Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016 Ran by michal!! (2016-05-31 12:13:15) Running from C:\Users\michal!!\Desktop\@@PEN Windows Vista (TM) Home Premium Service Pack 2 (X64) (2008-08-26 18:32:42) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1919287987-587404221-3270057354-500 - Administrator - Disabled) Guest (S-1-5-21-1919287987-587404221-3270057354-501 - Limited - Disabled) michal!! (S-1-5-21-1919287987-587404221-3270057354-1000 - Administrator - Enabled) => C:\Users\michal!! ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B} AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.7 - Adobe Systems Incorporated) Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated) Adobe Reader 8.2.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A82000000003}) (Version: 8.2.5 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: - ) Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version: - ) AIDA64 Extreme v5.70 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.70 - FinalWire Ltd.) Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 3.03 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.115.101 - Alps Electric) Dell Webcam Center (HKLM-x32\...\Dell Webcam Center) (Version: - ) Dell Webcam Manager (HKLM-x32\...\Dell Webcam Manager) (Version: - ) Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.) DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden EDocs (HKLM-x32\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - ) EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden Fingerprint Reader Suite 5.6 (HKLM\...\{A2289997-10A3-48F2-AA03-99180D761661}) (Version: 5.6.2.3705 - UPEK Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) J2SE Runtime Environment 5.0 Update 22 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150220}) (Version: 1.5.0.220 - Sun Microsystems, Inc.) Java(TM) 6 Update 5 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.) Java(TM) 7 Update 3 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217003FF}) (Version: 7.0.30 - Oracle) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden Laptop Integrated Webcam Driver (1.03.02.0719) (HKLM\...\Creative OEM002) (Version: - ) Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.0817.1 - Creative Technology Ltd.) Live! Cam Avatar v1.0 (HKLM-x32\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.) LoJack Factory Installer (HKLM-x32\...\InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}) (Version: 1.00.0023 - Absolute Software Corporation) LoJack Factory Installer (x32 Version: 1.00.0023 - Absolute Software Corporation) Hidden MediaDirect (HKLM-x32\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) Obsługa programów Apple (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) OCCT 4.4.0 (HKLM-x32\...\OCCT) (Version: 4.4.0 - Ocbase.com) OpenOffice.org 3.2 (HKLM-x32\...\{58B785A2-D2CA-40AA-AE89-FCC49326CDC4}) (Version: 3.2.9502 - OpenOffice.org) Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA) OutlookAddinSetup (HKLM-x32\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink) QuickSet (HKLM\...\{5563A0F6-CF81-451E-87AD-A50075BCA9B7}) (Version: 8.2.20 - Dell Inc.) Roxio Creator Premier (HKLM-x32\...\{BB2CB14A-F3A3-4BBF-9111-EBC82049ABA6}) (Version: 10.1 - Roxio) Skype Toolbars (HKLM-x32\...\{A29549FD-65F3-440C-A552-6B8114CF319D}) (Version: 5.2.4170 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Splash Entry Editor 2008 (HKLM-x32\...\Splash Entry Editor_is1) (Version: 2008 - Splash Software) Spotify (HKU\S-1-5-21-1919287987-587404221-3270057354-1000\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VideoCam Suite 2.0 (HKLM-x32\...\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}) (Version: 2.00.031.1033 - Panasonic Corporation) VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team) WIDCOMM Bluetooth Software 6.0.1.3100 (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3100 - Dell) Winamp (HKLM-x32\...\Winamp) (Version: 5.622 - Nullsoft, Inc) Windows Live Mail (HKLM-x32\...\{184E7118-0295-43C4-B72C-1D54AA75AAF7}) (Version: 12.0.1606.1023 - Microsoft Corporation) Windows Live Photo Gallery (HKLM-x32\...\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}) (Version: 12.0.1329.0201 - Microsoft Corporation) Windows Live Writer (HKLM-x32\...\{9176251A-4CC1-4DDB-B343-B487195EB397}) (Version: 12.0.1370.0325 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {7A86C676-1E25-4898-8C59-2ACCBF9BF8E9} - System32\Tasks\{B39901B5-90B5-49F6-8FF3-1A1BB6453202} => pcalua.exe -a C:\Users\michal!!\AppData\Local\Temp\ubi869F.tmp.exe -d "C:\Program Files (x86)\Ubisoft\Assassin's Creed" Task: {81FDB296-4C8A-4B83-A959-123B2D5E60D2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {D558EA41-E905-43C4-B276-8A0322DAFBBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F01034FF-54A2-4397-B58C-C75E26AEFE8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-18] (Google Inc.) Task: {F16B5A8F-2DDC-41A2-B1BE-6C718006556E} - System32\Tasks\{47B7EE11-92FD-485F-A69B-3EC9613CB5B5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {F87EE1DA-351C-4E91-866A-83E6870F8431} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation) Task: {FCE43CB5-8F01-4B64-BB4A-4D6CDB105291} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-18] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{DE4A6136-BC9B-4FCD-AF54-86C6FAB6399E}.job => C:\Windows\system32\msfeedssync.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2008-08-27 01:52 - 2008-05-19 08:26 - 00031744 _____ () C:\Windows\System32\WLTRYSVC.EXE 2008-08-27 01:52 - 2008-05-19 08:26 - 00056832 _____ () C:\Windows\System32\bcmwlrmt.dll 2016-05-13 22:37 - 2016-02-16 11:04 - 00192304 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe 2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2006-11-04 01:56 - 2006-11-04 01:56 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2006-11-04 01:38 - 2006-11-04 01:38 - 00475136 _____ () C:\Windows\system32\btwhidcs.DLL 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-05-04 16:36 - 2010-05-04 16:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 14:34 - 2016-05-31 10:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1919287987-587404221-3270057354-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\michal!!\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg DNS Servers: 10.41.20.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{86D9B3EA-0D89-4B25-AD50-82375E026A8F}] => (Allow) C:\Program Files (x86)\Dell\MediaDirect\MediaDirect.exe FirewallRules: [{D8AC3F63-0D77-4403-BE45-B29F6D4AA1F8}] => (Allow) C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe FirewallRules: [{0084BC75-C135-47F6-BE94-C5E9B3C3E7CA}] => (Allow) C:\Program Files (x86)\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe FirewallRules: [{FAEB7E8C-8C43-43C2-B03C-1F32EAAE2657}] => (Allow) C:\Program Files (x86)\Dell\MediaDirect\Kernel\DMS\CLMSService.exe FirewallRules: [{61F9AF8E-B523-45B6-B96D-D704CE5715EC}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{BCA9E992-F597-403C-87CC-3CD0CDFE9689}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{303F7EB3-1C89-498A-97F0-C333D5D4D58B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{1CA374A2-B1BF-46B9-8418-A40EA5CFF05D}] => (Allow) LPort=80 FirewallRules: [{5F393C70-2CEB-464E-BC8E-2D7166549916}] => (Allow) LPort=80 FirewallRules: [{77D071D6-1900-41E8-9C1A-4E77AAC8D377}] => (Allow) LPort=80 FirewallRules: [TCP Query User{375F85F5-FBA0-481C-A3AB-D5E8A2733DD6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{F9CE383B-371A-4218-A4DA-B7803E2630D6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [TCP Query User{1CB003B0-F65A-4A77-9AF4-879C686A65C3}C:\program files (x86)\wiedźmin 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\wiedźmin 2\bin\witcher2.exe FirewallRules: [UDP Query User{2F8AC567-8914-4D19-A763-4D1837D74418}C:\program files (x86)\wiedźmin 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\wiedźmin 2\bin\witcher2.exe FirewallRules: [TCP Query User{EBF82DE3-7DDE-4A33-87B6-9C38D41D4EBE}C:\users\michal!!\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe] => (Block) C:\users\michal!!\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe FirewallRules: [UDP Query User{772AEE2B-5A44-42BB-8AE3-5296BA1DE33A}C:\users\michal!!\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe] => (Block) C:\users\michal!!\appdata\local\temp\cprogram files (x86)opera\operaupgrader.exe FirewallRules: [{E3544A33-B594-4286-B263-C99115B25478}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{4CE5A4B9-B9B5-4384-9DA9-375F66320413}] => (Allow) C:\Program Files (x86)\Opera\opera.exe FirewallRules: [{1AD91B47-3C82-4B76-80B0-5AE274E82BCF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CD99547F-63F0-488C-A2AD-2A221A9A0907}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{FAB3DAC6-1018-464E-94CC-F1E66CFFAC05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\fallout new vegas enplczru\FalloutNVLauncher.exe FirewallRules: [{60084F0F-F51E-466C-BF87-8CAF05E1C57A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\fallout new vegas enplczru\FalloutNVLauncher.exe FirewallRules: [{CD79C815-4D35-41A2-9175-6A742AACB8FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\fallout new vegas enplczru\FalloutNVLauncher.exe FirewallRules: [{B98D6DB4-9F1D-4D8B-89DC-3F4E34399A20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\fallout new vegas enplczru\FalloutNVLauncher.exe FirewallRules: [{C72F6FA8-4C7F-4B58-84F9-F8703C66AD2E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A2B60FDC-FE4D-4046-B0A7-5BE7297C3F73}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{71ECE093-C4C5-4E38-9D69-F7B022C188F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{53760AEA-B4CC-44E7-BF76-0DCAC6AFEA51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9FFEE6F3-4AE1-4610-8FA5-3B802D1CA9D0}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{89AEC49F-7080-4725-B291-711EA9C5F4C9}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe FirewallRules: [{B32CCB81-570B-485D-9D00-E0551237BC47}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe FirewallRules: [TCP Query User{431A3EE9-0E6F-4244-B4A1-2AE079698668}C:\users\michal!!\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michal!!\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{65B79123-B79F-445F-A07B-DF346F7B04A7}C:\users\michal!!\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michal!!\appdata\roaming\spotify\spotify.exe FirewallRules: [{994AC8F1-8BD0-4900-A1CC-029B8DA3A9C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 31-05-2016 09:55:42 ComboFix created restore point 31-05-2016 11:35:08 First Restore Point 31-05-2016 11:39:35 Device Driver Package Install: Kaspersky Lab Network Service 31-05-2016 11:40:49 Device Driver Package Install: Kaspersky Lab 31-05-2016 11:41:46 Device Driver Package Install: Kaspersky Lab 31-05-2016 11:42:36 Device Driver Package Install: Kaspersky Lab ZAO System devices 31-05-2016 11:43:32 Device Driver Package Install: Kaspersky Lab 31-05-2016 11:44:18 Device Driver Package Install: Kaspersky Lab 31-05-2016 11:45:10 Device Driver Package Install: Kaspersky Lab 31-05-2016 11:45:59 Device Driver Package Install: Kaspersky Lab 31-05-2016 12:10:51 First Restore Point ==================== Faulty Device Manager Devices ============= Name: isatap.Sebastian Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/31/2016 12:15:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Not enough storage is available to process this command. Error: (05/31/2016 12:11:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Not enough storage is available to process this command. Error: (05/31/2016 12:02:12 PM) (Source: ESENT) (EventID: 104) (User: ) Description: wuaueng.dll (228) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1090). Error: (05/31/2016 12:02:12 PM) (Source: ESENT) (EventID: 492) (User: ) Description: wuaueng.dll (228) SUS20ClientDataStore: The logfile sequence in "C:\Windows\SoftwareDistribution\DataStore\Logs\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup. Error: (05/31/2016 12:02:12 PM) (Source: ESENT) (EventID: 471) (User: ) Description: wuaueng.dll (228) SUS20ClientDataStore: Unable to rollback operation #45636 on database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error: -614. All future database updates will be rejected. Error: (05/31/2016 11:45:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Not enough storage is available to process this command. Error: (05/31/2016 11:45:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Not enough storage is available to process this command. Error: (05/31/2016 11:45:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Not enough storage is available to process this command. Error: (05/31/2016 11:45:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Not enough storage is available to process this command. Error: (05/31/2016 11:44:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Not enough storage is available to process this command. System errors: ============= Error: (05/31/2016 12:12:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: ScRegSetValueExWFailureActions%%5 Error: (05/31/2016 11:32:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86 Error: (05/31/2016 11:31:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: BCM42RLY%%2 Error: (05/31/2016 11:31:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: BCM42RLY%%2 Error: (05/31/2016 11:30:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: BCM42RLY%%2 Error: (05/31/2016 11:30:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: BCM42RLY%%2 Error: (05/31/2016 11:30:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Beep Error: (05/31/2016 11:30:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: SessionLauncher%%3 Error: (05/31/2016 11:29:39 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:23:25 on 2016-05-31 was unexpected. Error: (05/31/2016 11:23:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: BCM42RLY%%2 CodeIntegrity: =================================== Date: 2016-05-31 12:14:06.093 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLIMX64\klim6.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-31 12:14:05.687 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLIMX64\klim6.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-31 12:14:05.193 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLIMX64\klim6.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-31 12:14:04.769 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLIMX64\klim6.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-31 12:14:03.697 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KNEPSX64\kneps.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-31 12:14:03.337 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KNEPSX64\kneps.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-31 12:14:02.971 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KNEPSX64\kneps.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-31 12:14:02.503 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KNEPSX64\kneps.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-31 12:14:02.077 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLPDX64\klpd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-05-31 12:14:01.697 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLPDX64\klpd.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz Percentage of memory in use: 50% Total physical RAM: 4093.14 MB Available physical RAM: 2011.57 MB Total Virtual: 8375.55 MB Available Virtual: 6177.86 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:285.5 GB) (Free:60.84 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.95 GB) NTFS Drive f: (MHDD46) (Removable) (Total:57.82 GB) (Free:57.66 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 88000000) Partition 1: (Not Active) - (Size=94 MB) - (Type=DE) Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=285.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 57.8 GB) (Disk ID: CAD4EBEA) Partition 4: (Active) - (Size=57.8 GB) - (Type=0C) ==================== End of Addition.txt ============================