Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017 Ran by maf2 (08-03-2017 14:44:44) Running from C:\Users\maf2\Downloads\FSR Windows 10 Pro Version 1607 (X64) (2017-02-13 07:37:41) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1564095453-3564214088-3623100993-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-1564095453-3564214088-3623100993-503 - Limited - Disabled) Guest (S-1-5-21-1564095453-3564214088-3623100993-501 - Limited - Disabled) maf2 (S-1-5-21-1564095453-3564214088-3623100993-1002 - Administrator - Enabled) => C:\Users\maf2 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . . (Version: 2.1.28.3 - Intel) Hidden . . . (x32 Version: 2.7.1.1 - Intel) Hidden 7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov) Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.17.1 - Mirillis) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve) Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1508.1001 - Micro-Star International Co., Ltd.) Battery Calibration (x32 Version: 1.0.1508.1001 - Micro-Star International Co., Ltd.) Hidden Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB) CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform) CDBurnerXP (HKLM-x32\...\{389A4CEF-2D8E-4D6A-ADB3-D8876AC7D0C3}) (Version: 4.5.7.6521 - Canneverbe Limited) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6321 - CDBurnerXP) Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.) COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) COMODO Firewall (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Decrap my Computer (HKLM-x32\...\Decrap my Computer) (Version: - Macecraft Software) EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies) ELAN Touchpad 15.13.5.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.5.2 - ELAN Microelectronic Corp.) ESET NOD32 Antivirus (HKLM\...\{ACA1303F-28D2-4C73-A0A3-785F0327E0B6}) (Version: 10.0.390.0 - ESET, spol. s r.o.) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) FileZilla Client 3.24.1 (HKLM-x32\...\FileZilla Client) (Version: 3.24.1 - Tim Kosse) FlashGet(JetCar) (HKLM-x32\...\FlashGet(JetCar)) (Version: - ) Foscam Web Components 2.1.2.4066 (HKLM-x32\...\{97FD518A-EA1F-4B44-B7D7-890164D6B22E}_is1) (Version: 2.1.2.4066 - FOSCAM) Fritz 13 (HKLM-x32\...\{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}) (Version: 13.0.0.0 - ChessBase) GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version: - ) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Havij 1.15 Free (HKLM-x32\...\Havij_is1) (Version: - ITSecTeam) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.77.0 - HTC) I Am Alive (x32 Version: 1.01.0 - Ubisoft) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{29539bc2-b48e-4b56-93e8-420e38a6d551}) (Version: 2.7.1.1 - Intel) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IPCWebComponents 3.1.0.9 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.1.0.9 - ) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan) JabloTool (HKLM-x32\...\JabloTool) (Version: XD601.1.10.9 - JABLOCOM) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation) Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab) Kaspersky Software Updater (x32 Version: 2.0.0.623 - Kaspersky Lab) Hidden KB9X Radio Switch Driver (HKLM\...\B16388B2E5D3CBA8F0EE88A8C5459BADAF4DE251) (Version: 1.0.7112.20593 - ENE TECHNOLOGY INC.) Kingo ROOT version 1.5.0.2927 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.0.2927 - Kingosoft Technology Ltd.) K-Lite Mega Codec Pack 10.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - ) LibreOffice 5.1.4.2 (HKLM\...\{3D0938AC-CEED-48CF-9649-D433CE8A4AF7}) (Version: 5.1.4.2 - The Document Foundation) Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean) Malwarebytes (wersja 3.0.6.1469) (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Setup (English) (HKLM\...\{DCB0EF4F-E2C2-420B-B8C9-B317A8ECE73A}) (Version: 11.2.5343.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.2.5058.0 - Microsoft Corporation) MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mobile Upgrade S 4.2.3 (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Communication Technology Holdings Limited) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSI Intel Extreme Tuning Utility (HKLM-x32\...\{2301bb34-385a-4a57-877f-c54347957fad}) (Version: 4.0.6.305 - Intel Corporation) MSI Intel Extreme Tuning Utility (x32 Version: 4.0.6.305 - Intel Corporation) Hidden MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.06 - MSI) MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.026 - MSI) MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.05 - MSI) NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org) NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.10 - MSI) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team) NVIDIA Graphics Driver 376.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.67 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) O&O CleverCache (HKLM\...\{2A64B9EB-AAEF-462B-8D5A-855B1DD5467A}) (Version: 7.1.2737 - O&O Software GmbH) Odkurzacz (HKLM-x32\...\Odkurzacz 14.3_is1) (Version: 14.3.0.4600 - FranmoSoftware - Maciej Opaliński) Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software) Oprogramowanie Intel® PROSet/Wireless WiFi (HKLM\...\{E671D411-5F2E-45D6-957C-EB78641192AB}) (Version: 15.05.4000.1515 - Intel Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.) PerfectDisk Professional Business (HKLM\...\{C4E01CDC-0063-493C-B383-9C4FCF7A89F7}) (Version: 14.0.890 - Raxco Software Inc.) Portal 2 Sixense Perceptual Pack (HKLM-x32\...\Steam App 247120) (Version: - ) Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation) Prince of Persia Sands of Time (HKLM-x32\...\Uplay Install 111) (Version: - Ubisoft) Profesor Klaus - Intensywny kurs (HKLM-x32\...\Klaus_Intensywny_kurs_cd1_is1) (Version: - ) Profesor Klaus - Intensywny kurs (HKLM-x32\...\Klaus_Intensywny_kurs_cd2_is1) (Version: - ) Profesor Klaus - Intensywny kurs (HKLM-x32\...\Klaus_Intensywny_kurs_cd3_is1) (Version: - ) Profesor Klaus - Intensywny kurs (HKLM-x32\...\Klaus_Intensywny_kurs_cd4_is1) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.) SCM (HKLM\...\{C6C6E64E-6C48-47FE-A175-4C73C3A465CF}) (Version: 10.013.03016 - Application) SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology) Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia) Service Pack 2 for SQL Server 2012 (KB2958429) (64-bit) (HKLM\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation) Shadow Warrior Classic (1997) (HKLM-x32\...\Steam App 238070) (Version: - 3D Realms) Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - ) Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.104 - Skype Technologies S.A.) SMPlayer 0.8.6.0 (HKLM-x32\...\SMPlayer) (Version: 0.8.6.0 - Ricardo Villalba) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1 - Krzysztof Kowalczyk) SuperMemo UX (HKLM-x32\...\SuperMemo UX) (Version: 1.5.4.2 - SuperMemo World) System Mechanic (HKLM-x32\...\InstallShield_{49DCB5CB-235B-4A14-BD8E-1E9FC1B0311C}) (Version: 16.0.0.464 - iolo technologies, LLC) System Mechanic (x32 Version: 16.0.0.464 - iolo technologies, LLC) Hidden The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd) THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.02 - Creative Technology Limited) TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities Language Pack (pl-PL) (x32 Version: 13.0.3020.16 - TuneUp Software) Hidden Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.26 - Tweaking.com) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) UpdateAssistant (x32 Version: 1.3.0.0 - Microsoft Corporation) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 20.2 - Ubisoft) VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX) VNC Server 6.0.2 (HKLM\...\{28FB9024-BEDC-4F89-AFEE-98C6CBB986CF}) (Version: 6.0.2.25562 - RealVNC Ltd) VNC Viewer 6.0.2 (HKLM\...\{D00A94FF-DF45-49D3-B89D-2708812F644B}) (Version: 6.0.2.25562 - RealVNC Ltd) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST) Windows 10 Manager (HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\Windows 10 Manager 2.0.6) (Version: 2.0.6 - Yamicsoft) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation) WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1564095453-3564214088-3623100993-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0899C358-0F71-4F80-B757-0E7D33FB1713} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO) Task: {1FC923A8-5A29-4DDE-A6A1-645F9C35FB68} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-02] (Intel Corporation) Task: {211C4713-CE69-4D4B-B8B1-490BC576ECF5} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO) Task: {32F42077-BE9D-4BF7-9CC2-9D64EE465E0B} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2014-04-23] (Realtek Semiconductor) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe Task: {4285DD0F-3AA2-4053-90DD-550B78774EFD} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-06-28] (iolo technologies, LLC) Task: {44C04869-6D8D-4257-BE80-DA2B9E3CB102} - System32\Tasks\ioloToaster => C:\Program Files (x86)\iolo\System Mechanic\ioloToaster.exe [2017-02-21] (iolo technologies, LLC) Task: {4691D504-DB4D-4CF1-9158-9F09ABCE011B} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2016-01-14] () Task: {584825E1-0BD6-49B5-B956-F6F9D42C16DD} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-02-17] (Oracle Corporation) Task: {8072AECB-7D4C-46C9-9A58-8029CCEAE016} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\iolo\System Mechanic\ioloSmartUpdater.exe [2017-02-21] (iolo technologies, LLC) Task: {8B5D9E5B-16CD-4373-8616-11960BD0EC50} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd) Task: {9126F776-B91F-41A3-B8C8-1B9DAE18EE4F} - System32\Tasks\Opera scheduled Autoupdate 1391538487 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software) Task: {96AA6C12-080F-4FE5-818E-3578D746B018} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO) Task: {A7690EB1-80EF-4F94-A7B1-D52EDB733346} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-28] (COMODO) Task: {A7D06F85-4333-4807-990F-073651F8FBE8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2016-11-02] (Microsoft Corporation) Task: {B8254FA5-1EBA-4567-AD1A-A4E96D5D3C87} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-03-06] (Adobe Systems Incorporated) Task: {B8CB25C8-28AF-474A-BAE7-707E688E3D97} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-28] (COMODO) Task: {E6F1EDB0-D977-448B-80D7-F3516DA517B6} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com) Task: {EB33E46A-7989-42FC-AEFE-C2DC2E6ADC8F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-02] (Intel Corporation) Task: {EDC83A42-A1B3-4101-BCD5-F56A1539D706} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2017-02-18] (Intel Corporation) Task: {F417A3CD-3437-4A3A-AC32-13678F54A878} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-06] (Adobe Systems Incorporated) Task: {F6008182-7380-4012-8BF6-A745CD55B97F} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe [2017-02-21] (iolo technologies, LLC) Task: {F6BE1363-80C0-4E09-AC10-524EAE92365F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-03-01 00:52 - 2017-01-06 18:29 - 00017384 _____ () C:\Users\maf2\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe 2017-03-08 11:24 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-03-08 11:25 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2013-10-17 15:27 - 2017-02-14 14:50 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2013-07-01 09:21 - 2013-07-01 09:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe 2013-07-01 00:16 - 2013-07-01 00:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll 2013-07-01 00:16 - 2013-07-01 00:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll 2013-07-01 00:15 - 2013-07-01 00:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll 2013-07-01 00:17 - 2013-07-01 00:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll 2013-07-01 00:17 - 2013-07-01 00:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll 2013-07-01 00:17 - 2013-07-01 00:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll 2013-07-01 00:16 - 2013-07-01 00:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll 2013-07-01 00:16 - 2013-07-01 00:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll 2013-07-01 00:15 - 2013-07-01 00:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll 2016-12-28 00:17 - 2016-12-28 00:17 - 00155320 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll 2016-12-28 00:16 - 2016-12-28 00:16 - 00107704 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll 2016-12-28 00:16 - 2016-12-28 00:16 - 00179896 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll 2013-07-01 09:21 - 2013-07-01 09:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe 2017-02-13 07:43 - 2017-01-16 00:55 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-10-21 09:07 - 2017-02-14 14:51 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe 2017-02-13 08:12 - 2017-02-13 08:12 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2017-02-13 08:42 - 2017-02-13 08:42 - 00959168 _____ () C:\Users\maf2\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll 2017-02-21 22:13 - 2017-02-21 22:13 - 00052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-02-22 21:42 - 2017-02-22 21:42 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-22 21:42 - 2017-02-22 21:42 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-22 21:42 - 2017-02-22 21:43 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-13 09:35 - 2017-02-13 09:35 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll 2017-02-28 23:55 - 2017-02-27 09:19 - 53908056 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_browser.dll 2017-02-28 23:55 - 2017-02-27 09:19 - 59948632 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll 2017-02-28 23:55 - 2017-02-27 09:19 - 02559576 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libglesv2.dll 2017-02-28 23:55 - 2017-02-27 09:19 - 00100952 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libegl.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll 2016-10-21 09:08 - 2016-10-21 09:08 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll 2016-10-21 09:09 - 2016-10-21 09:09 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll 2017-02-18 03:45 - 2017-02-18 03:45 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\NvContainerRecovery.bat:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc45.dat:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WmiAcpi.bat:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETBF52.tmp:$CmdTcID [64] AlternateDataStreams: C:\Users\maf2\Downloads\1759EMS1.509.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\Battery_Calibration_1.0.1405.0701.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\Bluetooth_Radar_2.2.msi:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\Dragon Gaming Centerv2.0.1701.0601.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\fastboot-win.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\HDDEraseWeb.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\maf2\Downloads\HDDEraseWeb.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\KingoRoot.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\MSI Setup_SSE2.9.2015.1.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\quick (1).cgi:$CmdTcID [64] AlternateDataStreams: C:\Users\maf2\Downloads\quick (1).cgi:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\quick.cgi:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-08 13:31 - 2017-03-08 13:31 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "vpngui.exe.lnk" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "Nvtmru" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "OODefragTray" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "COMODO Internet Security" HKLM\...\StartupApproved\Run32: => "Live Update" HKLM\...\StartupApproved\Run32: => "PerfectGuard" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Super Charger" HKLM\...\StartupApproved\Run32: => "Adobe RGB Color" HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\StartupApproved\Run: => "TrueCrypt" HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{AF7F262A-6D62-49EF-A42B-F5784EE3502D}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe FirewallRules: [TCP Query User{7BAE570E-E0C4-42CF-81FD-91D01A0FBE46}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe FirewallRules: [{ED13F98E-5755-47C7-A71F-9E33F66779D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{DA9F2FD4-7DAC-45F0-A693-285F1AB86C5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{FDE07DDA-9EAC-4B45-B0AE-B91447517F46}] => (Allow) C:\Program Files (x86)\Intel\Extreme Tuning Utility\Client\PerfTune.exe FirewallRules: [{A9F27B82-2CEF-4ACE-8CF8-EED975255C50}] => (Allow) C:\Program Files (x86)\QNapi\qnapi.exe FirewallRules: [{1138212E-945B-49F6-B134-BA8A043583C2}] => (Allow) C:\Program Files (x86)\QNapi\qnapi.exe FirewallRules: [{8EB548FB-45B7-4E0F-858C-42DA78376704}] => (Allow) C:\Program Files (x86)\Ubisoft\I Am Alive\src\System\IAmAlive_game.exe FirewallRules: [{181316BE-A11B-46AE-B5EB-8A9998F1C3C7}] => (Allow) C:\Program Files (x86)\Ubisoft\I Am Alive\src\System\IAmAlive_game.exe FirewallRules: [{F1607B68-9F60-45D2-9CE2-82798AC91D58}] => (Allow) C:\Program Files (x86)\Ubisoft\I Am Alive\IAmAlive_Launcher.exe FirewallRules: [{36FB8905-1E63-4D66-9EE0-D85D5F15C746}] => (Allow) C:\Program Files (x86)\Ubisoft\I Am Alive\IAmAlive_Launcher.exe FirewallRules: [{9CD8C0D7-EF6B-4CB3-88EF-0445E6098F77}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Swarm\swarm.exe FirewallRules: [{ED658B25-C8E1-4510-AB02-D1CE487CA147}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Swarm\swarm.exe FirewallRules: [{73EB092B-24C9-41EF-8A1D-2B4355911D64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadow Warrior Original\bin\launcher.exe FirewallRules: [{92786051-A8D8-4686-A1B0-7524FC1C8288}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadow Warrior Original\bin\launcher.exe FirewallRules: [{0462B106-CCF7-4E99-8241-B851B0CD771A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2 Sixense Perceptual Pack\portal2.exe FirewallRules: [{C482F3F4-11C6-4D90-B354-5605B8731233}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2 Sixense Perceptual Pack\portal2.exe FirewallRules: [TCP Query User{98532AAE-7C0C-4B35-8A4C-77D32AB879D5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{EE5E0B94-4897-428C-9053-3B298D2DE2C2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{68068DBE-C644-40B8-853C-E005B13C9011}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{49A1F1EE-45C0-477B-BB79-2A3CD9BC114F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D6550C54-2AD2-4010-B78F-17D0C7550F40}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe FirewallRules: [{9B284D64-715D-40CF-B3EF-1C8D627FEF3F}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe FirewallRules: [{87D907A7-E3F6-4A00-8BCF-78DFFA1C1C60}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe FirewallRules: [{59592861-8389-4C45-BDB2-45830C6BA82F}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe FirewallRules: [{888554BB-FDBF-48CA-9863-7C6C7A039B37}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe ==================== Restore Points ========================= 08-03-2017 10:52:44 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Shrew Soft Virtual Adapter Description: Shrew Soft Virtual Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Shrew Soft Service: vnet Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/08/2017 02:47:05 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/08/2017 02:47:05 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/08/2017 02:47:00 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/08/2017 02:47:00 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/08/2017 02:46:55 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/08/2017 02:46:55 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/08/2017 02:46:50 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/08/2017 02:46:50 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/08/2017 02:46:45 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (03/08/2017 02:46:45 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). System errors: ============= Error: (03/08/2017 02:36:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Technologia pamięci Intel® Rapid service terminated unexpectedly. It has done this 1 time(s). Error: (03/08/2017 02:35:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (03/08/2017 02:34:41 PM) (Source: DCOM) (EventID: 10010) (User: COMPUTER) Description: The server Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (03/08/2017 02:30:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/08/2017 02:30:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect. Error: (03/08/2017 02:30:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/08/2017 02:30:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (03/08/2017 02:30:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SuperRAIDSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/08/2017 02:30:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SuperRAIDSvc service to connect. Error: (03/08/2017 02:30:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The FontCache3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2017-03-08 14:42:50.597 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 14:42:49.491 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 14:42:49.341 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 14:37:08.173 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 14:36:50.123 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 14:36:20.079 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 14:35:09.374 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 14:35:04.555 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 14:29:46.322 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 14:10:54.134 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz Percentage of memory in use: 36% Total physical RAM: 8088.91 MB Available physical RAM: 5107.96 MB Total Virtual: 8600.91 MB Available Virtual: 5562.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:362.54 GB) (Free:62.64 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 0000D5DF) Partition 1: (Not Active) - (Size=335.3 GB) - (Type=05) Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=362.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=487 MB) - (Type=83) ==================== End of Addition.txt ============================