Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015 Ran by Agnieszka Śliwa at 2015-07-28 23:29:49 Running from C:\Users\Agnieszka Śliwa\Desktop\logi Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-570381415-172665024-2664267942-500 - Administrator - Disabled) Agnieszka Śliwa (S-1-5-21-570381415-172665024-2664267942-1002 - Administrator - Enabled) => C:\Users\Agnieszka Śliwa Gość (S-1-5-21-570381415-172665024-2664267942-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-570381415-172665024-2664267942-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Aktualizacje NVIDIA 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP AC Power Control (HKLM\...\{F819C151-FFEE-4F01-BE68-0D1F76574F44}) (Version: 1.0.6 - Hewlett-Packard) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP Documentation (HKLM-x32\...\{CCE5C597-03EA-423E-BA80-6FCD280A8465}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) K-Lite Codec Pack 10.9.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.6 - ) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 36.0.4 (x86 pl) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 pl)) (Version: 36.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) NVIDIA Sterownik graficzny 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation) Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Panel sterowania NVIDIA 347.25 (Version: 347.25 - NVIDIA Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.15.0 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer) Wielki słownik angielsko-polski i polsko-angielski PWN-OXFORD (HKLM-x32\...\{1035B082-201E-466E-9084-D096589C05CD}) (Version: 3.0.0 - WN PWN SA) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 10-07-2015 12:42:03 Windows Update 17-07-2015 14:29:55 Zaplanowany punkt kontrolny 25-07-2015 10:19:46 Zaplanowany punkt kontrolny 28-07-2015 17:26:34 avast! antivirus system restore point ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {169FE668-5AA1-4374-BCAB-63BC35973619} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-07] (Hewlett-Packard) Task: {23EE47A7-F2A9-477E-A28B-F71C1C584421} - System32\Tasks\{336DF296-4FDC-4D1D-BBA9-A7FFAEEDC3C1} => pcalua.exe -a "C:\Users\Agnieszka Śliwa\AppData\Roaming\omiga-plus\UninstallManager.exe" -c -ptid=cor <==== ATTENTION Task: {247975F4-5255-4F2A-887C-69C899F9D59C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-20] (Synaptics Incorporated) Task: {2963F2FF-B40F-4A4C-869C-E35B6488D7D0} - System32\Tasks\avastBCLRestartS-1-5-21-570381415-172665024-2664267942-1002 => Chrome.exe Task: {6786B7D3-EE36-4E1A-BFAD-B90DF4F7718D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {7A180719-1F2C-4561-95E6-0247D14F6A97} - System32\Tasks\HPCeeScheduleForAgnieszka Śliwa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {A0C00A4E-34C6-40B5-8FD1-9997B7EBD224} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-28] (AVAST Software) Task: {AC0D1EDB-2C15-4FE6-8AEF-23FA4E2EE5C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {BA2B3457-0082-4BDE-A740-F36039390F3C} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe Task: {BBC35C77-1F81-4C21-8AD8-D5565319D567} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink) Task: {BE977643-34D0-4279-B9F0-8C547CF56397} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-07] (Hewlett-Packard) Task: {C272949F-C7C3-452F-82A8-280577AAEAB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company) Task: {C72C202B-8656-4BAE-9B34-0D356D4D3513} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company) Task: {E2615DB5-50B3-4FE2-9A56-A9B1AA664FE2} - System32\Tasks\{9D20B877-CCB2-4F51-B467-EA87C7506EDB} => pcalua.exe -a F:\Uruchom.exe -d F:\ Task: {E8732BA2-4E56-4022-B8F1-E50A3B6137F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated) Task: {F180CB9D-DDF3-44C5-AC2C-CB1C2BC0E267} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2013-08-29] (Hewlett-Packard Company) Task: {F3956000-F442-40FD-A782-CE492281FB1C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.) Task: {FAFF2CCD-E3EE-4D9E-A242-EE03940EAA66} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\HPCeeScheduleForAgnieszka Śliwa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (Whitelisted) ============== 2013-10-14 12:25 - 2013-10-14 12:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2013-10-14 12:22 - 2013-10-14 12:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2013-10-14 12:22 - 2013-10-14 12:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2013-10-14 12:22 - 2013-10-14 12:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-02-17 07:13 - 2015-01-10 01:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-10-14 12:30 - 2013-10-14 12:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2013-09-30 17:12 - 2013-09-30 17:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 01022464 _____ () C:\Program Files\Opera x64\gstreamer\gstreamer.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00108544 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstaudioconvert.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00106496 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstaudioresample.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00062464 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstautodetect.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00108032 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstcoreplugins.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00073216 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstdecodebin2.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00074752 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstdirectsound.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00201216 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstffmpegcolorspace.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00340480 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstoggdec.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00045056 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstwaveform.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00077312 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstwavparse.dll 2014-11-28 17:07 - 2014-11-28 17:07 - 00115712 _____ () C:\Program Files\Opera x64\gstreamer\plugins\gstwebmdec.dll 2015-07-15 21:26 - 2015-07-15 21:26 - 23809712 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll 2015-07-28 17:27 - 2015-07-28 17:27 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-07-28 17:27 - 2015-07-28 17:27 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-07-28 17:25 - 2015-07-28 17:25 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072800\algo.dll 2015-07-28 22:26 - 2015-07-28 22:26 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072801\algo.dll 2014-02-17 07:04 - 2013-09-16 23:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-02-17 07:26 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-06-02 21:42 - 2015-06-02 21:42 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-570381415-172665024-2664267942-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Agnieszka Śliwa\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: Cachedrv server => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: Joyous Storage => 2 MSCONFIG\Services: omniserv => 2 MSCONFIG\Services: TermService => 3 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{6A4C1266-BA8F-4065-88E9-586BC63C48EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{4FED91D3-35B8-42E8-8CC9-BDF51F54B755}] => (Allow) LPort=2869 FirewallRules: [{696B45A0-6236-411E-AB12-93C544E03B51}] => (Allow) LPort=1900 FirewallRules: [{7F500C2E-1DE5-4695-9216-25780F07CFA8}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe FirewallRules: [{98235799-930E-4607-A4A5-3140FAFCC65E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe FirewallRules: [{91429E88-610D-4D9E-9628-5552255D8665}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe FirewallRules: [{8361DF38-9C3C-4EC6-B99D-512DA93DFC02}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe FirewallRules: [{B1193F07-E9CC-4C19-A4AA-BFBCF5314219}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe FirewallRules: [{F3179C0B-22D0-4D1B-8FE2-644AE035FB0B}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe FirewallRules: [{187E20B1-9F9E-4768-B09E-F8B9E9AB99D0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{29A1454A-C7F7-4840-B2B7-1F6439FE1708}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{675C6474-3026-4166-8CE5-9F5C99C09EF3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{BC4893C8-0C06-49BF-8501-24571A8346A4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{1944CDE7-9868-4657-9D18-C4F63C1C655B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{11C84C40-CC0A-4999-9368-4971AF610195}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{18FC4439-FD09-4431-8692-9AF1545A8B09}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{3A08AF5E-9031-431C-8951-DA6FC80335B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{13CAF6CE-612F-49A3-9A0A-87790E6443EF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C4A0E31F-8C55-4978-B2A2-C91F34CD4E12}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{319D7748-F583-411C-AB06-81AA0A679580}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{37F7522D-5182-41A8-AD69-AD72CAA49011}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{0645BCDC-2033-4337-ACB2-0582FB755D9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5EFAA980-3FA5-412C-8EEA-EC0D39FB49B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{68C892A4-C975-444A-B339-B014480CFCB2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{6E0402FC-B9D0-4910-BE26-A76BA24EF53B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{B67A0523-33FA-4433-AFFB-C3FA779C88CE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{E47BB7F8-B49E-432F-B237-B202ADE74D8E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{40C212A0-2C03-4137-95C5-49D951450424}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{08250AE5-1B50-4FA5-82F9-84711A94DDAF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{F3582CAB-0BF4-4DA2-AB8E-F48D103D48CA}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe FirewallRules: [{5710B2A2-3358-4A3C-8A4C-BF7CC6603F25}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe FirewallRules: [{581832B8-EEC9-43CC-9F88-CE37944F8073}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe FirewallRules: [{525A2D03-B174-4D18-B3F5-6526FBF38B12}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe FirewallRules: [{3BCD6966-BDD5-4BE3-9849-42D77D78CA69}] => (Allow) C:\Program Files\Opera x64\opera.exe FirewallRules: [{4B174C79-7BB8-405E-9BF7-E01EA1A6B191}] => (Allow) C:\Program Files\Opera x64\opera.exe FirewallRules: [TCP Query User{3C8A5A15-0D81-4097-886C-3C0F64A44800}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{6DE6162D-6F98-4EA3-8094-FC2170F157B6}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{1B3AE811-9D92-41BF-9EB3-6A21E0889470}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [UDP Query User{D4E7A755-A065-49A1-9DD4-33BAE5BC8374}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [{03EB22F3-F604-415D-9865-2DE1520EFB7B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F45B9C6C-1BDC-418A-B2B9-B52ECB000B3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8BEE03AE-242D-4431-8D76-8E5A62F0086D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F22C2872-690D-4F92-B62E-97B30AF92620}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{18404AE9-0692-45CB-9BF9-E79061BFA3A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AD712E85-2DC1-4809-866A-4F986304D3C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5AA3300F-F877-4AD0-B7D8-E4D8434A3E63}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{90318A9A-3AD8-421C-B4B2-6B6A4DC593C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{794DBBE8-3FB0-4CD2-ADD7-4BA71CE5C527}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{D5028BE9-9D4E-4EAF-9C57-5DF5F8D6B860}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{74078A05-297A-4059-98FB-8F03C644B0BF}C:\users\agnieszka śliwa\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Allow) C:\users\agnieszka śliwa\appdata\roaming\steganos\okayfreedom\proxy\node.exe FirewallRules: [UDP Query User{19DE7C88-5CE0-451F-9A87-D922DD387B11}C:\users\agnieszka śliwa\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Allow) C:\users\agnieszka śliwa\appdata\roaming\steganos\okayfreedom\proxy\node.exe FirewallRules: [TCP Query User{805D4D57-5359-4E86-B14D-C91B24909A9B}C:\users\agnieszka śliwa\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\agnieszka śliwa\appdata\roaming\steganos\okayfreedom\proxy\node.exe FirewallRules: [UDP Query User{1EB1F559-FFD6-4350-BAB4-3E1405B3AF9E}C:\users\agnieszka śliwa\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\agnieszka śliwa\appdata\roaming\steganos\okayfreedom\proxy\node.exe FirewallRules: [{579C5F84-E8DC-48C2-98FA-5CA17B8EA731}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{91677695-2FCA-45A0-9A18-2C92262AC877}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{3EF48367-B48E-4BB9-956E-59D767FC8784}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{80355371-DBAA-4B5B-B930-6A7F7FC57BCD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/28/2015 10:27:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: laptop-sliwa) Description: System Windows nie może wykonać logowania, ponieważ nie można załadować Twojego profilu. Sprawdź, czy masz połączenie z siecią i czy sieć działa poprawnie. SZCZEGÓŁY - Odmowa dostępu. Error: (07/28/2015 10:27:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: ZARZĄDZANIE NT) Description: System Windows nie może załadować rejestru. Częstą przyczyną tego problemu jest za mała ilość pamięci lub brak wystarczających praw zabezpieczeń. SZCZEGÓŁY - Odmowa dostępu. for C:\Users\TEMP\ntuser.dat Error: (07/28/2015 10:27:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: laptop-sliwa) Description: System Windows nie może znaleźć profilu lokalnego i loguje użytkownika przy użyciu profilu tymczasowego. Zmiany wprowadzone w profilu zostaną utracone po wylogowaniu. Error: (07/28/2015 10:27:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: laptop-sliwa) Description: System Windows wykonał kopię zapasową tego profilu użytkownika. System Windows automatycznie spróbuje użyć profilu z kopii zapasowej przy następnym logowaniu tego użytkownika. Error: (07/28/2015 10:27:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: laptop-sliwa) Description: System Windows nie może załadować profilu przechowywanego lokalnie. Przyczyną błędu może być brak wystarczających praw zabezpieczeń lub uszkodzony profil lokalny. SZCZEGÓŁY - Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. Error: (07/28/2015 10:27:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: ZARZĄDZANIE NT) Description: System Windows nie może załadować rejestru. Częstą przyczyną tego problemu jest za mała ilość pamięci lub brak wystarczających praw zabezpieczeń. SZCZEGÓŁY - Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. for C:\Users\Agnieszka Śliwa\ntuser.dat Error: (07/28/2015 06:14:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: MsMpEng.exe, wersja: 4.7.205.0, sygnatura czasowa: 0x54cb5aeb Nazwa modułu powodującego błąd: mpengine.dll, wersja: 1.1.9700.0, sygnatura czasowa: 0x51d28fcb Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000005615b7 Identyfikator procesu powodującego błąd: 0x8d0 Godzina uruchomienia aplikacji powodującej błąd: 0xMsMpEng.exe0 Ścieżka aplikacji powodującej błąd: MsMpEng.exe1 Ścieżka modułu powodującego błąd: MsMpEng.exe2 Identyfikator raportu: MsMpEng.exe3 Pełna nazwa pakietu powodującego błąd: MsMpEng.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: MsMpEng.exe5 Error: (07/28/2015 05:36:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: MsMpEng.exe, wersja: 4.7.205.0, sygnatura czasowa: 0x54cb5aeb Nazwa modułu powodującego błąd: mpengine.dll, wersja: 1.1.9700.0, sygnatura czasowa: 0x51d28fcb Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000005615b7 Identyfikator procesu powodującego błąd: 0x1acc Godzina uruchomienia aplikacji powodującej błąd: 0xMsMpEng.exe0 Ścieżka aplikacji powodującej błąd: MsMpEng.exe1 Ścieżka modułu powodującego błąd: MsMpEng.exe2 Identyfikator raportu: MsMpEng.exe3 Pełna nazwa pakietu powodującego błąd: MsMpEng.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: MsMpEng.exe5 Error: (07/28/2015 05:34:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: MsMpEng.exe, wersja: 4.7.205.0, sygnatura czasowa: 0x54cb5aeb Nazwa modułu powodującego błąd: mpengine.dll, wersja: 1.1.9700.0, sygnatura czasowa: 0x51d28fcb Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000005615b7 Identyfikator procesu powodującego błąd: 0x1de0 Godzina uruchomienia aplikacji powodującej błąd: 0xMsMpEng.exe0 Ścieżka aplikacji powodującej błąd: MsMpEng.exe1 Ścieżka modułu powodującego błąd: MsMpEng.exe2 Identyfikator raportu: MsMpEng.exe3 Pełna nazwa pakietu powodującego błąd: MsMpEng.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: MsMpEng.exe5 Error: (07/28/2015 05:30:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: MsMpEng.exe, wersja: 4.7.205.0, sygnatura czasowa: 0x54cb5aeb Nazwa modułu powodującego błąd: mpengine.dll, wersja: 1.1.9700.0, sygnatura czasowa: 0x51d28fcb Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000005615b7 Identyfikator procesu powodującego błąd: 0xc50 Godzina uruchomienia aplikacji powodującej błąd: 0xMsMpEng.exe0 Ścieżka aplikacji powodującej błąd: MsMpEng.exe1 Ścieżka modułu powodującego błąd: MsMpEng.exe2 Identyfikator raportu: MsMpEng.exe3 Pełna nazwa pakietu powodującego błąd: MsMpEng.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: MsMpEng.exe5 System errors: ============= Error: (07/28/2015 10:53:41 PM) (Source: DCOM) (EventID: 10010) (User: laptop-sliwa) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (07/28/2015 10:53:11 PM) (Source: DCOM) (EventID: 10010) (User: laptop-sliwa) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (07/28/2015 10:27:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu następującego błędu: %%2 Error: (07/28/2015 10:25:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi VBoxAsw Support Driver z powodu następującego błędu: %%2 Error: (07/28/2015 10:25:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Util Solution Real z powodu następującego błędu: %%2 Error: (07/28/2015 10:25:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Update Solution Real z powodu następującego błędu: %%2 Error: (07/28/2015 08:34:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi HP Support Assistant Service z powodu następującego błędu: %%1053 Error: (07/28/2015 08:34:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą HP Support Assistant Service. Error: (07/28/2015 08:34:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Usługa Google Update (gupdate) z powodu następującego błędu: %%2 Error: (07/28/2015 08:31:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi VBoxAsw Support Driver z powodu następującego błędu: %%2 Microsoft Office: ========================= Error: (07/28/2015 10:27:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: laptop-sliwa) Description: Odmowa dostępu. Error: (07/28/2015 10:27:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: ZARZĄDZANIE NT) Description: Odmowa dostępu. C:\Users\TEMP\ntuser.dat Error: (07/28/2015 10:27:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: laptop-sliwa) Description: Error: (07/28/2015 10:27:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: laptop-sliwa) Description: Error: (07/28/2015 10:27:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: laptop-sliwa) Description: Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. Error: (07/28/2015 10:27:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: ZARZĄDZANIE NT) Description: Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. C:\Users\Agnieszka Śliwa\ntuser.dat Error: (07/28/2015 06:14:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b78d001d0c95045963616C:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dllbc3bfc67-3543-11e5-82d7-28e3472e3dbc Error: (07/28/2015 05:36:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b71acc01d0c94b10b34596C:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll622089c4-353e-11e5-82d5-28e3472e3dbc Error: (07/28/2015 05:34:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b71de001d0c94a709ecd12C:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll29ea99b9-353e-11e5-82d5-28e3472e3dbc Error: (07/28/2015 05:30:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: MsMpEng.exe4.7.205.054cb5aebmpengine.dll1.1.9700.051d28fcbc000000500000000005615b7c5001d0c94a18940e1cC:\Program Files\Windows Defender\MsMpEng.exeC:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll8a47d4c1-353d-11e5-82d5-28e3472e3dbc CodeIntegrity Error: =================================== Date: 2015-07-28 20:43:44.188 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-28 20:43:43.969 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-28 20:43:43.594 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-28 20:43:42.985 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-28 20:43:42.750 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-28 20:43:42.531 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-28 20:43:41.031 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-28 20:43:40.688 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-28 20:43:39.828 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-28 20:43:39.516 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentage of memory in use: 30% Total physical RAM: 8084.27 MB Available physical RAM: 5633.38 MB Total Virtual: 9364.27 MB Available Virtual: 6872.14 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:684.53 GB) (Free:609.55 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:13.33 GB) (Free:1.34 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: CCABFC95) Partition: GPT Partition Type. ==================== End of log ============================