Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01 Ran by Marcinia (23-08-2016 12:37:31) Running from C:\Users\Marcinia\Downloads Windows 8.1 Pro (X64) (2015-07-03 20:11:16) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1922820034-4019851082-616782839-500 - Administrator - Disabled) Guest (S-1-5-21-1922820034-4019851082-616782839-501 - Limited - Disabled) => C:\Users\Guest Marcinia (S-1-5-21-1922820034-4019851082-616782839-1001 - Administrator - Enabled) => C:\Users\Marcinia ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: ESET Smart Security 9.0.402.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET Smart Security 9.0.402.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\uTorrent) (Version: 3.4.8.42394 - BitTorrent Inc.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.7.0 - ASUSTek COMPUTER INC.) ASUS GPU Tweak (x32 Version: 2.6.7.0 - ASUSTek COMPUTER INC.) Hidden ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.2.3.804 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) DirectX Version Checker (HKLM-x32\...\{6122970E-5575-4155-8408-FD624B3F7C4F}_is1) (Version: - directxupdate.com) Elgato Game Capture HD (HKLM\...\{25C9D470-B465-4994-B656-6B002F2DB58E}) (Version: 3.20.11.1511 - Elgato Systems GmbH) ESET Smart Security (HKLM\...\{11994064-51F2-45DF-A83E-539B4BFE3F5A}) (Version: 9.0.318.0 - ESET, spol. s r.o.) f.lux (HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\Flux) (Version: - ) Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems) Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems) Game Capture HD60 S v1.1.0.160 (HKLM-x32\...\Software_Elgato_Game Capture HD60 S) (Version: 1.1.0.160 - Elgato Systems) Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HotKeyBind 1.2 (HKLM-x32\...\HotKeyBind_is1) (Version: 1.2 - Marco Barisione) Infineon USB driver 1.0.0.6 (HKLM-x32\...\Infineon USB driver_is1) (Version: - Infineon) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - ) LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.4 - LG Electronics) Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.7.133.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mouse Recorder Pro 2.0.7.5 (HKLM-x32\...\{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1) (Version: - Nemex Studios) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 43.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 pl)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team) Oracle VM VirtualBox 5.0.14 (HKLM\...\{82022940-639B-48A3-86D9-B139864105F7}) (Version: 5.0.14 - Oracle Corporation) Pakiet sterowników systemu Windows - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) (HKLM\...\81AE60DDD229A248055515E311406D86F7E4012A) (Version: 04/16/2009 1.0.0.6 - Infineon Technologies) Poczta usługi Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH) Trials Evolution Gold Edition Demo (x32 Version: 1.0.0.0 - Ubisoft) Hidden Unchecky v1.0 (HKLM-x32\...\Unchecky) (Version: 1.0 - RaMMicHaeL) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WorldUnlock Codes Calculator (HKLM-x32\...\WorldUnlock Codes Calculator) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1922820034-4019851082-616782839-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Marcinia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-1922820034-4019851082-616782839-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Marcinia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {052F5B87-359B-4B0E-A512-4191B1116626} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {1174FD07-F47B-4798-8701-ADB736536C2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {1547DEB5-1932-4FE4-B523-AA2EE36FD49E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation) Task: {40525259-FC38-453A-B29D-D03D8D0EECA6} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.) Task: {4604B35F-74B6-435D-BC1D-34E51B797F54} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1922820034-4019851082-616782839-1001 => C:\Users\Marcinia\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-08-18] (Microsoft Corporation) Task: {4701A855-6F4E-409C-87DD-319DFF64F478} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {675B2AFB-B43A-456D-975C-14FDA3133145} - System32\Tasks\shrpubw => C:\Users\Marcinia\AppData\Roaming\{B57E0505-8B70-0F52-EA42-A6DAB926BC45}\shrpubw.exe Task: {709B86A0-ABAD-42D3-9E27-561C237BEC7C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.) Task: {81350E94-D741-44D0-801D-9849B95785CD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation) Task: {8952805F-D05C-460B-BD34-CBB4B44152F9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation) Task: {8B0D27D0-0C3B-47BB-8E59-456F06F693E2} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation) Task: {8D3FC923-F216-4959-9DDA-4864422C88CB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation) Task: {946E624B-82FA-45C6-929F-46D0DD2F0FDA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation) Task: {A32594E1-C91A-4818-8371-3EDAD05E918E} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI) Task: {AD2F9C94-BFA6-4ED7-AECC-F87F321A583C} - System32\Tasks\SpyHunter4Startup => C:\Users\Marcinia\Downloads\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe Task: {BFAC9BB5-3884-490F-93F8-81B8EB020010} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {DF669334-1532-48E7-9F2C-3011C98B4DBD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-12-09] (Microsoft) Task: {E21DE456-370B-44B0-ABFF-AC9F5D014E6E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Marcinia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Marcinia\AppData\Local\a71b3\95b72.lnk -> C:\Users\Marcinia\AppData\Local\a71b3\3a26e.bat () ShortcutWithArgument: C:\Users\Marcinia\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Marcinia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Marcinia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Infinite HD App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=laealigljflmglcgncipdbmbjgjdpiim ==================== Loaded Modules (Whitelisted) ============== 2015-07-07 22:06 - 2012-09-18 15:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll 2015-07-07 22:06 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll 2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-08-18 23:38 - 2016-08-18 23:38 - 01864384 _____ () C:\Users\Marcinia\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-05-24 16:31 - 2016-05-24 16:31 - 01259520 _____ () C:\Program Files\Elgato\SoundCapture\SoundCapture.exe 2016-05-24 16:31 - 2016-05-24 16:31 - 01167872 _____ () C:\Program Files\Elgato\SoundCapture\ElgatoVAD_Router.dll 2013-06-05 15:51 - 2013-06-05 15:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll 2013-06-05 15:51 - 2013-06-05 15:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll 2015-07-05 13:38 - 2016-08-09 01:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-07-05 13:38 - 2015-07-02 00:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-07-05 13:38 - 2016-08-16 22:54 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll 2015-07-05 13:38 - 2015-07-02 00:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-07-05 13:38 - 2015-07-02 00:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-07-05 13:38 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-07-05 13:38 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-07-05 13:38 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-07-05 13:38 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-07-05 13:38 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-07-05 13:38 - 2016-08-16 22:54 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-12 03:19 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2015-07-05 13:38 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2015-09-21 21:05 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-08-08 21:49 - 2016-08-03 02:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-08 21:49 - 2016-08-03 02:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\localhost -> localhost ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2016-08-23 12:01 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com There are 4 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1922820034-4019851082-616782839-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcinia\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta z Przeglądarki fotografii systemu Windows.jpg DNS Servers: 62.179.1.62 - 62.179.1.63 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run32: => "Raptr" HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\StartupApproved\Run: => "kshortcuts" HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\StartupApproved\Run: => "PersonalHotKey" HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\StartupApproved\Run: => "Napisy24.pl" HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\StartupApproved\Run: => "Nexus Radio" HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\StartupApproved\Run: => "HotKeyBind.exe" HKU\S-1-5-21-1922820034-4019851082-616782839-1001\...\StartupApproved\Run: => "uTorrent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{C82DCA63-1239-4FB8-A302-761C23C4C8DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1832F743-3BA7-46BE-9AE7-6F73094D1099}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A7996AC9-4294-4D87-9276-DC5FDA5366E1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{74AF452B-6432-4B36-AF2F-BB296E527B48}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{B491968C-DA5E-418F-9334-CC50463B2FFF}C:\users\marcinia\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\marcinia\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{F2089E16-F3B1-4234-833A-D1A8891AA882}C:\users\marcinia\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\marcinia\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{FA83BAE4-07EB-49F7-918A-504E0C5C9385}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{0FA85A9F-36F9-43E5-97D0-1089AE9ED07F}] => (Allow) LPort=2869 FirewallRules: [{1D81DC01-4B8F-4C57-935A-52DF60664E2B}] => (Allow) LPort=1900 FirewallRules: [{8D8F3C88-FF9B-4AFD-B572-1B9AD219D677}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{74716D3A-B034-4D86-A913-4F81C585DAA5}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{C9854AAD-4D38-480E-92A5-B8A5412AE638}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{98EE2E4E-C463-4CA3-9401-7F4D924DDD6A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A3B887ED-0C82-4D80-B48B-BA31989CB702}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4F836815-6FC1-467C-A956-E57C6A2A81EB}] => (Allow) LPort=8317 FirewallRules: [{A0B6CD1A-F6A3-411A-9BAE-015306C6D60D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{BACC3498-F56F-4EF0-8EAF-E1E084F6D9AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{49FD41DF-66BD-4420-A704-4ED6820875DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E79D1EFF-075D-4BBF-B958-2AF447EA1E41}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C0C7065A-E7AF-4399-939C-66151269F936}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{25827069-DED2-455E-A875-0F4472D3912A}] => (Allow) LPort=8298 FirewallRules: [{36091C4A-A663-4111-9EB6-A70D0F38149B}] => (Allow) C:\WINDOWS\explorer.exe FirewallRules: [{570583E1-BE8F-4523-B319-4EF6D528F825}] => (Allow) C:\WINDOWS\system32\rundll32.exe ==================== Restore Points ========================= 22-08-2016 12:23:01 Removed Camtasia Studio 8 Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/23/2016 12:07:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (08/23/2016 12:07:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (08/23/2016 12:07:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (08/23/2016 12:03:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (08/23/2016 12:03:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (08/23/2016 12:03:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (08/23/2016 12:02:50 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe Error: (08/23/2016 12:02:50 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe Error: (08/22/2016 05:29:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: AutoPico.exe, wersja: 12.3.0.0, sygnatura czasowa: 0x53b06ef5 Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.3.9600.16656, sygnatura czasowa: 0x5318237f Kod wyjątku: 0xe0434352 Przesunięcie błędu: 0x00000000000043c8 Identyfikator procesu powodującego błąd: 0x1040 Godzina uruchomienia aplikacji powodującej błąd: 0xAutoPico.exe0 Ścieżka aplikacji powodującej błąd: AutoPico.exe1 Ścieżka modułu powodującego błąd: AutoPico.exe2 Identyfikator raportu: AutoPico.exe3 Pełna nazwa pakietu powodującego błąd: AutoPico.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: AutoPico.exe5 Error: (08/22/2016 05:29:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AutoPico.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException Stack: at System.Net.Sockets.NetworkStream.BeginRead(Byte[], Int32, Int32, System.AsyncCallback, System.Object) at AutoPico.KMSEmulator.TCPServer.AcceptTcpClientCallbackTask(Client ByRef) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() System errors: ============= Error: (08/23/2016 12:26:40 PM) (Source: DCOM) (EventID: 10010) (User: Marcin) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (08/23/2016 12:26:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80073d0a: Microsoft.Reader. Error: (08/23/2016 12:26:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80073d0a: Microsoft.WindowsReadingList. Error: (08/23/2016 12:26:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x8024200d: Windows 8.1 Update for x64-based Systems (KB2919355). Error: (08/23/2016 12:26:10 PM) (Source: DCOM) (EventID: 10010) (User: Marcin) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (08/23/2016 12:25:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80246007: Update for Windows 8.1 for x64-based Systems (KB2990967). Error: (08/23/2016 12:25:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80246007: Update for Windows 8.1 for x64-based Systems (KB3063843). Error: (08/23/2016 12:13:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80073d0a: Microsoft.Reader. Error: (08/23/2016 12:13:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80073d0a: Microsoft.WindowsReadingList. Error: (08/23/2016 12:01:22 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: Wygenerowano alert krytyczny, który został wysłany do zdalnego punktu końcowego. W efekcie połączenie może zostać zakończone. Kod błędu krytycznego zdefiniowany przez protokół TLS to 40. Kod stanu błędu SChannel w systemie Windows to 252. CodeIntegrity: =================================== Date: 2016-05-14 10:28:15.770 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-14 10:28:15.708 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-14 10:28:15.661 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-14 10:27:32.764 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-14 10:27:32.717 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-14 10:27:32.670 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-14 10:27:32.592 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-14 10:27:32.545 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-14 10:27:32.498 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-14 10:27:32.435 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz Percentage of memory in use: 36% Total physical RAM: 8111.45 MB Available physical RAM: 5121.05 MB Total Virtual: 10671.45 MB Available Virtual: 7807.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.24 GB) (Free:44.44 GB) NTFS Drive e: () (Fixed) (Total:931.17 GB) (Free:879.43 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: 3F037A3B) Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CF50A327) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================