Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-10-2016 Ran by Foks (13-10-2016 13:30:32) Running from C:\Users\Foks\Desktop Microsoft® Windows Vista™ Home Premium (X86) (2013-04-21 21:39:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2575280359-310499613-3284670713-500 - Administrator - Disabled) Foks (S-1-5-21-2575280359-310499613-3284670713-1000 - Administrator - Enabled) => C:\Users\Foks Guest (S-1-5-21-2575280359-310499613-3284670713-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 8.1.2 - Hewlett-Packard) Hidden 7-Zip 16.02 (HKLM\...\{23170F69-40C1-2701-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov) 7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-2575280359-310499613-3284670713-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Ashampoo Burning Studio 2013 v.11.0.6 (HKLM\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG) Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software) AVI ReComp 1.5.5 (HKLM\...\AVI ReComp) (Version: 1.5.5 - Mateusz Gola (aka Prozac)) AviSynth 2.5 (HKLM\...\Avisynth) (Version: - ) Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.02 - Broadcom Corporation) CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden Chromium (HKU\S-1-5-21-2575280359-310499613-3284670713-1000\...\Chromium) (Version: 45.0.2444.0 - Chromium) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.75.00.51 - Conexant) Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Nazwa firmy) Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.) Digital Image Recovery 1.47 (HKLM\...\Digital Image Recovery_is1) (Version: - Alexander Grau) DJ_SF_05_D2600_Software_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden FBReader for Windows (HKLM\...\FBReader for Windows) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden HP Deskjet D2600 Printer Driver 14.0 Rel. 5 (HKLM\...\{7B8E0D63-C8FB-4F04-8B3A-029C4707693A}) (Version: 14.0 - HP) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 7.15.10.2039 - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) Microsoft .NET Framework 3.5 SP1 (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}) (Version: - ) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Obsługa programów Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) OpenOffice.org 3.4.1 (HKLM\...\{18192D3F-5537-4560-AD89-D695F72AF91D}) (Version: 3.41.9593 - Apache Software Foundation) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - ) QuickTime Packages (HKU\S-1-5-21-2575280359-310499613-3284670713-1000\...\QuickTime Packages) (Version: - ) <==== ATTENTION RICOH Media Driver ver.2.07.01.00 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.00 - RICOH) SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel) SIW 2011 Home Edition (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions) Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 7.28 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) Tlen.pl (HKLM\...\Tlen.pl) (Version: 6.0.3.77 - o2.pl Sp. z o. o.) Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) VobSub 2.23 (HKLM\...\VobSub) (Version: 2.23 - Gabest) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.) Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Foks\AppData\Local\Chromium\Application\45.0.2444.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-2575280359-310499613-3284670713-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Foks\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {197FAB5C-B903-423F-BFD6-FB2FC11911C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {2DAA587D-F6E9-4FAB-89B7-7AAF895650EA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2575280359-310499613-3284670713-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {32E6916B-73A8-4B82-91A0-0D660F3FBC91} - System32\Tasks\avastBCLRestartS-1-5-21-2575280359-310499613-3284670713-1000 => Chrome.exe Task: {32FD3CEF-92FA-4312-A3E1-B7FF0A505B11} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe Task: {336E1668-D293-42E1-8B3C-246841ECD235} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2575280359-310499613-3284670713-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: {34569D42-8BD4-4297-ACE2-F645F9FD2EEC} - \Rocket Updater -> No File <==== ATTENTION Task: {523A34C4-28DB-4471-8AAB-FA5B086B885E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {6115AE18-4752-4625-BF06-95B4401082BB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2575280359-310499613-3284670713-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: {785E79C6-F702-44DB-A7A6-07026151944F} - System32\Tasks\SafeZone scheduled Autoupdate 1455456132 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {7A92F865-FFC5-47EE-BF9F-5974CE29EA41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated) Task: {7ED242AD-F1D2-4DEF-A6C5-A7805BD200E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {99AB9F60-BB21-45F6-878D-CBB4234F6563} - System32\Tasks\{5BC8D3A2-2DEC-466A-8079-9F3EF2506974} => pcalua.exe -a C:\Users\Foks\AppData\Local\Temp\Temp1_dir(dobreprogramy.pl).zip\setup.exe <==== ATTENTION Task: {B082C4D3-9428-47FA-A612-7DEC6D11952A} - System32\Tasks\{E5023686-E0D4-4991-80D2-89CB8B4DF8E9} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.18.0.112&LastError=-3 Task: {B864CF60-8139-4945-9315-E339AEA5CD5E} - System32\Tasks\{B9FD7CC4-CA33-4EEB-9B63-D35C30610A4F} => pcalua.exe -a C:\dell\drivers\D7HGJ\setup.exe -d C:\dell\drivers\D7HGJ Task: {C2D109D5-091E-4C67-B03B-AB882D9F3037} - \RegClean Pro -> No File <==== ATTENTION Task: {CACE363A-31F9-48FC-9C81-9D88E5051A50} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2575280359-310499613-3284670713-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe Task: {D084493E-7896-4C76-9472-00DE1B387E85} - System32\Tasks\{33F6210F-5193-4C0D-853B-A2B30E3158CB} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.18.0.112&LastError=-3 Task: {DF8212A8-9477-4FF8-98A8-13F31E9117AE} - System32\Tasks\{6C6C80E4-2AE2-4A4B-AF7A-5CA0C4D7CBB1} => pcalua.exe -a "C:\Program Files\QuickTime Alternative\QTSystem\QuickTime.cpl" -c QuickTime Task: {EDED832E-71F0-4AC7-BEE3-C9FB97862B48} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2575280359-310499613-3284670713-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {F31AE4CD-2A79-45EF-BAD6-A753BB83E719} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {F70A37E2-3D50-41F2-901F-C4E28F71CEF9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-06] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-05-06 21:05 - 2016-05-06 21:05 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-06 21:05 - 2016-05-06 21:05 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-10-12 15:22 - 2016-10-12 15:22 - 03118936 _____ () C:\Program Files\AVAST Software\Avast\defs\16101200\algo.dll 2016-05-06 21:05 - 2016-05-06 21:05 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-10-13 10:52 - 2016-10-13 10:52 - 03118936 _____ () C:\Program Files\AVAST Software\Avast\defs\16101300\algo.dll 2016-05-06 21:05 - 2016-05-06 21:05 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2013-02-13 00:24 - 2007-10-09 20:17 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE 2013-02-13 00:24 - 2007-10-09 20:17 - 00753664 _____ () C:\Windows\System32\bcm1xsup.dll 2013-02-13 00:24 - 2007-10-09 20:17 - 00139264 _____ () C:\Windows\System32\preflib.dll 2010-05-07 18:35 - 2010-05-07 18:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll 2010-05-07 18:35 - 2010-05-07 18:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll 2010-05-07 18:36 - 2010-05-07 18:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll 2010-05-07 18:37 - 2010-05-07 18:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2010-05-07 18:37 - 2010-05-07 18:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2016-01-02 11:10 - 2016-01-02 11:10 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2016-10-12 15:39 - 00000779 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2575280359-310499613-3284670713-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Foks\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupreg: AVG-Secure-Search-Update_0913b => C:\Users\Foks\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5e3db89f9cd747d38d75d1544f268f24-31bb5faee41a178bd10572f0444a41369bb7ce50 --CMPID 0913b MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot MSCONFIG\startupreg: Xvid => C:\Program Files\Xvid\CheckUpdate.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [UDP Query User{D347D0EC-A0E4-4E35-BA92-A00D5C5353C3}C:\users\foks\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\foks\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{3259061C-4F57-4D18-A1BD-418323713E42}C:\users\foks\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\foks\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{CC84947F-DAEB-4691-89E2-E9FD4E1B889F}C:\users\foks\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\foks\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{FB30ED97-EDA9-4E35-A890-D691D167093C}C:\users\foks\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\foks\appdata\local\akamai\netsession_win.exe FirewallRules: [{2993D4B0-B179-46D1-BBA7-1AD49C8FA7BB}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe FirewallRules: [{D7AA323A-8E49-4031-97D6-B01FC618B9C5}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe FirewallRules: [UDP Query User{38F46119-04AC-497A-9EE7-58D0867AA642}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe FirewallRules: [TCP Query User{9ACCD53C-E498-4295-8DAE-19BF40940F75}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe FirewallRules: [UDP Query User{208178F7-9DE4-484F-8DA5-121DDF9D8E2A}C:\program files\tlen.pl\tlen.exe] => (Allow) C:\program files\tlen.pl\tlen.exe FirewallRules: [TCP Query User{2C485E85-AA57-42A9-B6DE-8191D53105A2}C:\program files\tlen.pl\tlen.exe] => (Allow) C:\program files\tlen.pl\tlen.exe FirewallRules: [{3E08BB11-BD29-4732-AF8D-D75DB4935A51}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{23082B42-D82C-4806-AC78-B0C25823F505}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe FirewallRules: [{7118E60A-38F3-45C4-80D0-94F9170FF371}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe FirewallRules: [{29044016-3417-40AC-8731-E8A431CD6C5B}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe FirewallRules: [{05B8E275-5049-40CA-859A-BADDCFFB03F0}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe FirewallRules: [{1A80D571-7485-4E8C-B933-DCF43298C178}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe FirewallRules: [{5FAFFE83-3A47-4E43-BEBF-F94455F28826}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe FirewallRules: [{D052432D-3B9F-4FB6-ABDB-9B56FCB73169}] => (Allow) C:\Program Files\Winamp\winamp.exe FirewallRules: [{695F9C8C-CCCF-4281-A019-86691C8216AB}] => (Allow) C:\Program Files\Winamp\winamp.exe FirewallRules: [{BE0DAA50-0872-46C2-94A2-4EC0CA610693}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{FDE4DB2B-5CFD-4BB2-B0D7-D4268377018D}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [TCP Query User{9D9C9D3E-3BE6-4E2B-B543-600186A4B034}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe FirewallRules: [UDP Query User{ACE3D69E-3388-4B29-A62E-4B678029EA42}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe FirewallRules: [{5BAAF8E3-AF09-4ACC-BB44-CE9E1484B643}] => (Allow) C:\Users\Foks\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{1F036EB3-C176-4DCE-957D-CD9A5E7D79D0}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{07792565-3F12-43A7-AE7E-42D4E5D75FF2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 12-10-2016 15:24:22 12,10,2016 12-10-2016 16:25:51 Removed SlimDrivers 12-10-2016 19:20:39 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/13/2016 01:18:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application chrome.exe, version 49.0.2623.112, time stamp 0x570458bc, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000018, fault offset 0x00008fc7, process id 0xa20, application start time 0x01d2254bdde1dd8c. Error: (10/13/2016 10:53:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error: (10/13/2016 10:51:54 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe".Error in manifest or policy file "C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe" on line 0. Invalid Xml syntax. Error: (10/13/2016 10:51:54 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe".Error in manifest or policy file "C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe" on line 0. Invalid Xml syntax. Error: (10/12/2016 04:45:07 PM) (Source: usbperf) (EventID: 2004) (User: ) Description: Usbperf data collection failed. Collect function called with usupported Query Type. Error: (10/12/2016 04:39:17 PM) (Source: usbperf) (EventID: 2004) (User: ) Description: Usbperf data collection failed. Collect function called with usupported Query Type. Error: (10/12/2016 04:36:28 PM) (Source: usbperf) (EventID: 2004) (User: ) Description: Usbperf data collection failed. Collect function called with usupported Query Type. Error: (10/12/2016 04:35:54 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (10/12/2016 04:35:51 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code. Error: (10/12/2016 04:35:49 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "DFSR" in DLL "C:\Windows\System32\DfsrPerf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. System errors: ============= Error: (10/13/2016 10:53:00 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout. Error: (10/13/2016 10:51:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (10/12/2016 07:21:37 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Windows Update service did not shut down properly after receiving a preshutdown control. Error: (10/12/2016 07:21:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Event-ID 20 Error: (10/12/2016 07:21:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Event-ID 20 Error: (10/12/2016 03:45:55 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout. Error: (10/12/2016 03:43:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (10/12/2016 03:20:48 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout. Error: (10/12/2016 03:15:24 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Windows Update service did not shut down properly after receiving a preshutdown control. Error: (10/12/2016 03:09:52 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2016-10-01 20:41:46.556 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-01 20:41:46.434 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-01 20:41:46.363 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-01 20:41:46.085 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-01 20:41:39.703 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-01 20:41:39.644 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-01 20:41:39.584 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-01 20:41:39.524 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-22 13:10:13.606 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-22 13:10:13.434 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz Percentage of memory in use: 53% Total physical RAM: 2037.43 MB Available physical RAM: 955.55 MB Total Virtual: 7947.23 MB Available Virtual: 6673.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:49 GB) (Free:14.38 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:100 GB) (Free:43.57 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 00000080) Partition 1: (Not Active) - (Size=47 MB) - (Type=DE) Partition 2: (Active) - (Size=49 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================