Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017 Ran by Jadwiga (31-01-2017 20:34:26) Running from C:\Users\Jadwiga\Desktop Windows 10 Home Version 1607 (X64) (2016-10-18 14:57:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-365846669-4194548096-2659683666-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-365846669-4194548096-2659683666-503 - Limited - Disabled) Guest (S-1-5-21-365846669-4194548096-2659683666-501 - Limited - Disabled) Jadwiga (S-1-5-21-365846669-4194548096-2659683666-1001 - Administrator - Enabled) => C:\Users\Jadwiga ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-365846669-4194548096-2659683666-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) Avast Premier (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version: - ) Call of Duty Ghosts (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - ) Creative ASIO (USB) (HKLM-x32\...\Creative_ASIO(USB)) (Version: 1.00 - Creative Technology Limited) Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited) Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Dropbox (HKLM-x32\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo) Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden Fast Phrases 1.0 (HKLM-x32\...\Fast Phrases_is1) (Version: 1.0 - stfx) FOTOJOKER Fotoswiat (HKLM-x32\...\FOTOJOKER Fotoswiat) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6431.0 - IDT) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro) Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.) Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.) Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo) Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden Microsoft Office 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 15.0.4875.1001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro) NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.3 - Lenovo Group Limited) SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) Sound Blaster X-Fi Surround 5.1 Pro (HKLM-x32\...\{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}) (Version: 1.0 - Creative Technology Limited) SWAT 4 (HKLM-x32\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31763 - Nazwa firmy) SWAT 4 (x32 Version: 1.0.31763 - Nazwa firmy) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated) User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) War Thunder Launcher 1.0.2.1 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment) Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-365846669-4194548096-2659683666-1001\...\ChromeHTML: -> "C:\Program Files (x86)\Hipbear\Application\chrome.exe" "%1" <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {253646D3-8DB4-4C3A-BA7B-26793DD4DDCE} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo) Task: {25927892-23AA-4AB9-B5FD-BFB08B930231} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {4275763F-1153-4BCF-BE8F-F3780993007B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => c:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo) Task: {429DDFA1-2029-49B2-AA0F-2A4A90E66FDA} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.) Task: {4C339BED-932B-4C3F-8398-C0BA2772A008} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-18] (AVAST Software) Task: {4E1AE92E-5D55-4E28-9341-AEFDF7B1200D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.) Task: {5560088A-0736-4107-A747-529FCD8852B5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {5C0509F5-592F-42EF-9731-6F68DAE8D7E9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] () Task: {5F40AC00-7C57-4E15-9D63-E9E2CCE872DE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo) Task: {6107D926-09EB-44DB-BEB7-F9F07C2190D3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {6B165C40-8B60-482F-9035-C555744535C1} - System32\Tasks\{BD355D1D-D351-4ED1-A191-900158E8E305} => pcalua.exe -a "\\SEBASTIAN-PC\Need for Speed Most Wanted\eauninstall.exe" -d "\\SEBASTIAN-PC\Need for Speed Most Wanted" Task: {6CB9969D-AF55-4558-A6E3-89A75F1A5BA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {78E5DCC8-661D-47B5-8427-3ECC7BA28297} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2016-10-18] (Dolby Laboratories Inc.) Task: {7E034618-915A-4A68-8558-F6BE3B0FDF96} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-21] () Task: {8B312DDE-20D7-4DF4-937E-F70AB8738BA5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {8CBE1EAB-CBD2-4346-9B13-64FBE4E84E7B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo) Task: {8D68E3CC-2350-449A-A578-9EC76D240229} - System32\Tasks\SafeZone scheduled Autoupdate 1465719062 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {9A391B34-9738-4357-9115-E940FBF90334} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-09-20] (Microsoft Corporation) Task: {A4177511-4CDA-4B46-ABB4-1273C80D4808} - \WPD\SqmUpload_S-1-5-21-365846669-4194548096-2659683666-1001 -> No File <==== ATTENTION Task: {AC820BA5-903E-41F5-A685-A8171B9476F0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {ACFBB4D4-936B-4E8F-A9EB-0C9F8B4D1804} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {C0989139-4880-4C27-A54E-AEFF347C7FAA} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.) Task: {C5938596-33A3-41D4-83A2-E8A0F9279DDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {C59AA8B3-E7DA-4345-8761-D4158C2638A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {ECCD95D5-06B2-4B45-BFB9-DE4E26830507} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation) Task: {F6202C86-FA1E-41D7-A9CE-78FF5E276CD2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-10-19 00:57 - 2016-10-19 00:57 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-09-11 12:57 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-11-02 23:24 - 2012-04-25 03:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2016-10-19 00:57 - 2016-10-19 00:57 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-18 16:05 - 2016-10-18 16:05 - 01864384 _____ () C:\Users\Jadwiga\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll 2014-11-02 22:44 - 2014-01-21 19:57 - 00093472 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll 2014-11-02 22:44 - 2014-01-21 19:57 - 00874784 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll 2016-09-18 12:11 - 2016-09-18 12:11 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-12-12 18:31 - 2016-12-12 18:31 - 03068416 _____ () C:\Program Files\AVAST Software\Avast\defs\16121201\algo.dll 2016-09-18 12:11 - 2016-09-18 12:11 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-07-16 16:35 - 2016-07-16 16:36 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-11-02 22:45 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\system32\Drivers\gkpobcog.sys:changelist [6247] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-365846669-4194548096-2659683666-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jadwiga\Pictures\adam i eliza 2\IMG_9110.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{939B4597-EB2E-4D12-8973-371D8F8AE968}] => C:\ProgramData\Hipbear\Hipbear.exe FirewallRules: [{B3EC40BA-18C7-4B65-ACC5-F599B5913C54}] => C:\Program Files (x86)\Hipbear\Application\chrome.exe FirewallRules: [{9A49A20E-C958-4092-B10E-F1FD46FD57B8}] => C:\Program Files (x86)\Hipbear\Update\HipbearUpdate.exe FirewallRules: [{F47B2A17-7F7D-4A94-98F0-4E1B1663C481}] => C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe FirewallRules: [{F5671A57-3277-4524-96F7-6D9777C96742}] => LPort=55100 FirewallRules: [{AA41A084-B174-46BC-A556-3164F629F965}] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe FirewallRules: [{BD12B715-D0B8-4718-8C72-1362631AAB62}] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe FirewallRules: [{F42E7300-348C-4BDE-BC71-2CFAA442AC13}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE FirewallRules: [{B922D754-2A16-4028-909D-C84374A1BEB5}] => C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{D9465DAA-0F81-411D-960C-15803C052971}] => C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{4F1D2AD8-B571-4979-BBBD-4971E7EF6F97}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{7B220CBE-C80B-4FEA-8F49-080EE7AB5D26}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{6324F60B-F094-445F-8E8E-949A4D8BD91E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{2CDA55B4-E098-4161-9C7D-507281E10A72}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{7F60B3E6-6092-4A42-B582-BE230E4EE22D}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C46C9CA9-4F0B-470A-BA2A-A1DB0F9F9B78}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DA003F65-177C-4AAE-A98C-C67D4CB7D168}] => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe FirewallRules: [{9AB29A68-A180-4D0E-A735-81EB7580A73B}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{CD8FE53C-ABBD-45C0-8245-7A1A7B9FE797}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{68EEEF12-8EDC-4B4F-AB3E-FDAD569C776D}] => C:\Program Files (x86)\Steam\steam.exe FirewallRules: [{CAC25C5C-A275-4036-AFCC-6D93E8BA5D45}] => C:\Program Files (x86)\Steam\steam.exe FirewallRules: [{1DCE07A3-90E8-4B08-9827-D6AF961D4237}] => C:\Users\Jadwiga\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{73258506-A3E9-4A6E-864D-02F0872BB437}] => C:\Users\Jadwiga\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E36889E4-2D32-4CC9-8482-3CFC78ED27C8}] => C:\Users\Jadwiga\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4BA6B049-5824-4079-A604-D37DEB5A4A99}] => C:\Users\Jadwiga\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DE69C290-4BEE-455B-95E4-5175A2362BF4}] => C:\Users\Jadwiga\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B1524569-0F90-48CB-BC51-B88484B33B06}] => C:\Users\Jadwiga\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{24A1C51C-D27C-4C12-9006-C1C5AB3BBCA7}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{03E33B1B-18DE-465F-8898-B4C37AF188EE}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{E8065559-43B0-4DAC-8F82-2CA3ADC1388C}] => C:\WarThunder\launcher.exe FirewallRules: [{F44207A8-96A7-4CC2-90A3-089E2E3CE0FF}] => C:\WarThunder\launcher.exe FirewallRules: [{50F1DA43-E270-4B62-BE77-EDD615EBB1E0}] => C:\WarThunder\bpreport.exe FirewallRules: [{499A7C9E-C011-488F-A6E5-0F22B1D9AA88}] => C:\WarThunder\bpreport.exe FirewallRules: [TCP Query User{729D61AA-D072-48BC-BC58-EB4CE1FF5A20}C:\warthunder\launcher.exe] => C:\warthunder\launcher.exe FirewallRules: [UDP Query User{7D00D553-2FE3-4F02-9ED6-0A2B7B7AE697}C:\warthunder\launcher.exe] => C:\warthunder\launcher.exe FirewallRules: [TCP Query User{0B9143F5-6F88-456C-BDD7-395E0089A7ED}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [UDP Query User{748358A1-1D99-4FF3-B70E-CEE73EA3DFA4}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [TCP Query User{56EEC774-1852-44F0-ACB5-B48706ADC149}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [UDP Query User{678E1CC6-B16E-4608-86B4-742F8D56FBF0}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe FirewallRules: [{E7D0EA30-5A0B-4A1F-84BE-7E37713D0C70}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{346D2CAC-9F0E-4FF1-BB10-31BE0E5866ED}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 27-11-2016 13:43:27 ASU_MSI_TRAN 12-12-2016 19:57:03 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/31/2017 08:29:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: explorer.exe, wersja: 10.0.14393.447, sygnatura czasowa: 0x5819bde0 Nazwa modułu powodującego błąd: TwinUI.dll, wersja: 10.0.14393.447, sygnatura czasowa: 0x5819c02a Kod wyjątku: 0x80270233 Przesunięcie błędu: 0x0000000000586db1 Identyfikator procesu powodującego błąd: 0x784 Godzina uruchomienia aplikacji powodującej błąd: 0x01d27bf8562ee8bc Ścieżka aplikacji powodującej błąd: C:\WINDOWS\explorer.exe Ścieżka modułu powodującego błąd: C:\Windows\System32\TwinUI.dll Identyfikator raportu: c263b870-3854-47f9-a82f-b328354ad01b Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (01/31/2017 07:07:45 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified. Error: (01/31/2017 06:21:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/31/2017 06:12:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: svchost.exe_CDPSvc, wersja: 10.0.14393.0, sygnatura czasowa: 0x57899b1c Nazwa modułu powodującego błąd: ucrtbase.dll, wersja: 10.0.14393.0, sygnatura czasowa: 0x578997b5 Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x000000000006ea1e Identyfikator procesu powodującego błąd: 0x2e44 Godzina uruchomienia aplikacji powodującej błąd: 0x01d266b925d53c80 Ścieżka aplikacji powodującej błąd: C:\WINDOWS\system32\svchost.exe Ścieżka modułu powodującego błąd: C:\WINDOWS\System32\ucrtbase.dll Identyfikator raportu: a037ba8c-0803-472a-8baf-66c6a75398ce Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (01/24/2017 04:06:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC) Description: Aktywacja aplikacji Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (01/24/2017 04:06:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC) Description: Aktywacja aplikacji Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (01/24/2017 03:28:29 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/24/2017 03:23:10 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/20/2017 07:44:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC) Description: Aktywacja aplikacji Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (01/20/2017 07:44:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO-PC) Description: Aktywacja aplikacji Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. System errors: ============= Error: (01/31/2017 08:24:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} i identyfikatorem aplikacji APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (01/31/2017 07:11:42 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC) Description: Serwer {21F282D1-A881-49E1-9A3A-26E44E39B86C} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (01/31/2017 07:09:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Zgodnie z ustawieniami uprawnienia application-specific nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} i identyfikatorem aplikacji APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} użytkownikowi NT AUTHORITY\SYSTEM o identyfikatorze zabezpieczeń SID (S-1-5-18) z adresu LocalHost (Using LRPC) działającemu w kontenerze aplikacji o identyfikatorze SID Unavailable (Unavailable). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego Usługi składowe. Error: (01/31/2017 06:56:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (01/31/2017 06:56:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Print Spooler niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (01/31/2017 06:56:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Windows Presentation Foundation Font Cache 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. Error: (01/31/2017 06:56:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa Szybka instalacja pakietu Microsoft Office niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (01/31/2017 06:56:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Intel(R) Capability Licensing Service Interface niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (01/31/2017 06:45:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Restart the service) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: Jedno wystąpienie usługi już działa. . Error: (01/31/2017 06:44:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa NVIDIA Display Driver Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz Percentage of memory in use: 18% Total physical RAM: 8116.27 MB Available physical RAM: 6589.76 MB Total Virtual: 9396.27 MB Available Virtual: 7940.36 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:888.72 GB) (Free:682.59 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.67 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 90ED86DC) Partition: GPT. ==================== End of Addition.txt ============================