Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-08-2015 Ran by user (2015-08-20 22:36:03) Running from C:\Users\user\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3416873059-519134790-2141062635-500 - Administrator - Disabled) Gość (S-1-5-21-3416873059-519134790-2141062635-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3416873059-519134790-2141062635-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-3416873059-519134790-2141062635-1000 - Limited - Enabled) => C:\Users\UpdatusUser user (S-1-5-21-3416873059-519134790-2141062635-1001 - Administrator - Enabled) => C:\Users\user ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Disabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E} AS: Panda Free Antivirus (Disabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-3416873059-519134790-2141062635-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version: - Bohemia Interactive) ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS) ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS) Asystent rejestracji usługi Windows Live (HKLM-x32\...\{74CC5B4D-CBB5-46F1-82B0-3169977B1D36}) (Version: 5.000.818.6 - Microsoft Corporation) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Audio Recorder Free 4.5.1 (HKLM-x32\...\Audio Recorder Free_is1) (Version: - MediaMotion Soft, Inc.) Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer) Audiosurf 2 (HKLM-x32\...\Steam App 235800) (Version: - Dylan Fitterer) AutoCAD 2015 — Polski (Polish) (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Language Pack – Polski (Polish) (Version: 20.0.51.0 - Autodesk) Hidden Autodesk AutoCAD 2015 — Polski (Polish) (HKLM\...\AutoCAD 2015 — Polski (Polish)) (Version: 20.0.51.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk) Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.1.419 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Bezpieczeństwo rodzinne usługi Windows Live (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - ) Capitalism II (HKLM-x32\...\{438AD0E0-495F-11D6-B09D-0004769F25D1}) (Version: - ) Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) Cesarz - Narodziny Państwa Środka (HKLM-x32\...\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}) (Version: 1.0.0.0 - ) Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden Cities XL 2011 (HKLM-x32\...\Cities XL 2011) (Version: 1.0.0 - Focus Home Interactive) Close Combat - Gateway to Caen (HKLM-x32\...\Steam App 297750) (Version: - Slitherine Ltd.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.63 - Conexant) ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.8 - ASUS) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKU\S-1-5-21-3416873059-519134790-2141062635-1001\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.) Dxtory version 2.0.127 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.127 - ExKode Co. Ltd.) ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.) Faraon (HKLM-x32\...\Pharaoh) (Version: - ) FormatFactory 2.70 (HKLM-x32\...\FormatFactory) (Version: 2.70 - Free Time) FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games) Galeria fotografii usługi Windows Live (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel) Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle) Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version: - ) Knights of Honor - patch polonizujący 1.05 (HKLM-x32\...\InstallShield_{F6D8E60A-D3E1-4BF0-BEDE-3DF57D99A21E}) (Version: 1.05.0000 - Cenega) Knights of Honor - patch polonizujący 1.05 (x32 Version: 1.05.0000 - Cenega) Hidden Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware wersja 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C# 2005 Express Edition - ENU (HKLM-x32\...\Microsoft Visual C# 2005 Express Edition - ENU) (Version: - Microsoft Corporation) Microsoft Visual C# 2005 Express Edition - ENU Service Pack 1 (KB926749) (HKLM-x32\...\KB926749.T2_24ToU293_24) (Version: 1 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Morrowind (HKLM-x32\...\{E52D32A0-0005-11D7-928D-000ACD006A23}) (Version: - ) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name) Narzędzie do przekazywania usługi Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5741 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice.org 3.3 (HKLM-x32\...\{0141D498-16DA-4221-A529-1D7A64BE8B05}) (Version: 3.3.9567 - OpenOffice.org) Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.) Panda Devices Agent (x32 Version: 1.03.05 - Panda Security) Hidden Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.00.01.0000 - Panda Security) Panda Free Antivirus (Version: 8.03.00.0000 - Panda Security) Hidden Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.3.0.3 - Panda Security and Visicom Media Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Poczta usługi Windows Live (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.3 - Project Reality) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.) REAPER (x64) (HKLM\...\REAPER) (Version: - ) Return to Mysterious Island 1 (HKLM-x32\...\Return to Mysterious Island 1) (Version: 1 - Techland) Scorched3D 44 (HKLM-x32\...\Scorched3D) (Version: 44 - Scorched) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.) SMPlayer 14.9.0.6812 (x64) (HKLM\...\SMPlayer) (Version: 14.9.0.6812 - Ricardo Villalba) Soldat 1.6.3 (HKLM-x32\...\Soldat_is1) (Version: 1.6.3 - Michal Marcinkowski) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Stellarium 0.10.6.1 (HKLM-x32\...\Stellarium_is1) (Version: - ) Strife (HKLM-x32\...\Steam App 339280) (Version: - S2 Games) Syberia (HKLM-x32\...\Syberia) (Version: 1.0 - Microids) Syberia 2 (HKLM-x32\...\Syberia 2) (Version: 1.0 - Microids) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts) Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version: - Haemimont Games) USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - ) WapSter AQQ (HKLM-x32\...\AQQ) (Version: 2.4.0.50 - Creative Team S.A.) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) Warcraft III: wszystkie elementy (HKU\S-1-5-21-3416873059-519134790-2141062635-1001\...\Warcraft III) (Version: - ) Winamp (HKLM-x32\...\Winamp) (Version: 5.601 - Nullsoft, Inc) Windows Live Sync (HKLM-x32\...\{C3335EFB-008F-44DB-A87A-9EC8EE53D045}) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) WinRAR 4.00 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.17 - ASUS) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\pl-PL\acadficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3416873059-519134790-2141062635-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) ==================== Restore Points ========================= 20-08-2015 16:22:32 Revo Uninstaller's restore point - Google Chrome ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-08-20 21:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1D93E9EB-3738-4144-9B0A-EA9A4B53DEDE} - System32\Tasks\P4G Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {3829BA91-90B5-431B-8FC8-B6BE2C4D36DE} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {49D30D0E-47F6-47C1-AA3D-2561C161DD48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20] (Google Inc.) Task: {510BDC16-2C01-4078-8E4F-9CE4A115175F} - System32\Tasks\{AFB503AC-3680-4824-ABD7-8DF5A7775D99} => Chrome.exe http://ui.skype.com/ui/0/7.8.80.102/en/abandoninstall?page=tsProgressBar Task: {51FCBE17-A85B-4DEB-974F-179358A9E0A2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3416873059-519134790-2141062635-1001UA => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) Task: {5563DE8B-50B0-4576-AA14-B98FF80A71EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-20] (Google Inc.) Task: {6D991C44-EB0C-43D9-AB3A-F3D8B84194D2} - System32\Tasks\{1B8BC1CF-D7E8-402B-A8AC-391BC37E0473} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.104/pl/abandoninstall?source=lightinstaller&page=tsDownload&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent Task: {71127600-ABB3-46E0-9C12-9C3871973002} - System32\Tasks\Opera N Saturday => C:\Program Files (x86)\Opera\launcher.exe Task: {73C3A94E-CC99-4C57-BDC4-14CE1D23030C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {7BB796E3-63D5-4871-8814-B098FD2561F0} - System32\Tasks\Opera N Sunday => C:\Program Files (x86)\Opera\launcher.exe Task: {A149FC25-FD25-4579-9EC0-74DA1EBED30F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated) Task: {A46613CF-9821-4133-880B-68B2AEED2C5E} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus) Task: {A471C4B7-4F1B-4C9B-A8BC-29C9F176450F} - System32\Tasks\{91C70C7F-78F7-4643-A050-3B238A39B08E} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-06-16] (Skype Technologies S.A.) Task: {A8776112-6389-472F-8131-A4A77AC12F83} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK) Task: {CD2A0A9C-D39D-4086-A69E-F96E512C3787} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK) Task: {D7316746-C766-4B7E-941D-C670C2186C76} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3416873059-519134790-2141062635-1001Core => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3416873059-519134790-2141062635-1001Core.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3416873059-519134790-2141062635-1001UA.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-07-16 19:22 - 2015-07-16 19:22 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2010-01-11 19:27 - 2010-01-11 19:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll 2010-05-06 03:22 - 2010-05-06 03:22 - 00108544 _____ () C:\Program Files\P4G\OvrClk.dll 2008-10-01 08:02 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2011-04-10 10:40 - 2011-04-10 10:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2007-06-15 19:28 - 2007-06-15 19:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll 2007-06-02 01:52 - 2007-06-02 01:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll 2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll 2010-02-24 00:14 - 2010-02-24 00:14 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll 2010-02-24 00:14 - 2010-02-24 00:14 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll 2010-02-24 00:11 - 2010-02-24 00:11 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll 2010-02-24 00:12 - 2010-02-24 00:12 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll 2010-02-24 00:14 - 2010-02-24 00:14 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\.rdata:X AlternateDataStreams: C:\ProgramData\Temp:AB689DEA AlternateDataStreams: C:\Users\user\Documents\PC300183.JPG:com.dropbox.attributes AlternateDataStreams: C:\Users\user\Documents\webcam-toy-foto4.jpg:com.dropbox.attributes ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3416873059-519134790-2141062635-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FD8EC89E-152B-4808-BD70-4FBA8BFD167B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E815C9CA-FF31-4B38-BB7B-5B84F79D831E}] => (Allow) d:\programy\Bittorent\BitTorrent.exe FirewallRules: [{2A6CBBCA-3D81-42C5-805B-B185C9073494}] => (Allow) d:\programy\Bittorent\BitTorrent.exe FirewallRules: [TCP Query User{B1EDF889-BCAF-4F96-8055-428F50139390}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Block) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe FirewallRules: [UDP Query User{26DEA37D-52B5-4AC7-88DB-21058FB79F0B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Block) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe FirewallRules: [TCP Query User{2A07B896-DA95-4B94-A8DF-BB34734EF78E}D:\programy\aqq\aqq.exe] => (Allow) D:\programy\aqq\aqq.exe FirewallRules: [UDP Query User{6D9C6C10-DBFC-47A3-AC65-52E956BD080A}D:\programy\aqq\aqq.exe] => (Allow) D:\programy\aqq\aqq.exe FirewallRules: [{6E5B4408-66E2-40E6-B80A-CBFD304456C1}] => (Block) D:\programy\aqq\aqq.exe FirewallRules: [{13A3E89D-8C23-4204-A8F2-60AF3635E701}] => (Block) D:\programy\aqq\aqq.exe FirewallRules: [TCP Query User{9BBBF571-8E12-44BF-868C-F4423737E244}D:\gry\soldat\soldat.exe] => (Allow) D:\gry\soldat\soldat.exe FirewallRules: [UDP Query User{4A9B7FEC-6B8E-4C3F-8EAD-C09A84D5B53A}D:\gry\soldat\soldat.exe] => (Allow) D:\gry\soldat\soldat.exe FirewallRules: [TCP Query User{EEC3F104-5FF5-448B-82D9-2FEC11087BDB}D:\gry\world_of_tanks\wotlauncher.exe] => (Allow) D:\gry\world_of_tanks\wotlauncher.exe FirewallRules: [UDP Query User{0EED0E51-0AB6-4FCC-9C5B-EB933D75EC9E}D:\gry\world_of_tanks\wotlauncher.exe] => (Allow) D:\gry\world_of_tanks\wotlauncher.exe FirewallRules: [TCP Query User{DA61291A-10B6-4E98-A275-66C09459DC0C}D:\gry\world_of_tanks\worldoftanks.exe] => (Allow) D:\gry\world_of_tanks\worldoftanks.exe FirewallRules: [UDP Query User{050025FF-7A5C-44AF-BE56-6A7EF0FFC90B}D:\gry\world_of_tanks\worldoftanks.exe] => (Allow) D:\gry\world_of_tanks\worldoftanks.exe FirewallRules: [{10CD1A8A-493D-4982-A811-E9065637A038}] => (Allow) D:\gry\Steam\Steam.exe FirewallRules: [{71D0499F-E34E-4B1F-9753-EFFC85379282}] => (Allow) D:\gry\Steam\Steam.exe FirewallRules: [TCP Query User{F72C97A5-AF07-4DF5-BFFF-4DAE16417CBE}D:\gry\knights of honor\koh.exe] => (Allow) D:\gry\knights of honor\koh.exe FirewallRules: [UDP Query User{83CB77D3-9F1C-45D5-BA97-F96E4DB13FC6}D:\gry\knights of honor\koh.exe] => (Allow) D:\gry\knights of honor\koh.exe FirewallRules: [{EECD00BC-0FE4-406A-A6D2-1C53E3B0D1DD}] => (Block) D:\gry\knights of honor\koh.exe FirewallRules: [{4E15B9D2-8678-4C6B-9B50-CD198624D669}] => (Block) D:\gry\knights of honor\koh.exe FirewallRules: [{4FB520B1-F1B6-4507-AC79-8440C455E05B}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{5AA3FEAD-D7EA-4572-9908-70C5B82215D9}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{356C75B1-3F73-4F8A-A5C2-3D7DC2A44996}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{B836E146-854F-4FF4-8C9B-33D17E4E3FA7}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{22307886-321C-4F3B-B736-A946B6BCBDD0}] => (Allow) D:\gry\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe FirewallRules: [{4C3C8704-07BF-471E-945C-4C8D5C48C1DC}] => (Allow) D:\gry\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe FirewallRules: [TCP Query User{59AE25D4-BC5D-4B41-8651-0C5475488C11}X:\programy\reaper (x64)\reaper.exe] => (Allow) X:\programy\reaper (x64)\reaper.exe FirewallRules: [UDP Query User{8165CD67-F387-43B4-B0CC-21B3FF952924}X:\programy\reaper (x64)\reaper.exe] => (Allow) X:\programy\reaper (x64)\reaper.exe FirewallRules: [{2F45857A-7FE0-4308-8C11-DC56653BF498}] => (Block) X:\programy\reaper (x64)\reaper.exe FirewallRules: [{512C2BA7-4578-410F-A1FE-D3B2D6C5AD6C}] => (Block) X:\programy\reaper (x64)\reaper.exe FirewallRules: [{DC04CE8F-7CB0-4CDF-A7E4-55BA77EA344E}] => (Allow) D:\gry\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{29F14900-842C-4D65-8EF1-AC4D42821DBE}] => (Allow) D:\gry\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{945DE864-B5DA-4E18-96FE-2EE4E5DA5BF2}] => (Allow) D:\gry\Steam\steamapps\common\Patterns\win\game.exe FirewallRules: [{4FD15E10-509B-4293-9245-9044D4CBE3A9}] => (Allow) D:\gry\Steam\steamapps\common\Patterns\win\game.exe FirewallRules: [{B5F384C5-3C02-42F8-BD43-00C6EBB1F991}] => (Allow) D:\gry\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe FirewallRules: [{0EAB09E8-5011-4B37-95E2-DB34CE4E08F2}] => (Allow) D:\gry\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe FirewallRules: [{C411EEA5-E228-4404-82F6-61DAA42BEE50}] => (Allow) D:\gry\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe FirewallRules: [{88493FB9-240E-497C-AD71-CF18171320FB}] => (Allow) D:\gry\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe FirewallRules: [{2C44B106-5079-47EF-884F-3E9549CBDCE3}] => (Allow) D:\gry\Steam\steamapps\common\CastleCrashers\castle.exe FirewallRules: [{1B777CD0-69CF-43AA-9227-10235C9F16E7}] => (Allow) D:\gry\Steam\steamapps\common\CastleCrashers\castle.exe FirewallRules: [TCP Query User{0BC1C8BB-F851-417B-A406-ECE72C8B7FC1}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{B2E03463-3E85-476A-9A22-13A17D59538A}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{9359C7CA-5A6E-4A8B-97F3-034B3F039F49}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{ED2F218B-53B7-446C-BF6E-18671F9B98EA}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe FirewallRules: [{F68925CA-9EA3-429D-A5BB-A8D1D870B180}] => (Allow) D:\gry\Steam\bin\steamwebhelper.exe FirewallRules: [{A4E4BE2E-04FA-463C-9AF4-9846458DE417}] => (Allow) D:\gry\Steam\bin\steamwebhelper.exe FirewallRules: [{1BBC37D5-8B79-4186-BAB1-A941D2F0AF93}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe FirewallRules: [{56A4CFC3-85A8-4C7A-81D4-4CD658964AB5}] => (Allow) D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe FirewallRules: [TCP Query User{19DA1F9F-528E-4274-8DB6-EBED9A348C66}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [UDP Query User{47E8F837-BEC9-4919-B5D6-DBFCAA7391A9}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [{56A17888-572A-418E-BFF2-EE1721667EC1}] => (Allow) D:\gry\Steam\steamapps\common\Close Combat - Gateway to Caen\autorun.exe FirewallRules: [{B13B1D7C-BC65-4ADB-9084-A6F6ADB0DB82}] => (Allow) D:\gry\Steam\steamapps\common\Close Combat - Gateway to Caen\autorun.exe FirewallRules: [{A9C2C3E9-81D8-415C-9533-F2FA353E9827}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{8F9ED218-1BDA-4F91-A2BA-7C70E3FF0E70}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{816EB87B-9BE4-4106-A21A-9E8E3194C847}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{BF74EF2F-2B73-4C3C-AD0A-EDD615575652}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{1D32530E-2BF8-4C53-A856-3217A316698C}] => (Allow) d:\gry\Project Reality\Project Reality BF2\prbf2.exe FirewallRules: [{575C0AE4-C90C-4235-AEE8-2CFE1242815D}] => (Allow) d:\gry\Project Reality\Project Reality BF2\mods\pr\bin\PRLauncher.exe FirewallRules: [{49971862-ED82-4085-B435-D82C88E0FE7D}] => (Allow) d:\gry\Project Reality\Project Reality BF2\mods\pr\bin\PRUpdater.exe FirewallRules: [{BA1C47FF-1E45-4E2C-9727-7DDBDB406DD7}] => (Allow) d:\gry\Project Reality\Project Reality BF2\mods\pr\bin\PRMumble\PRMumble.exe FirewallRules: [TCP Query User{49B6D369-67E9-4177-B8EF-37A908920F97}D:\snes\emulator\snes9x-1.53-x64\snes9x-x64.exe] => (Allow) D:\snes\emulator\snes9x-1.53-x64\snes9x-x64.exe FirewallRules: [UDP Query User{0FA79021-7D6A-49F5-8175-7A2F33214519}D:\snes\emulator\snes9x-1.53-x64\snes9x-x64.exe] => (Allow) D:\snes\emulator\snes9x-1.53-x64\snes9x-x64.exe FirewallRules: [{E336094E-694C-417A-BEA2-02EEC5E774BF}] => (Allow) D:\gry\Steam\steamapps\common\strife\bin\strife.exe FirewallRules: [{D4C793B4-B9FC-4AF9-ADB7-BEE1F29180FA}] => (Allow) D:\gry\Steam\steamapps\common\strife\bin\strife.exe FirewallRules: [{C1FADC6A-7430-4EBE-B4BE-8E28B2A95767}] => (Allow) D:\gry\Steam\steamapps\common\Tropico 3\tropico3.exe FirewallRules: [{2895991B-8C1E-4E57-A4E6-FF938F90C11C}] => (Allow) D:\gry\Steam\steamapps\common\Tropico 3\tropico3.exe FirewallRules: [{5E038342-C126-47AA-A6EE-37AEEB8D8F89}] => (Allow) C:\Program Files (x86)\pandasecuritytb\dtuser.exe FirewallRules: [{32E64570-697C-4F29-8889-3DB5F2808262}] => (Allow) C:\Program Files (x86)\pandasecuritytb\dtuser.exe FirewallRules: [{1326DEED-FD77-43CA-B75C-9E1F2C20FD8F}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [{EE9EBAF1-4492-497A-B1FD-73529186BDA6}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [{73952059-DA6D-4D69-9B34-B57F570A82C2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/20/2015 07:22:28 PM) (Source: MsiInstaller) (EventID: 11310) (User: user-Komputer) Description: Produkt: Akamai NetSession Interface - Błąd 1310. Błąd zapisu w pliku: C:\Users\user\AppData\Local\Akamai\admintool.exe. Błąd systemu 0. Sprawdź, czy masz dostęp do tego katalogu. Error: (08/20/2015 07:22:04 PM) (Source: MsiInstaller) (EventID: 11310) (User: user-Komputer) Description: Produkt: Akamai NetSession Interface - Błąd 1310. Błąd zapisu w pliku: C:\Users\user\AppData\Local\Akamai\admintool.exe. Błąd systemu 0. Sprawdź, czy masz dostęp do tego katalogu. Error: (08/20/2015 03:53:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program chrome.exe w wersji 44.0.2403.155 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji. Identyfikator procesu: 16b8 Godzina rozpoczęcia: 01d0db4f72025d37 Godzina zakończenia: 3 Ścieżka aplikacji: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Identyfikator raportu: c1f03d3e-4742-11e5-9183-20cf3064ddeb Error: (08/20/2015 03:43:12 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Nie można utworzyć punktu przywracania (Proces = C:\Users\user\Downloads\HitmanPro_x64 (1).exe (1).exe" ; Opis = Punkt przywracania stworzony przez HitmanPro; Błąd = 0x8007043c). Error: (08/20/2015 03:01:17 PM) (Source: MsiInstaller) (EventID: 11310) (User: user-Komputer) Description: Produkt: Akamai NetSession Interface - Błąd 1310. Błąd zapisu w pliku: C:\Users\user\AppData\Local\Akamai\admintool.exe. Błąd systemu 0. Sprawdź, czy masz dostęp do tego katalogu. Error: (08/20/2015 03:00:43 PM) (Source: MsiInstaller) (EventID: 11310) (User: user-Komputer) Description: Produkt: Akamai NetSession Interface - Błąd 1310. Błąd zapisu w pliku: C:\Users\user\AppData\Local\Akamai\admintool.exe. Błąd systemu 0. Sprawdź, czy masz dostęp do tego katalogu. Error: (08/20/2015 02:59:53 PM) (Source: MsiInstaller) (EventID: 11704) (User: user-Komputer) Description: Produkt: Akamai NetSession Interface - Błąd 1704. Instalacja Microsoft Visual C# 2005 Express Edition - ENU jest aktualnie wstrzymana. Aby kontynuować, musisz cofnąć zmiany wprowadzone przez tę instalację. Czy chcesz cofnąć te zmiany? Error: (08/20/2015 01:56:43 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x000002ac,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001A0F0C0.72). hr = 0x80070005, Odmowa dostępu. . Error: (08/20/2015 01:56:43 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x000001a8,(null),0,REG_BINARY,000000000298EF00.72). hr = 0x80070005, Odmowa dostępu. . Operacja: Zdarzenie BackupShutdown Kontekst: Kontekst wykonywania: Writer Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nazwa modułu zapisującego: Registry Writer Identyfikator wystąpienia modułu zapisującego: {a0bc581a-b137-4f71-aa7f-66feb469d33f} Error: (08/20/2015 01:56:43 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas wywoływania procedury RegSetValueExW(0x000001a8,(null),0,REG_BINARY,000000000298EF00.72). hr = 0x80070005, Odmowa dostępu. . Operacja: Zdarzenie BackupShutdown Kontekst: Kontekst wykonywania: Writer Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nazwa modułu zapisującego: Registry Writer Identyfikator wystąpienia modułu zapisującego: {a0bc581a-b137-4f71-aa7f-66feb469d33f} System errors: ============= Error: (08/20/2015 09:26:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (08/20/2015 09:22:51 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (08/20/2015 09:17:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (08/20/2015 09:05:17 PM) (Source: Schannel) (EventID: 4119) (User: ZARZĄDZANIE NT) Description: Odebrano następujący alert krytyczny: 20. Error: (08/20/2015 07:59:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: ZARZĄDZANIE NT) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80240020: Uaktualnij do wersji Windows 10 Home. Error: (08/20/2015 07:41:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Tristip z powodu następującego błędu: %%2 Error: (08/20/2015 04:12:09 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (08/20/2015 04:03:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Tristip z powodu następującego błędu: %%2 Error: (08/20/2015 04:02:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (08/20/2015 04:02:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Microsoft Office: ========================= Error: (08/20/2015 07:22:28 PM) (Source: MsiInstaller) (EventID: 11310) (User: user-Komputer) Description: Produkt: Akamai NetSession Interface - Błąd 1310. Błąd zapisu w pliku: C:\Users\user\AppData\Local\Akamai\admintool.exe. Błąd systemu 0. Sprawdź, czy masz dostęp do tego katalogu.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/20/2015 07:22:04 PM) (Source: MsiInstaller) (EventID: 11310) (User: user-Komputer) Description: Produkt: Akamai NetSession Interface - Błąd 1310. Błąd zapisu w pliku: C:\Users\user\AppData\Local\Akamai\admintool.exe. Błąd systemu 0. Sprawdź, czy masz dostęp do tego katalogu.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/20/2015 03:53:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: chrome.exe44.0.2403.15516b801d0db4f72025d373C:\Program Files (x86)\Google\Chrome\Application\chrome.exec1f03d3e-4742-11e5-9183-20cf3064ddeb Error: (08/20/2015 03:43:12 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Users\user\Downloads\HitmanPro_x64 (1).exe (1).exe" Punkt przywracania stworzony przez HitmanPro0x8007043c Error: (08/20/2015 03:01:17 PM) (Source: MsiInstaller) (EventID: 11310) (User: user-Komputer) Description: Produkt: Akamai NetSession Interface - Błąd 1310. Błąd zapisu w pliku: C:\Users\user\AppData\Local\Akamai\admintool.exe. Błąd systemu 0. Sprawdź, czy masz dostęp do tego katalogu.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/20/2015 03:00:43 PM) (Source: MsiInstaller) (EventID: 11310) (User: user-Komputer) Description: Produkt: Akamai NetSession Interface - Błąd 1310. Błąd zapisu w pliku: C:\Users\user\AppData\Local\Akamai\admintool.exe. Błąd systemu 0. Sprawdź, czy masz dostęp do tego katalogu.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/20/2015 02:59:53 PM) (Source: MsiInstaller) (EventID: 11704) (User: user-Komputer) Description: Produkt: Akamai NetSession Interface - Błąd 1704. Instalacja Microsoft Visual C# 2005 Express Edition - ENU jest aktualnie wstrzymana. Aby kontynuować, musisz cofnąć zmiany wprowadzone przez tę instalację. Czy chcesz cofnąć te zmiany?(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/20/2015 01:56:43 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000002ac,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001A0F0C0.72)0x80070005, Odmowa dostępu. Error: (08/20/2015 01:56:43 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000001a8,(null),0,REG_BINARY,000000000298EF00.72)0x80070005, Odmowa dostępu. Operacja: Zdarzenie BackupShutdown Kontekst: Kontekst wykonywania: Writer Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nazwa modułu zapisującego: Registry Writer Identyfikator wystąpienia modułu zapisującego: {a0bc581a-b137-4f71-aa7f-66feb469d33f} Error: (08/20/2015 01:56:43 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000001a8,(null),0,REG_BINARY,000000000298EF00.72)0x80070005, Odmowa dostępu. Operacja: Zdarzenie BackupShutdown Kontekst: Kontekst wykonywania: Writer Identyfikator klasy modułu zapisującego: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nazwa modułu zapisującego: Registry Writer Identyfikator wystąpienia modułu zapisującego: {a0bc581a-b137-4f71-aa7f-66feb469d33f} CodeIntegrity: =================================== Date: 2015-08-20 21:22:51.413 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-20 21:22:51.304 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz Percentage of memory in use: 71% Total physical RAM: 2924.55 MB Available physical RAM: 846.41 MB Total Virtual: 5847.31 MB Available Virtual: 3264 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:25.37 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:269.79 GB) (Free:193.65 GB) NTFS Drive e: (THEFROZENTHRONE) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS Drive x: (MUZYKA) (Fixed) (Total:60 GB) (Free:57.78 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D) Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C) Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=329.8 GB) - (Type=OF Extended) ==================== End of log ============================