Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01 Ran by Artur Machnicki (2016-06-17 02:24:01) Running from D:\Firefox Download Windows 7 Professional Service Pack 1 (X64) (2016-02-15 14:10:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3532491921-2668913716-1004277442-500 - Administrator - Disabled) Artur Machnicki (S-1-5-21-3532491921-2668913716-1004277442-1000 - Administrator - Enabled) => C:\Users\Artur Machnicki Guest (S-1-5-21-3532491921-2668913716-1004277442-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3532491921-2668913716-1004277442-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.355 - ACD Systems International Inc.) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Reader XI (11.0.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.26 - ASUSTeK Computer Inc.) AO Help (HKLM-x32\...\InstallShield_{D25B5189-FD08-4985-BF86-A52457A7A0A5}) (Version: 1.2.23.231 - ASUS) AO Help (x32 Version: 1.2.23.231 - ASUS) Hidden Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.24.0 - Asmedia Technology) ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.22 - ASUSTeK Computer Inc.) ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG) Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG) Avira Launcher (HKLM-x32\...\{761cd2c4-5249-4346-8318-a499d06d2681}) (Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.63.21885 - Avira Operations GmbH & Co. KG) Hidden Batman Arkham Knight version 1.0 (HKLM-x32\...\{C4EC5C21-E459-4164-9776-BA456540C08D}_is1) (Version: 1.0 - Warner Bros) Batman: Arkham Origins - The Complete Edition (HKLM-x32\...\Batman: Arkham Origins - The Complete Edition_is1) (Version: - ) CDDRV_Installer (Version: 4.60 - Logitech) Hidden Disk Unlocker (HKLM-x32\...\{AE4DB5AB-CD91-4D63-8AD5-33EBADCCC4F2}) (Version: 2.1.3 - ASUSTek Computer Inc.) erLT (x32 Version: 1.12.0117 - Logitech, Inc.) Hidden foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski) Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation) Intel(R) Network Connections 20.2.3001.0 (HKLM\...\PROSetDX) (Version: 20.2.3001.0 - Intel) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation) KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics) LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics) LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics) LG USB WML Modem Driver (HKLM-x32\...\{FBA0CA60-8BF2-4381-B819-74F020E165A9}) (Version: 1.0 - LG Electronics) Logitech Desktop Messenger (HKLM-x32\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.56.102 - Logitech, Inc.) Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech) Lords of the Fallen (HKLM-x32\...\Lords of the Fallen_is1) (Version: - ) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 47.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 pl)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.91 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation) NVIDIA Graphics Driver 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Overlord: Fellowship of Evil (HKLM-x32\...\Overlord: Fellowship of Evil_is1) (Version: - ) Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) StarCraft II Legacy of the Void (HKLM\...\U3RhckNyYWZ0SUk=_is1) (Version: 1 - ) Sword Coast Legends (HKLM-x32\...\Sword Coast Legends_is1) (Version: - ) Turbo LAN v9.65 (HKLM\...\Turbo LAN) (Version: 9.65 - cFos Software GmbH, Bonn) WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08784D46-FB2C-49BD-818D-67D70F6DCE79} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.) Task: {09CFDAD4-B0F3-411C-95F4-3E2A8837DFD2} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2015-08-06] (ASUSTeK Computer Inc.) Task: {1E9ED6B7-59CD-441F-B329-87903D33494E} - System32\Tasks\ASUS\TUFDetectiveServer => C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\TUFDetectiveServer.exe [2015-09-03] (ASUSTek Computer Inc.) Task: {310F6A1C-9B42-4C74-A0EE-A99AC224EB53} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG) Task: {3E18B5AA-5556-4750-99C5-013EC94D27F5} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-05-28] (ASUSTeK Computer Inc.) Task: {43773C77-15E8-4B4D-9813-1E90A217AFF3} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\GpuFanHelper.exe [2015-09-03] (TODO: ) Task: {5067EF2A-0CDF-4A91-BF3A-2D21B7ED460A} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] () Task: {99C5EFF0-DF3B-4CDB-B641-B53C062CBAD5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-01-06] (Symantec Corporation) Task: {A341F968-637A-4F47-8995-96CFA9EB9DFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated) Task: {F9D3D547-B322-44C3-8BC0-B6CF03224DBA} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2015-08-31] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-02-15 16:34 - 2016-02-09 07:41 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-02-15 17:58 - 2015-08-31 15:25 - 01460176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe 2015-05-08 08:26 - 2015-05-08 08:26 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2016-02-15 17:17 - 2008-05-02 05:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe 2016-02-15 16:20 - 2014-04-24 08:29 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe 2016-03-02 13:16 - 2016-05-02 07:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-03-29 14:47 - 2016-05-02 07:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-03-02 13:16 - 2016-05-02 07:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-02-17 12:09 - 2016-05-02 07:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-02-15 17:58 - 2015-05-14 10:18 - 01075712 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe 2016-02-15 17:58 - 2014-08-28 11:37 - 00033424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe 2016-02-15 17:58 - 2015-09-03 12:29 - 00040032 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\ASUSRelayWS.exe 2016-03-29 14:47 - 2016-05-02 07:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-03-29 14:47 - 2016-05-02 07:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-03-29 14:47 - 2016-05-02 07:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-02-17 12:09 - 2016-05-02 07:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-03-29 14:47 - 2016-05-02 07:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-03-29 14:47 - 2016-05-02 07:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-02-15 17:57 - 2015-06-03 17:17 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll 2016-02-15 17:57 - 2015-06-03 17:17 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll 2016-02-15 17:58 - 2015-02-09 18:53 - 00872960 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AI Charger+\AIChargerPlus.dll 2016-02-15 17:58 - 2015-05-21 23:57 - 01141248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll 2016-02-15 17:58 - 2015-08-28 14:48 - 01345024 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\MoboConnect.dll 2016-02-15 17:58 - 2015-09-03 15:00 - 02695168 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\ThermalRadar2.dll 2016-02-15 17:57 - 2015-07-23 22:38 - 00838456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll 2016-02-15 17:58 - 2015-09-03 05:26 - 00053248 ____R () C:\Program Files (x86)\ASUS\VGA COM\1.00.17\Exeio.dll 2016-02-15 17:58 - 2015-09-03 05:26 - 00278528 ____R () C:\Program Files (x86)\ASUS\VGA COM\1.00.17\Vender.dll 2016-02-15 17:57 - 2015-05-08 08:26 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll 2016-02-15 17:59 - 2012-01-19 10:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll 2016-02-15 17:57 - 2015-06-03 17:17 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll 2016-02-15 17:57 - 2015-06-03 17:17 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll 2016-02-15 17:59 - 2010-02-25 15:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\Aszip.dll 2016-02-15 17:59 - 2015-05-07 17:27 - 00237568 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\EzULIB.dll 2016-02-15 17:58 - 2015-08-31 15:21 - 00237568 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll 2016-02-15 17:58 - 2015-08-14 12:23 - 00621056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll 2016-02-15 17:58 - 2014-02-24 18:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll 2016-02-15 17:58 - 2015-05-08 15:26 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\aaHMLib.dll 2016-02-15 16:34 - 2016-05-02 08:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-02-15 16:20 - 2016-06-17 01:27 - 00042792 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2016-02-15 16:20 - 2015-05-08 08:26 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2016-02-15 17:19 - 2016-02-15 17:19 - 00064664 _____ () C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.87-8876480SL\Program\clntutil.dll 2016-02-15 17:58 - 2013-11-20 11:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll 2016-02-15 17:58 - 2013-07-02 11:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll 2015-08-14 03:17 - 2015-08-14 03:17 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3532491921-2668913716-1004277442-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 62.179.1.62 - 62.179.1.63 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{3E8829D9-D1C0-4384-991B-DA9D61AC1B0D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{4135D0B0-7456-4D85-8BD4-B5C9868C9D8A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{ABB48E5C-D3CC-4948-BFC1-2EEDCAFEB162}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{839B67C5-7B57-4FA1-9890-34844E5F3B92}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A9684E10-C9CB-483C-AECE-C378CC9FC4B5}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe FirewallRules: [{32EF4D85-28A5-487D-89A7-9DFAB118A1F2}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe FirewallRules: [{ED271BBD-4728-4F17-ABB7-EEADFC33C50F}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe FirewallRules: [{4C6EBB7A-F59B-453D-AAC6-C9EEDA046707}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe FirewallRules: [{C1E2B923-EBFF-403E-B859-ACFADB458399}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe FirewallRules: [{85D0B42C-8BE5-4BAA-938D-41CFBC2AB6AB}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe FirewallRules: [{BAE55EFF-0ACD-42DF-98B5-4711D0B0BD43}] => (Allow) C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C99F3CE7-D5CD-4D54-A941-485063157586}] => (Allow) C:\Users\Artur Machnicki\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3AC6FEB9-AA78-443D-9C30-8D9A9D801937}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{85CF4989-D5C9-4157-BD2D-C25E159C08EA}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{E1978A1C-7DF3-4D07-B300-CEC42A226590}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{A586F68E-73EC-4928-857D-802553D9F48E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{17FD7AE4-58E1-4DC8-8F85-C673A15FC3E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{C4B765F0-AA9C-43BF-874E-8CB0E04DD40F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{515B511B-FEDB-4A2C-8162-6B4E7E7BD13E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5BED7068-9C5B-4885-AE89-E39329F5A8C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{D2C19BD7-47F5-4299-BEB3-F90CC5CC1578}D:\call of duty black ops iii\blackops3.exe] => (Block) D:\call of duty black ops iii\blackops3.exe FirewallRules: [UDP Query User{327BFA05-36BF-49F4-8D07-53E2CD5A3EF2}D:\call of duty black ops iii\blackops3.exe] => (Block) D:\call of duty black ops iii\blackops3.exe FirewallRules: [TCP Query User{AC49C0B6-EA47-4B90-BE9F-083920865163}D:\bombshell\binaries\win64\bombshell.exe] => (Block) D:\bombshell\binaries\win64\bombshell.exe FirewallRules: [UDP Query User{F2B858BE-2A79-4351-A39F-C2CBA71002AC}D:\bombshell\binaries\win64\bombshell.exe] => (Block) D:\bombshell\binaries\win64\bombshell.exe FirewallRules: [TCP Query User{5AAC69A9-0653-49D9-9EDA-B2C8CB4227D6}C:\users\artur machnicki\appdata\local\temp\bfc7.tmp\kmservice.exe] => (Block) C:\users\artur machnicki\appdata\local\temp\bfc7.tmp\kmservice.exe FirewallRules: [UDP Query User{2BBF3053-7825-4686-BABA-B8A1AFD66724}C:\users\artur machnicki\appdata\local\temp\bfc7.tmp\kmservice.exe] => (Block) C:\users\artur machnicki\appdata\local\temp\bfc7.tmp\kmservice.exe FirewallRules: [TCP Query User{5B7906D1-5E2F-417B-AFF6-E974151384F1}D:\overlord - fellowship of evil\overlord.exe] => (Block) D:\overlord - fellowship of evil\overlord.exe FirewallRules: [UDP Query User{8CB437C7-E718-46D3-8F7E-1FE1F4EFA5F4}D:\overlord - fellowship of evil\overlord.exe] => (Block) D:\overlord - fellowship of evil\overlord.exe FirewallRules: [TCP Query User{295427CE-805A-4844-AAC8-F7E256E9E5F1}D:\sword coast legends\swordcoast.exe] => (Block) D:\sword coast legends\swordcoast.exe FirewallRules: [UDP Query User{BD50C72F-FFF0-45FB-9954-CB937B21DC87}D:\sword coast legends\swordcoast.exe] => (Block) D:\sword coast legends\swordcoast.exe FirewallRules: [{B98343A3-A2B0-41F5-A77D-D952CB9DF2C1}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\TUFDetectiveServer.exe FirewallRules: [{9B00399F-7537-49EF-9810-D479D368EC24}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe FirewallRules: [{A4201ED8-A4EA-4718-9C86-99310AD1CD0A}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe FirewallRules: [{84F4E27B-BCFB-4DC0-9A8D-FCD0BBA00EE5}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Thermal Radar 2\TUFDetectiveServer.exe ==================== Restore Points ========================= 02-06-2016 15:17:17 Scheduled Checkpoint 10-06-2016 21:23:17 Scheduled Checkpoint 15-06-2016 02:41:09 Windows Update 16-06-2016 03:00:12 Windows Update ==================== Faulty Device Manager Devices ============= Name: PS/2 Keyboard Description: PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: Logitech Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PS/2 Mouse Description: PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Logitech Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (06/17/2016 01:28:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/17/2016 01:28:00 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Error: (06/16/2016 03:58:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TUFDetectiveServer.exe, version: 1.0.0.1, time stamp: 0x55e7afe0 Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a73e Exception code: 0xc0000374 Fault offset: 0x000ce843 Faulting process id: 0x95c Faulting application start time: 0xTUFDetectiveServer.exe0 Faulting application path: TUFDetectiveServer.exe1 Faulting module path: TUFDetectiveServer.exe2 Report Id: TUFDetectiveServer.exe3 Error: (06/16/2016 03:36:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2016 01:53:16 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/16/2016 01:53:12 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Error: (06/16/2016 01:44:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TUFDetectiveServer.exe, version: 1.0.0.1, time stamp: 0x55e7afe0 Faulting module name: TUFDetectiveServer.exe, version: 1.0.0.1, time stamp: 0x55e7afe0 Exception code: 0xc0000409 Fault offset: 0x0002a92b Faulting process id: 0x13d4 Faulting application start time: 0xTUFDetectiveServer.exe0 Faulting application path: TUFDetectiveServer.exe1 Faulting module path: TUFDetectiveServer.exe2 Report Id: TUFDetectiveServer.exe3 Error: (06/16/2016 01:34:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TUFDetectiveServer.exe, version: 1.0.0.1, time stamp: 0x55e7afe0 Faulting module name: TUFDetectiveServer.exe, version: 1.0.0.1, time stamp: 0x55e7afe0 Exception code: 0xc0000409 Fault offset: 0x0002a92b Faulting process id: 0xf98 Faulting application start time: 0xTUFDetectiveServer.exe0 Faulting application path: TUFDetectiveServer.exe1 Faulting module path: TUFDetectiveServer.exe2 Report Id: TUFDetectiveServer.exe3 Error: (06/16/2016 01:28:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TUFDetectiveServer.exe, version: 1.0.0.1, time stamp: 0x55e7afe0 Faulting module name: TUFDetectiveServer.exe, version: 1.0.0.1, time stamp: 0x55e7afe0 Exception code: 0xc0000409 Fault offset: 0x0002a92b Faulting process id: 0x1880 Faulting application start time: 0xTUFDetectiveServer.exe0 Faulting application path: TUFDetectiveServer.exe1 Faulting module path: TUFDetectiveServer.exe2 Report Id: TUFDetectiveServer.exe3 Error: (06/16/2016 01:25:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TUFDetectiveServer.exe, version: 1.0.0.1, time stamp: 0x55e7afe0 Faulting module name: TUFDetectiveServer.exe, version: 1.0.0.1, time stamp: 0x55e7afe0 Exception code: 0xc0000409 Fault offset: 0x0002a92b Faulting process id: 0xd5c Faulting application start time: 0xTUFDetectiveServer.exe0 Faulting application path: TUFDetectiveServer.exe1 Faulting module path: TUFDetectiveServer.exe2 Report Id: TUFDetectiveServer.exe3 System errors: ============= Error: (06/17/2016 01:27:45 AM) (Source: Application Popup) (EventID: 56) (User: ) Description: Driver ACPI returned invalid ID for a child device (5). Error: (06/16/2016 03:35:52 AM) (Source: Application Popup) (EventID: 56) (User: ) Description: Driver ACPI returned invalid ID for a child device (5). Error: (06/16/2016 01:53:00 AM) (Source: Application Popup) (EventID: 56) (User: ) Description: Driver ACPI returned invalid ID for a child device (5). Error: (06/15/2016 03:16:45 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: Driver ACPI returned invalid ID for a child device (5). Error: (06/15/2016 02:42:10 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 = The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (06/14/2016 06:49:05 AM) (Source: Application Popup) (EventID: 56) (User: ) Description: Driver ACPI returned invalid ID for a child device (5). Error: (06/13/2016 02:10:23 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: Driver ACPI returned invalid ID for a child device (5). Error: (06/12/2016 02:07:11 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: Driver ACPI returned invalid ID for a child device (5). Error: (06/11/2016 05:41:51 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: Driver ACPI returned invalid ID for a child device (5). Error: (06/10/2016 08:22:51 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: Driver ACPI returned invalid ID for a child device (5). ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz Percentage of memory in use: 14% Total physical RAM: 16310.33 MB Available physical RAM: 13877.88 MB Total Virtual: 32618.85 MB Available Virtual: 29496 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:223.47 GB) (Free:152.14 GB) NTFS Drive d: () (Fixed) (Total:931.51 GB) (Free:508.86 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 7591DBFD) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7591DBF0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================