Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Forma (21-03-2017 16:28:31) Running from C:\Users\Forma\Desktop\AUDIK Windows 7 Home Premium Service Pack 1 (X64) (2015-03-03 20:26:40) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-871434758-139634626-509111008-500 - Administrator - Disabled) Forma (S-1-5-21-871434758-139634626-509111008-1000 - Administrator - Enabled) => C:\Users\Forma Guest (S-1-5-21-871434758-139634626-509111008-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-871434758-139634626-509111008-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-871434758-139634626-509111008-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.19) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated) ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.7.2 - ASUS) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) Aurera-Global (HKLM-x32\...\Aurera-Global) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Catalyst Control Center Next Localization BR (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0615.6.41554 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd) DayZ (HKLM\...\Steam App 221100) (Version: - Bohemia Interactive) Driver Fusion (HKLM-x32\...\Driver Fusion) (Version: 3.3.0.0 - Treexy) Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version: - SCS Software) FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.47.16140 - Electronic Arts) FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line) GG (HKU\S-1-5-21-871434758-139634626-509111008-1000\...\GG) (Version: 12 - GG Network S.A.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Grand Theft Auto IV version 1.0.7.0 (HKLM-x32\...\Grand Theft Auto IV_is1) (Version: 1.0.7.0 - Mr DJ) Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) GRID Autosport (HKLM\...\Steam App 255220) (Version: - Codemasters Racing) H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version: - Daybreak Game Company) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation) Intel(R) Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.51.8439 - Intel(R) Corporation) Intel(R) Smart Connect Technology (HKLM\...\{4188E70A-4D3B-447C-B366-963C9E8B4538}) (Version: 5.0.10.2907 - Intel Corporation) Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.5.69 - Intel Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.519 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.519 - LogMeIn, Inc.) Hidden Łatka polonizacyjna GTA IV v1.0 (HKLM-x32\...\Łatka polonizacyjna GTA IV v1.0) (Version: 1.0 - GTAPOLSKA.PL) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Minecraft1.8.4 (HKLM-x32\...\Minecraft1.8.4) (Version: - ) MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD) MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.0.0.10 - MSI) MSI Kombustor 3.5.0 (HKLM\...\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1) (Version: - MSI Co., LTD) MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.10 - MSI) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) OBS Multiplatform (HKLM-x32\...\OBS Multiplatform) (Version: 0.12.3 - OBS Project) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project) OCCT 4.4.2 (HKLM-x32\...\OCCT) (Version: 4.4.2 - Ocbase.com) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenIV (HKU\S-1-5-21-871434758-139634626-509111008-1000\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team) Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.100.422.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8059 - Realtek Semiconductor Corp.) reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - ) RESIDENT EVIL 7 biohazard / BIOHAZARD 7 resident evil (HKLM\...\Steam App 418370) (Version: - CAPCOM Co., Ltd.) Rise of the Tomb Raider (HKLM\...\Steam App 391220) (Version: - Crystal Dynamics) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games) Rust (HKLM\...\Steam App 252490) (Version: - Facepunch Studios) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) Softube Plug-Ins (VST AAX 32-bit) (HKLM-x32\...\Softube Plug-Ins (VST AAX 32-bit)) (Version: 2.2.79 - Softube AB) Softube Plug-Ins (VST AAX 64-bit) (HKLM\...\Softube Plug-Ins (VST AAX 64-bit)) (Version: 2.2.91 - Softube AB) Sonic Foundry Preset Manager 1.0 (HKLM-x32\...\{7266C898-F9CB-4122-9452-2AA1DACE245E}) (Version: 1.0.73 - Sonic Foundry) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SteelSeries Engine 3.3.7.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.3.7.1 - SteelSeries ApS) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) The Witcher 3: Wild Hunt (HKLM\...\Steam App 292030) (Version: - CD PROJEKT RED) Tibia (HKU\S-1-5-21-871434758-139634626-509111008-1000\...\Tibia) (Version: - CipSoft GmbH) Tibia Testserver (HKLM-x32\...\Tibia Testserver_is1) (Version: 10.93 - CipSoft GmbH) Tone2 Gladiator VSTi v2.2 (HKLM-x32\...\Tone2 Gladiator VSTi_is1) (Version: - ) TruckersMP 0.2.1.3.5 Alpha (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.1.3.5 Alpha - TruckersMP Team) UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.6.0.4 - ) <==== ATTENTION Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) <==== ATTENTION Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft) ValhallaRoom 1.1.0 (HKLM-x32\...\ValhallaRoom_is1) (Version: - ) VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.8 - MSI) Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version: 1.0.21.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-2) (Version: 1.0.37.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.37.0 (Version: 1.0.37.0 - LunarG, Inc.) Hidden Waves Complete V9r1 (HKLM-x32\...\{90000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.0.1 - Waves) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft) Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) WinRAR 5.20 (32-bitowy) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - ) XenoBot Apophis (HKLM-x32\...\{D4AD53CC-E454-4863-AB7B-DD38B4E97D39}) (Version: 14.11.19 - XenoBot) Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi)) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-871434758-139634626-509111008-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Forma\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0587215E-F5C4-4A4C-8991-A4FF87B68054} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [2015-08-18] (MSI) Task: {08DDD81E-3858-4607-938A-FDB74E42216D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated) Task: {181AF914-3124-4668-A91B-5EC6ECE8F20E} - System32\Tasks\MSIOSDx64_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\MsiGamingOSD_x64.exe [2016-06-30] (Micro-Star INT'L CO., LTD.) Task: {798C76CE-EA41-40EA-8D45-00F6F0DB9B6A} - System32\Tasks\AdobeAAMUpdater-1.0-Forma-PC-Forma => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {8A34DB90-4930-4DB6-ABBD-86E57D19C267} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd) Task: {9B734DD0-94F9-42D1-AC87-88EEDA1212F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {AA976ED4-5A4B-4E41-B516-EE9C65B0727D} - System32\Tasks\MSIOSDx86_Host => C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe [2016-06-30] (Micro-Star INT'L CO., LTD.) Task: {ABA639BA-6E77-40F0-8A69-CFA48C5D41E4} - System32\Tasks\{CEACF171-AA64-4B01-A71E-8F83A0FA9C2F} => pcalua.exe -a "C:\Users\Forma\Downloads\Titan Quest + Immortal Throne\patches\patch 1.17a (IT)\TQIT 1.17a installer.exe" -d "C:\Users\Forma\Downloads\Titan Quest + Immortal Throne\patches\patch 1.17a (IT)" Task: {B8C4E62D-2C9A-47BC-BA6D-3FE056029936} - System32\Tasks\{7A1070BC-9490-405C-9707-17ADA4A001F6} => pcalua.exe -a G:\Autorun.exe -d G:\ Task: {C5E8384B-602F-4BFF-8ECD-461D45434CB5} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] () Task: {CA26FD03-00F1-4702-AC05-E484637EEA9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.) Task: {D3F9CFBC-CE9C-4839-9C16-D88BA0147512} - System32\Tasks\{F8BC478B-31EF-421C-A988-EB6F6B64EC2E} => pcalua.exe -a H:\setup.exe -d H:\ Task: {FB8DBE64-AED2-4A3E-9840-3728309792A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Forma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Аrdamаx Kеylogger 4.4\Аrdamаx Kеylogger 4.4.lnk -> C:\ProgramData\HXR\HXR.exe (No File) <===== Cyrillic Shortcut: C:\Users\Forma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Forma\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat () ShortcutWithArgument: C:\Users\Forma\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Forma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Forma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ==================== Loaded Modules (Whitelisted) ============== 2017-02-21 17:21 - 2016-06-14 16:35 - 00187392 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x64\D3D11FontDraw.dll 2015-08-24 19:28 - 2015-08-24 19:28 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll 2015-03-05 17:44 - 2015-03-05 17:44 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\x2api.dll 2014-08-25 16:01 - 2014-08-25 16:01 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2014-08-25 16:01 - 2014-08-25 16:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2014-08-25 16:01 - 2014-08-25 16:01 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2014-08-25 16:01 - 2014-08-25 16:01 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll 2017-02-21 17:21 - 2016-06-14 16:35 - 00163328 _____ () C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\D3D11FontDraw.dll 2017-03-20 18:54 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll 2017-02-06 20:11 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-06 20:11 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2014-09-03 11:03 - 2014-09-03 11:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Forma:Heroes & Generals [38] AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B [464] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-871434758-139634626-509111008-1000\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-09-16 13:25 - 2017-03-18 15:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-871434758-139634626-509111008-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Forma\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: BEService => 3 MSCONFIG\Services: Browser => 3 MSCONFIG\Services: COMSysApp => 3 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: ISCTAgent => 2 MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Live Update => C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{4C885379-9A36-46D3-B8DF-92A484230312}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F259AA63-2621-48C9-B7D0-87786DF87C1F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{64425ED3-A8BE-476E-8CF1-8EB6F765015F}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe FirewallRules: [UDP Query User{DEB13D40-CC6A-4491-9939-CF540CBF1DED}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe FirewallRules: [TCP Query User{AFD63B98-3F7E-4EC9-B80F-42D84B13D1FF}C:\users\forma\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\forma\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{C21F4F48-DE90-41B0-BF72-D32EAAA9E3BF}C:\users\forma\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\forma\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{73689D02-12F6-4F02-9256-A3C37185E991}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe FirewallRules: [{ACD4F358-7F0B-410E-93E1-899B2711B53D}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe FirewallRules: [{99A3D4CE-7CFE-4C7F-8830-85EE2BD2C02A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe FirewallRules: [{3D7C05B9-5204-4805-B1BC-D131FB2A49E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe FirewallRules: [{DBB27749-1A34-4BC3-8E8B-E72737B738B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe FirewallRules: [{5B018C31-C296-4632-9C25-73425BA215F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe FirewallRules: [{792186B6-162C-48A4-8933-9F44D623E2D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe FirewallRules: [{E9289435-880E-4EFB-93F3-61DA0A8F2A41}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{53CE981F-548C-4F43-B8DD-6E376B99C36D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe FirewallRules: [{463EA312-9CA5-4D6B-B3CD-93B4EF206CEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 King of the Kill\LaunchPad.exe FirewallRules: [{C60A735B-3C7F-4E2D-B9B8-3F9788B777E6}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe FirewallRules: [{EBD8CB3B-156B-4552-BB9B-DB94361F7CC5}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe FirewallRules: [{287D3DF6-1B33-48ED-9DB4-D0B0660D453C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [{2A212206-0ADF-494E-B727-E00A8EDABA4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe FirewallRules: [{A89EC676-C5F7-45CA-B820-802852E24974}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{2ADB3D2B-D280-48EB-86DB-2AC78A3EAED2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{09C0C3FC-60E3-4666-9E7A-F7A004FD17E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [{05C54193-37F7-4728-84F3-E330096C520D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [{821CAFCD-B589-45C3-B365-8BF88B781F42}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe FirewallRules: [{F5C460B6-D29F-468B-A709-C773C791765B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe FirewallRules: [{AAD7E7C0-20C6-4371-AA44-3C5215F8EDCB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\GRID Autosport\GRIDAutosport.exe FirewallRules: [{1122390B-3EFD-4CB8-8F25-9B722738131B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\GRID Autosport\GRIDAutosport.exe FirewallRules: [{0E6A4079-DA0E-4831-857C-6609B291D023}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{11BC325F-3D86-49D6-9A48-53B8A48D5D1B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{511A04D8-5E69-43AB-A310-4ECEE2C6E8F0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{5B48F432-0A95-4890-A443-9C1FB1AD1F4B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{ACAA4D3C-DDB5-45F4-A73D-58A5A04B205E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{0E5B0DB0-C7A0-41D8-A2EE-1D584A353350}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{0895B5F3-14D6-422D-9FE5-98A73DF10978}] => (Allow) C:\Users\Forma\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9DD7E7DE-2ADA-4AC4-9874-118A6E9CDD7A}] => (Allow) C:\Users\Forma\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E7FA0133-A433-4EC0-99A6-587509902A52}] => (Allow) D:\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe FirewallRules: [{BCD51FCF-465B-4F22-98B3-0D62E5D3CA15}] => (Allow) D:\Mr DJ\Grand Theft Auto IV\LaunchGTAIV.exe FirewallRules: [{9EA18823-ADEE-45F7-9C9A-2DF7F8F562BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe FirewallRules: [{6C6F9527-7851-4246-9DFB-AA1B6370CA69}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe FirewallRules: [{B42384D5-AB00-439C-B21F-FDE1E4CF8D84}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0E48316D-128E-45B5-9FB6-79F9DF96E206}] => (Allow) D:\Program Files (x86)\Origin\FIFA 17\FIFASetup\fifaconfig.exe FirewallRules: [{AFC8C2F4-393D-4617-ABE2-1CB96CC5A9F2}] => (Allow) D:\Program Files (x86)\Origin\FIFA 17\FIFASetup\fifaconfig.exe FirewallRules: [{1203F4D7-C98E-44F3-8A6A-D512C813EFAA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{CBF00721-547D-4AD7-8F68-7FF6CB5075D1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{0A7A7D7C-CCC7-45D6-A1A8-FECD9ED61A01}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{0B1660B7-030F-437D-8516-4F5F729874E8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{0491A42E-1D08-460B-8EBF-54D853C4F40B}] => (Allow) LPort=26789 ==================== Restore Points ========================= 19-03-2017 13:29:28 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: CSN5PDTS82x64 NDIS Protocol Driver Description: CSN5PDTS82x64 NDIS Protocol Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: CSN5PDTS82x64 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Capsax64Drv0 NDIS Protocol Driver Description: Capsax64Drv0 NDIS Protocol Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Capsax64Drv0 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (03/21/2017 04:22:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MSI_Trigger_Service.exe, version: 1.0.9.0, time stamp: 0x5243c86d Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9620 Exception code: 0xe0434352 Fault offset: 0x0000c54f Faulting process id: 0x8e8 Faulting application start time: 0x01d2a256cedccae5 Faulting application path: C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 389c63e4-0e4a-11e7-906f-d8cb8a3954e5 Error: (03/21/2017 04:22:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/21/2017 04:22:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: MSI_Trigger_Service.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr) at System.Management.ManagementScope.InitializeGuts(System.Object) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at MSI_Trigger_Service.Service1.DetectVGAInfo() at MSI_Trigger_Service.Service1.ServiceThread_Main() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (03/21/2017 04:22:26 PM) (Source: MSI_ActiveX_Service) (EventID: 0) (User: ) Description: Service cannot be started. System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize() at System.Management.ManagementEventWatcher.Start() at MSI_ActiveX_Service.ActiveX_Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/20/2017 06:52:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MSI_Trigger_Service.exe, version: 1.0.9.0, time stamp: 0x5243c86d Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9620 Exception code: 0xe0434352 Fault offset: 0x0000c54f Faulting process id: 0x5d0 Faulting application start time: 0x01d2a1a29b92240b Faulting application path: C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 00b20be5-0d96-11e7-b5d6-d8cb8a3954e5 Error: (03/20/2017 06:52:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/20/2017 06:52:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: MSI_Trigger_Service.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr) at System.Management.ManagementScope.InitializeGuts(System.Object) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize() at System.Management.ManagementObjectSearcher.Get() at MSI_Trigger_Service.Service1.DetectVGAInfo() at MSI_Trigger_Service.Service1.ServiceThread_Main() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (03/20/2017 06:52:31 PM) (Source: MSI_ActiveX_Service) (EventID: 0) (User: ) Description: Service cannot be started. System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementEventWatcher.Initialize() at System.Management.ManagementEventWatcher.Start() at MSI_ActiveX_Service.ActiveX_Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error: (03/20/2017 03:29:01 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\wlc.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (03/20/2017 03:22:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MSI_Trigger_Service.exe, version: 1.0.9.0, time stamp: 0x5243c86d Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9620 Exception code: 0xe0434352 Fault offset: 0x0000c54f Faulting process id: 0x25c Faulting application start time: 0x01d2a1854ff1d3ec Faulting application path: C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: b1a19051-0d78-11e7-8129-d8cb8a3954e5 System errors: ============= Error: (03/21/2017 04:22:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MSI_Trigger_Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/21/2017 04:22:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Capsax64Drv0 CSN5PDTS82 CSN5PDTS82x64 CsNdisLWF Error: (03/21/2017 04:22:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/21/2017 04:22:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (60000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (03/20/2017 06:52:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MSI_Trigger_Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/20/2017 06:52:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Capsax64Drv0 CSN5PDTS82 CSN5PDTS82x64 CsNdisLWF Error: (03/20/2017 06:52:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/20/2017 06:52:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (60000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (03/20/2017 06:49:57 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 17:23:23 on ‎2017-‎03-‎20 was unexpected. Error: (03/20/2017 03:22:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MSI_Trigger_Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-03-18 15:30:22.904 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-18 15:30:22.849 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-18 15:30:22.795 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-18 15:30:22.740 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-21 16:58:47.694 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hidkmdf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-21 16:58:47.647 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hidkmdf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-21 16:58:08.479 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hidkmdf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-21 16:58:08.432 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hidkmdf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-21 16:52:36.136 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hidkmdf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-02-21 16:52:36.104 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hidkmdf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz Percentage of memory in use: 38% Total physical RAM: 8120.01 MB Available physical RAM: 4989.59 MB Total Virtual: 16238.2 MB Available Virtual: 12287.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:439.35 GB) (Free:71.96 GB) NTFS Drive d: () (Fixed) (Total:492.06 GB) (Free:254.48 GB) NTFS Drive e: (G71-VAW1028) (CDROM) (Total:1.22 GB) (Free:0 GB) CDFS Drive g: (INSIDE) (CDROM) (Total:2.31 GB) (Free:0 GB) CDFS Drive i: (Mafia II) (CDROM) (Total:8.61 GB) (Free:0 GB) UDF Drive j: (F1 SETUP) (CDROM) (Total:19.99 GB) (Free:0 GB) CDFS Drive k: (CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3736311F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=439.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=492.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================