Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-10-2015 Ran by Julia (2015-10-09 17:55:31) Running from C:\Users\Julia\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2012-03-05 06:38:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3482297185-812369919-341804188-500 - Administrator - Disabled) Guest (S-1-5-21-3482297185-812369919-341804188-501 - Limited - Disabled) Julia (S-1-5-21-3482297185-812369919-341804188-1000 - Administrator - Enabled) => C:\Users\Julia ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\uTorrent) (Version: 3.4.5.41162 - BitTorrent Inc.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House) Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) Astroburn Lite (HKLM\...\Astroburn Lite) (Version: 1.8.0.0182 - Disc Soft Ltd) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.) Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - ) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software) Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation) Canyon USB2.0 PC Camera (HKLM\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) FL Studio 10 (HKLM\...\FL Studio 10) (Version: - Image-Line) FL Studio 11 (HKLM\...\FL Studio 11) (Version: - Image-Line) FlowStone FL 3.0 (HKLM\...\FlowStone) (Version: - ) Foto Studio 3.0 (HKLM\...\Foto Studio_is1) (Version: - Play.pl) FreeOCR v5.4 (HKLM\...\freeocr_is1) (Version: - ) GG (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\GG) (Version: 11 - GG Network S.A.) Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden GTA2 (HKLM\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - ) GTK+ 2.10.6-1 runtime environment (HKLM\...\WinGTK-2_is1) (Version: - Tor Lillqvist) IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line) Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - ) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware wersja 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft1.7.9 (HKLM\...\Minecraft1.7.9) (Version: - ) Minecraft1.8 (HKLM\...\Minecraft1.8) (Version: - ) Mobile Photo Enhancer 1.2 (HKLM\...\Mobile Photo Enhancer_is1) (Version: - ) Mozilla Firefox 41.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 41.0.1 (x86 pl)) (Version: 41.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) msxml4 (HKLM\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name) Niezbędnik CD (HKLM\...\Niezbędnik CD_is1) (Version: - Axel Springer Polska) OutCook Express 1.1 (HKLM\...\OutCook Express_is1) (Version: - Dariusz Grabowski & Bartosz Małkowski) PhotoFiltre 7 (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\PhotoFiltre 7) (Version: - ) PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.) Robocraft version 0.3.290 (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.290 - Freejam) SimCity 4 Deluxe (HKLM\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - ) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spolszczenie Don't Starve (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\Spolszczenie Don't Starve) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The GIMP 2.2.13 (HKLM\...\WinGimp-2.0_is1) (Version: - ) The Nosebleed Pack Patch Install (HKLM\...\{F5EDF350-FBEE-40B7-926D-4DA2492BFF06}) (Version: - ) Those Funny Funguloids! v1.06 (HKLM\...\Those Funny Funguloids) (Version: - ) TOSHIBA Assist (HKLM\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION) TOSHIBA ConfigFree (HKLM\...\{D5AEEAA2-184E-4A2A-BAA3-6225EA4B9516}) (Version: 8.0.37 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.8.32 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.1 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.7 - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA) TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.1 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.5.4 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation) TOSHIBA Wireless LAN Indicator (HKLM\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION) Unity Web Player (HKU\S-1-5-21-3482297185-812369919-341804188-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WinZip (HKLM\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Julia\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-3482297185-812369919-341804188-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Julia\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) ==================== Restore Points ========================= 16-06-2015 16:37:36 Windows Update 23-06-2015 16:31:16 Windows Update 30-06-2015 12:35:32 Windows Update 04-07-2015 15:09:12 Windows Update 10-07-2015 12:49:52 Windows Update 14-07-2015 14:46:51 Windows Update 15-07-2015 20:32:06 Windows Update 16-07-2015 19:14:56 Windows Update 21-07-2015 13:54:12 Windows Update 28-07-2015 10:42:00 Windows Update 30-07-2015 03:53:57 Windows Update 04-08-2015 22:04:01 Windows Update 06-08-2015 00:14:59 Installed Free Video To GIF Maker 06-08-2015 00:27:09 Installed Free Video To GIF Maker 06-08-2015 01:22:00 Removed Free Video To GIF Maker 07-08-2015 22:31:28 Windows Update 08-08-2015 03:09:46 Installed Microsoft XNA Framework Redistributable 4.0 11-08-2015 13:57:29 Windows Update 12-08-2015 02:56:17 Windows Live Essentials 12-08-2015 02:57:06 Installed DirectX 12-08-2015 02:57:28 Installed DirectX 12-08-2015 02:57:41 WLSetup 12-08-2015 17:39:17 Windows Update 18-08-2015 09:44:49 Windows Update 19-08-2015 20:59:07 Windows Update 25-08-2015 12:06:45 Windows Update 28-08-2015 13:31:03 Windows Update 01-09-2015 14:42:06 Windows Update 04-09-2015 16:32:58 Windows Update 08-09-2015 17:00:25 Windows Update 09-09-2015 19:18:39 Windows Update 15-09-2015 18:28:08 Windows Update 19-09-2015 12:15:07 Windows Update 22-09-2015 15:47:49 Windows Update 25-09-2015 19:12:35 Windows Update 29-09-2015 12:37:25 Windows Update 02-10-2015 18:39:10 Windows Update 06-10-2015 20:01:01 Windows Update 07-10-2015 22:17:57 Removed BlueStacks Notification Center 09-10-2015 02:19:10 Configured TOSHIBA ReelTime 09-10-2015 05:53:13 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0669CAE3-8D62-4774-B302-84C58336CA56} - System32\Tasks\{86945756-3D09-4802-87F2-A47D3F85E65B} => pcalua.exe -a C:\Windows\System32\TVWSetup.exe -d C:\Windows\System32 Task: {17AC3F7F-8C29-4B0D-9C60-C7E836F5D088} - System32\Tasks\{FF2891D5-3E53-4F84-9530-7EFF906A430D} => pcalua.exe -a "C:\Users\Julia\Desktop\cień czarnobyla\Stalker\setup.exe" -d "C:\Users\Julia\Desktop\cień czarnobyla\Stalker" Task: {1C766A04-0982-4DA4-8613-57B58556FBD8} - System32\Tasks\C__Users_Julia_AppData_Local_Temp_nsvD015.tmp_fliptoast.app.13295.fliptoast-9e1f6ff0.exe => C:\Users\Julia\AppData\Local\Temp\nsvD015.tmp\fliptoast.app.13295.fliptoast-9e1f6ff0.exe <==== ATTENTION Task: {34233D13-63B4-4B2B-9217-2E57C0E35062} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-04] (TOSHIBA CORPORATION) Task: {6238AB7C-8B2B-4CA1-8AE6-3430113B4BAA} - System32\Tasks\{45F4C0D4-9E6A-450B-8471-227DC8E9A268} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {7CD231D7-0E25-4DFD-98E6-5F6B297D3779} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-09] (Adobe Systems Incorporated) Task: {94E59569-F6C2-46BD-8484-F09BDDE334B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {AAC1A1D3-BEB0-48BB-A6DD-08C5ED31E683} - System32\Tasks\C__Users_Julia_AppData_Local_Temp_nst8FBB.tmp_fliptoast.app.13295.fliptoast-9e1f6ff0.exe => C:\Users\Julia\AppData\Local\Temp\nst8FBB.tmp\fliptoast.app.13295.fliptoast-9e1f6ff0.exe <==== ATTENTION Task: {BC6050EF-6F58-42F0-BAA6-5EE768D9444F} - System32\Tasks\{AF0A5B6C-63DE-4487-9C6F-5A73A4525A62} => pcalua.exe -a "C:\Games BF\Battlefield 3™\Core\EAProxyInstaller.exe" -d "C:\Games BF\Battlefield 3™\Core" Task: {C5510CDF-CC2D-49D8-9C0A-05A5FBA7A282} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {D7891AC9-2852-47FE-BE40-646199348687} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-21] (Avast Software s.r.o.) Task: {D7C11BEB-B270-4323-B6C6-C52980CEB40B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {E97ADE0C-077D-444B-B71D-E75C8F77E3D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {EBC50723-BB84-4ADE-872F-60BA76354DAC} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\C__Users_Julia_AppData_Local_Temp_nst8FBB.tmp_fliptoast.app.13295.fliptoast-9e1f6ff0.exe.job => C:\Users\Julia\AppData\Local\Temp\nst8FBB.tmp\fliptoast.app.13295.fliptoast-9e1f6ff0.exe <==== ATTENTION Task: C:\windows\Tasks\C__Users_Julia_AppData_Local_Temp_nsvD015.tmp_fliptoast.app.13295.fliptoast-9e1f6ff0.exe.job => C:\Users\Julia\AppData\Local\Temp\nsvD015.tmp\fliptoast.app.13295.fliptoast-9e1f6ff0.exe <==== ATTENTION Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-06-14 17:09 - 2015-06-14 17:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-06-14 17:09 - 2015-06-14 17:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-10-09 00:29 - 2015-10-09 00:29 - 02967040 _____ () C:\Program Files\AVAST Software\Avast\defs\15100802\algo.dll 2015-10-09 16:05 - 2015-10-09 16:05 - 02967040 _____ () C:\Program Files\AVAST Software\Avast\defs\15100900\algo.dll 2011-04-05 05:18 - 2011-04-05 05:18 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2010-11-19 03:18 - 2010-11-19 03:18 - 11205120 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2015-03-11 20:40 - 2015-03-11 20:40 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2010-12-09 01:35 - 2010-12-09 01:35 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2015-09-29 04:53 - 2015-09-24 04:34 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libglesv2.dll 2015-09-29 04:53 - 2015-09-24 04:34 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libegl.dll 2015-09-29 04:53 - 2015-09-24 04:34 - 16487752 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:4B7BEAFF ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3482297185-812369919-341804188-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 62.179.1.62 - 62.179.1.63 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\startupreg: Anti-phishing Domain Advisor => "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: GG => "C:\Users\Julia\AppData\Local\GG\Application\gghub.exe" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: VMonitorVMUVC => "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B3E15F7F-1B5C-4557-9462-1C4A2777FA3E}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{928A9364-107A-4641-9058-6190DCF72D38}] => (Allow) LPort=2869 FirewallRules: [{CD54BBE5-ED5D-4517-B280-4B1580CD61D3}] => (Allow) LPort=1900 FirewallRules: [{1CC0B5FF-006C-4A48-AFF1-6E65A9CC7475}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{4CF76B47-A572-4517-B383-939D018F92B4}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe FirewallRules: [{B295B403-D3B4-43BB-92F3-8CDD0C556C63}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{D0078550-569C-4A7F-A702-AF5F71F604C9}] => (Allow) C:\Users\Julia\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7391F156-DDAF-43F6-9DB6-8DF99F581E04}] => (Allow) C:\Users\Julia\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D5C545F9-EECF-44F6-A7C6-C96BF690A851}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{F7F8D132-B555-46C4-8EEB-3F0A39720F1E}C:\program files\rockstar games\gta2\gta2.exe] => (Block) C:\program files\rockstar games\gta2\gta2.exe FirewallRules: [UDP Query User{5B086C7A-7D9C-4F16-A430-17626A6F5EA5}C:\program files\rockstar games\gta2\gta2.exe] => (Block) C:\program files\rockstar games\gta2\gta2.exe FirewallRules: [{5ADD41F9-2711-4018-93E5-6A16D12B47A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{CD15DDB6-5F37-49E5-B244-EDB83E45F4FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{E9DC300D-98D1-4D21-80DD-AEC821E3BF3A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{C4353C3A-452B-4E0F-9873-5007DE4164DE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [TCP Query User{0A768608-85A4-4551-94EA-46C5943CD0A7}C:\users\julia\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Block) C:\users\julia\appdata\roaming\utorrent\updates\3.4.3_40298.exe FirewallRules: [UDP Query User{43561801-929E-4B19-BC4E-08A4BB6341C0}C:\users\julia\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Block) C:\users\julia\appdata\roaming\utorrent\updates\3.4.3_40298.exe FirewallRules: [{E0356622-0408-4613-A63E-7EDF61F6CF62}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/09/2015 04:05:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2015 02:19:10 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {bb352254-5d59-470d-bd43-799ee72cf54c} Error: (10/09/2015 02:10:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/09/2015 12:29:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/07/2015 10:32:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/07/2015 06:27:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/06/2015 07:56:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/05/2015 04:40:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2015 09:37:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/04/2015 01:36:35 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/09/2015 05:39:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Skype Click to Call PNR Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/09/2015 02:08:37 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (10/09/2015 02:08:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/09/2015 02:08:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s). Error: (10/09/2015 02:08:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/09/2015 02:08:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TOSHIBA HDD SSD Alert Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/09/2015 02:08:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/09/2015 02:08:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/09/2015 02:08:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ConfigFree WiMAX Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/09/2015 02:08:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz Percentage of memory in use: 64% Total physical RAM: 2765.86 MB Available physical RAM: 969.26 MB Total Virtual: 5530.03 MB Available Virtual: 3571.53 MB ==================== Drives ================================ Drive c: (S3A8972D003) (Fixed) (Total:469.88 GB) (Free:327.21 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (New Volume) (Fixed) (Total:124.83 GB) (Free:89.38 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 7B6475E8) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=469.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=124.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================