 20:04:55 Removed Skype Click to Call ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09D30130-C987-4BB7-B7CB-70D27C3EC1B9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {1157B0B1-658E-440B-8A77-CE51108DEDBE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {1EA025E2-6F38-4BFD-98BB-59F3A2B445D6} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO) Task: {33A5A00B-C8BF-44E8-A8E3-815EC870CBBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22] (Google Inc.) Task: {386759CB-870B-4FD7-BF6A-2F3AF0FA23A6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {3C754009-8F30-44E2-9627-D8697D03A7E9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {3CEAE04A-5D68-4CF7-9ADA-1D7B64D33E5A} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-05] (COMODO) Task: {3D97FDD1-BEDA-47BF-8053-EE0F6327022A} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.) Task: {3E685FC8-30E1-4BBE-8C8B-3640F5BBFEDB} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO) Task: {41BB1699-24BF-4200-9FE2-79ADA3CE6A4B} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek) Task: {467D60F9-63B6-48A3-B138-E6A47193C1AD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO) Task: {4B0F0FD0-3743-4A93-846F-CAED40E6BD65} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS) Task: {4EC81CE4-F6EA-4060-953C-63FDDFEA38E9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {5C887A61-A32B-4606-8914-229D66279EC6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {676A5186-1605-43A9-84FE-A4A00512D1DE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated) Task: {763329D3-11F9-4198-931E-27C872EF67FD} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.) Task: {8325D5B3-0584-4746-ADBC-BD84E6427B06} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-669934448-3564392166-1087876309-1001UA => C:\Users\Cezary\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14] (Google Inc.) Task: {894F618A-0DFF-41B3-AAEB-0E0305A71D6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22] (Google Inc.) Task: {92CB630E-C7F0-4407-89D9-29E0FA3FD045} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-24] (Adobe Systems Incorporated) Task: {A46D08CF-41C5-4945-93DE-AC4A920E04E0} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {A7FE6AC0-C72C-49A1-A57B-F220A99CC84B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation) Task: {D2C28DB0-D39A-441B-BEC7-BFB13728885B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-05] (COMODO) Task: {EA25C820-69E1-4482-84F3-7B9F97D65F4C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation) Task: {ED3A4BA4-66A6-440A-AEFB-616DF666DB58} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {EE597878-E858-4F3A-9414-48C84174E915} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] () Task: {F889D7B9-4824-4F2E-86C5-68BC53DAC1D2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-669934448-3564392166-1087876309-1001Core => C:\Users\Cezary\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14] (Google Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-669934448-3564392166-1087876309-1001Core.job => C:\Users\Cezary\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-669934448-3564392166-1087876309-1001UA.job => C:\Users\Cezary\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2012-08-30 10:28 - 2012-07-30 13:26 - 00029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe 2012-08-30 10:28 - 2012-07-30 13:27 - 00030592 _____ () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe 2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2015-06-27 12:03 - 2015-06-27 12:03 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\ErrorReporting.dll 2013-10-01 14:02 - 2013-10-01 14:02 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll 2015-06-16 22:33 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe 2013-04-29 15:17 - 2013-04-29 15:17 - 00587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2015-06-16 22:33 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll 2015-06-16 22:33 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll 2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll 2015-06-16 22:33 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll 2015-03-23 19:19 - 2015-03-23 19:19 - 02620416 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll 2015-06-16 22:33 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll 2015-06-22 18:57 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll 2015-06-22 18:57 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll 2015-06-22 18:57 - 2015-06-20 07:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll 2012-10-08 09:26 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID AlternateDataStreams: C:\Users\Cezary\SkyDrive:ms-properties AlternateDataStreams: C:\Users\Cezary\Downloads\20150428_195838.jpg:$CmdZnID AlternateDataStreams: C:\Users\Cezary\Downloads\2015_2016_zgloszenie_druzyny.xls:$CmdZnID AlternateDataStreams: C:\Users\Cezary\Downloads\lato_2015_Austria (1).docx:$CmdZnID AlternateDataStreams: C:\Users\Cezary\Downloads\LISTA UCZESTNIKÓW.doc:$CmdZnID AlternateDataStreams: C:\Users\Cezary\Downloads\Wykres_Dnia_20150623.pdf:$CmdZnID ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-669934448-3564392166-1087876309-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cezary\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 156.154.70.25 - 156.154.71.25 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "BTMTrayAgent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{138DE3BB-665D-4068-843B-347570CE3AA1}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe FirewallRules: [{E74B3E62-3344-4849-AC5A-AD7F0986E654}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe FirewallRules: [{B6A8B2BE-2BA7-4791-9F6E-B288C0BC2530}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe FirewallRules: [{050265B7-D290-4587-AD2D-A1DD033B3D7C}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe FirewallRules: [{30AF8388-6933-4AF0-B956-443CC200A076}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe FirewallRules: [{306F2145-28C9-4408-A5B9-B7BE688BC32C}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe FirewallRules: [{21DD342B-C5CD-431E-880D-A6F054C58C00}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe FirewallRules: [{E3E9857D-3B68-4D66-8F6F-27281A6BD39D}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe FirewallRules: [{95FAC202-D66E-441C-85FD-BB75912A5A8B}] => (Allow) C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe FirewallRules: [{BD7EAA51-6464-4034-A762-5DE95558077B}] => (Allow) C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe FirewallRules: [{7AC3E689-BFD3-43ED-B328-9247D00A1D67}] => (Allow) C:\Users\Cezary\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{0F64FC6B-7475-4913-9231-5E8DD08A105B}] => (Allow) C:\Users\Cezary\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{F0334DB1-11A8-4E43-ACDE-D53ABE66B974}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe FirewallRules: [{93B7F544-1631-454E-9F82-027F17BF9882}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe FirewallRules: [{44A10A58-7EF7-4045-821A-21CFF30692AA}] => (Allow) c:\users\cezary\appdata\roaming\allmyapps\allmyapps.exe FirewallRules: [{C5E4F6FF-F685-4A4A-BD8F-59EB77D6F5BD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{28F36003-DD41-48E3-9D1F-553235D9E468}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{F785C188-1E64-4E9D-AC67-949EE326606F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{D7E89D3A-4AAD-4931-B64D-66A149FE6386}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{A60C517B-B392-4EBC-ABF4-3BCFAB10AACD}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [TCP Query User{AA9D80B4-55A2-4EF7-9185-5D8E710B1027}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [UDP Query User{C58D516F-0FDF-4133-A4B8-163E3EEA75FA}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [{E6CCAB4F-B1B5-438D-86DB-7997B250F808}] => (Allow) C:\Users\Cezary\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0334F4AA-9A03-417A-AD81-4310CB750B37}] => (Allow) C:\Users\Cezary\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{A3319415-B152-459D-B45C-B4ACF677E182}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [UDP Query User{8DE12144-DEB8-4692-8A98-E4CF6BA3F432}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [{F883E969-ED42-4CE2-95CF-9EF4C5E8E746}] => (Allow) C:\WINDOWS\explorer.exe FirewallRules: [{1A069990-842D-4258-BD42-21729819D362}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{08B84050-F50F-45D2-89AD-4B58E9E5A031}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2890464F-C5B4-4BF2-94A7-87611CC31EED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{25FC382F-6472-4AEB-96E8-65AA3A12C437}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{D90C775F-B629-442D-A9C6-A5E6B8E20E42}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{A429BCA7-9DC0-419E-8E2E-89998F494EF3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/29/2015 11:41:56 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume \\?\Volume{83d88166-885f-4204-8938-9ed9a1473081}\ was not optimised because an error was encountered: The parameter is incorrect. (0x80070057) Error: (06/29/2015 11:41:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057) Error: (06/28/2015 03:32:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume \\?\Volume{83d88166-885f-4204-8938-9ed9a1473081}\ was not optimised because an error was encountered: The parameter is incorrect. (0x80070057) Error: (06/28/2015 03:32:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057) Error: (06/28/2015 01:40:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: skydrive.exe, version: 6.3.9600.17416, time stamp: 0x5452fd72 Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336 Exception code: 0xc0000374 Fault offset: 0x00000000000f0f20 Faulting process ID: 0x1214 Faulting application start time: 0xskydrive.exe0 Faulting application path: skydrive.exe1 Faulting module path: skydrive.exe2 Report ID: skydrive.exe3 Faulting package full name: skydrive.exe4 Faulting package-relative application ID: skydrive.exe5 Error: (06/27/2015 10:17:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (06/27/2015 10:17:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (06/27/2015 09:27:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (06/27/2015 09:27:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code. Error: (06/24/2015 09:18:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume \\?\Volume{83d88166-885f-4204-8938-9ed9a1473081}\ was not optimised because an error was encountered: The parameter is incorrect. (0x80070057) System errors: ============= Error: (06/29/2015 08:14:31 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (06/29/2015 08:14:30 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (06/29/2015 08:14:30 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (06/29/2015 08:14:30 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (06/29/2015 08:14:30 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (06/29/2015 08:14:30 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (06/29/2015 08:14:30 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (06/29/2015 08:14:30 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (06/29/2015 08:14:30 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (06/29/2015 08:09:09 PM) (Source: DCOM) (EventID: 10005) (User: KICIZEN) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Microsoft Office: ========================= Error: (06/29/2015 11:41:56 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: \\?\Volume{83d88166-885f-4204-8938-9ed9a1473081}\The parameter is incorrect. (0x80070057) Error: (06/29/2015 11:41:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: RecoveryThe parameter is incorrect. (0x80070057) Error: (06/28/2015 03:32:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: \\?\Volume{83d88166-885f-4204-8938-9ed9a1473081}\The parameter is incorrect. (0x80070057) Error: (06/28/2015 03:32:18 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: RecoveryThe parameter is incorrect. (0x80070057) Error: (06/28/2015 01:40:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: skydrive.exe6.3.9600.174165452fd72ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f20121401d0b115543b5426C:\Windows\System32\skydrive.exeC:\WINDOWS\SYSTEM32\ntdll.dlle0505d0f-1d25-11e5-bf20-c485084471f3 Error: (06/27/2015 10:17:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: 00980200000008010000 Error: (06/27/2015 10:17:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: 009120200000000000000AA000000 Error: (06/27/2015 09:27:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: 00980200000008010000 Error: (06/27/2015 09:27:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY) Description: 009120200000000000000AA000000 Error: (06/24/2015 09:18:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: \\?\Volume{83d88166-885f-4204-8938-9ed9a1473081}\The parameter is incorrect. (0x80070057) CodeIntegrity Errors: =================================== Date: 2015-06-29 20:10:12.140 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-29 20:04:51.574 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-29 19:47:15.429 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-29 19:17:56.595 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-29 18:54:52.732 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-29 18:44:42.684 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-29 18:37:37.472 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-29 18:21:36.687 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-29 18:10:17.673 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-29 16:50:45.113 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz Percentage of memory in use: 48% Total physical RAM: 3981.71 MB Available physical RAM: 2040.21 MB Total Pagefile: 4685.71 MB Available Pagefile: 2255.79 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:102.2 GB) (Free:57.96 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:110.93 GB) (Free:88.51 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 2790DEAF) Partition: GPT Partition Type. ==================== End of log ============================