Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01 Ran by tomasz (04-05-2017 20:07:56) Running from C:\Users\tomasz\Downloads\Programs Windows 10 Home Version 1607 (X64) (2016-09-17 03:52:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3496410110-4066453920-4167670126-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-3496410110-4066453920-4167670126-503 - Limited - Disabled) Guest (S-1-5-21-3496410110-4066453920-4167670126-501 - Limited - Disabled) tom (S-1-5-21-3496410110-4066453920-4167670126-1006 - Limited - Enabled) => C:\Users\tom tomasz (S-1-5-21-3496410110-4066453920-4167670126-1002 - Administrator - Enabled) => C:\Users\tomasz ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks) AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Any Audio Converter 5.8.3 (HKLM-x32\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com) Any Video Converter 5.8.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Any Video Converter 6.1.2 (HKLM-x32\...\Any Video Converter) (Version: 6.1.2 - Anvsoft) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Avast Browser Cleanup (HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\Avast Browser Cleanup) (Version: 12.1.2272.125 - AVAST Software) Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.27.55 - Conexant) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc) EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version: - SEIKO EPSON Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) KC Softwares PhotoToFilm (HKLM-x32\...\KC Softwares PhotoToFilm_is1) (Version: - KC Softwares) Kits Configuration Installer (x32 Version: 10.1.14393.0 - Microsoft) Hidden K-Lite Mega Codec Pack 13.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.1.0 - KLCP) Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo) Lenovo PhoneCompanion (x32 Version: 1.2.0.2 - Lenovo) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) NapiProjekt 2.0.0 (build 2151) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Naprawiacz 1.31 (HKLM-x32\...\Naprawiacz_is1) (Version: - ) Nero 7 Essentials (HKLM-x32\...\{9B4E6CB9-E54D-47F7-A414-E2D5740E1045}) (Version: 7.02.8507 - Nero AG) Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro) Odinstaluj drukarkę EPSON XP-212 213 Series (HKLM\...\EPSON XP-212 213 Series) (Version: - SEIKO EPSON Corporation) OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Opera beta 45.0.2552.225 (HKLM-x32\...\Opera 45.0.2552.225) (Version: 45.0.2552.225 - Opera Software) paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.806.012214 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.20.243 - REALTEK Semiconductor Corp.) Samsung Link 2.0.0.1603091618 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1603091618 - Samsung Electronics Co.,Ltd) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) Start Menu (HKU\S-1-5-21-3496410110-4066453920-4167670126-1006\...\Pokki) (Version: 0.269.2.471 - Pokki) Tetris (HKLM-x32\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.68 - Crystal Office Systems) Toolkit Documentation (x32 Version: 10.1.14393.0 - Microsoft) Hidden User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) WhatsApp (HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\WhatsApp) (Version: 0.2.3699 - WhatsApp) Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - ) Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{39ebb79f-797c-418f-b329-97cfdf92b7ab}) (Version: 10.1.14393.0 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WPT Redistributables (x32 Version: 10.1.14393.0 - Microsoft) Hidden WPTx64 (x32 Version: 10.1.14393.0 - Microsoft) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10153EC2-C06E-4240-B779-3092E1F5B424} - System32\Tasks\ASCU10_SkipUac_tomasz => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe Task: {1CDEAB41-7B0E-4FB5-A20A-2FFAAE71DA9A} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.) Task: {29989346-7A75-41F4-A31A-11E474465ACD} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo) Task: {2E678788-717C-4528-87CA-F744B64050E1} - System32\Tasks\EPSON XP-212 213 Series Update {5C12CBCC-18CE-46ED-BA9D-AC40229849F3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {2F14EE2D-C94F-45A0-8FD6-CDB88FD0BCD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation) Task: {2F3B83FB-CBD6-447B-B986-33A783AC1F92} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {3404E942-128F-4AC3-B246-949BE1B5282D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation) Task: {3A29EE37-4A87-40B3-8D91-52F7F8D28524} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo) Task: {3C2D9E32-FE2E-476C-80F3-ABAE8C95F33A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo) Task: {3EECF50E-E364-41EA-9DCF-0D76C4702110} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd) Task: {46CF26F4-58B2-419F-BC04-945451054A86} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo) Task: {5A3482F0-746E-45D8-8318-3209B8E8EB92} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-03-01] (Synaptics Incorporated) Task: {5FB9884D-E53A-493C-8CB0-94C1A0C3C3C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-11] (Microsoft Corporation) Task: {6BC2E406-B6E1-4D25-BBF3-650E2D624B42} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-14] (Adobe Systems Incorporated) Task: {6CF26FEC-3014-45BD-B940-74EE0142F3B7} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {B3CE4975-A7F7-4D7D-BD8B-E3C106FFF5F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-16] (Google Inc.) Task: {C7391399-537E-4CF8-BBA6-7CAF76E8F09B} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => %programfiles%\lenovo\lenovo solution center\App\LSCService.exe Task: {CD077BE9-CDB3-4D0F-9585-F496CD25D2A4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-14] (Adobe Systems Incorporated) Task: {D2918F16-6F39-4541-BCF5-D581D752CE7D} - System32\Tasks\EPSON XP-215 217 Series Invitation {EC9F6D0B-9697-45A9-A5F2-847BFC7F976B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION) Task: {D69E6388-AFB0-442A-BC97-6022CC013203} - System32\Tasks\Opera scheduled Autoupdate 1477395221 => C:\Program Files\Opera beta\launcher.exe [2017-04-10] (Opera Software) Task: {D8208498-D178-4094-8F50-4C92BBD24A7A} - System32\Tasks\Driver Booster SkipUAC (tomasz) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe Task: {DE1EED69-8909-4882-BA89-0D583807AB2D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation) Task: {E47E8E83-5719-4CC5-AFF5-7E5B86BD8963} - System32\Tasks\EPSON XP-212 213 Series Invitation {5C12CBCC-18CE-46ED-BA9D-AC40229849F3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {EF02017D-A890-4F1C-9382-E5AD269266ED} - System32\Tasks\EPSON XP-215 217 Series Update {EC9F6D0B-9697-45A9-A5F2-847BFC7F976B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION) Task: {EF5C42C5-880D-4267-A842-1D59D11FB77C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation) Task: {F8ECCAD2-2AB1-4CDF-90ED-B0A120C2D35C} - System32\Tasks\avastBCLS-1-5-21-3496410110-4066453920-4167670126-1002 => C:\Users\tomasz\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2017-03-07] (AVAST Software) Task: {F98DA155-5A06-460B-B925-B9BFB26053C9} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {F9B5FF0C-2DDB-49F1-A2FC-11DB8523C1B6} - System32\Tasks\avast! BCU UpdateS-1-5-21-3496410110-4066453920-4167670126-1002 => C:\Users\tomasz\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software) Task: {FD5D4340-C727-43C3-BE9F-F6197C079108} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-16] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\ASCU10_SkipUac_tomasz.job => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe Task: C:\WINDOWS\Tasks\EPSON XP-212 213 Series Invitation {5C12CBCC-18CE-46ED-BA9D-AC40229849F3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE Task: C:\WINDOWS\Tasks\EPSON XP-212 213 Series Update {5C12CBCC-18CE-46ED-BA9D-AC40229849F3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLHE.EXE:/EXE:{5C12CBCC-18CE-46ED-BA9D-AC40229849F3} /F:UpdateWORKGROUP\TOM2-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {EC9F6D0B-9697-45A9-A5F2-847BFC7F976B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {EC9F6D0B-9697-45A9-A5F2-847BFC7F976B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE:/EXE:{EC9F6D0B-9697-45A9-A5F2-847BFC7F976B} /F:UpdateWORKGROUP\TOM2-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\tomasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpebaehgfgkcmmjjknibibbjacnplim ShortcutWithArgument: C:\Users\tomasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Pasjans_Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpebaehgfgkcmmjjknibibbjacnplim ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-04-11 22:41 - 2017-03-28 08:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2014-04-19 07:12 - 2014-04-19 07:12 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2017-04-11 22:41 - 2017-03-28 08:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-17 14:33 - 2016-09-17 14:33 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-18 14:05 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-18 14:01 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-18 14:01 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-18 14:01 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-04-11 22:41 - 2017-03-28 07:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-04-11 22:41 - 2017-03-28 07:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-09-12 01:46 - 2010-10-26 06:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2017-04-05 06:19 - 2017-04-05 06:23 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-04-05 06:19 - 2017-04-05 06:23 - 22723584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-04-05 06:19 - 2017-04-05 06:23 - 00448512 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll 2017-04-05 06:19 - 2017-04-05 06:23 - 05427200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2016-07-04 18:14 - 2016-07-04 18:18 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-04-05 06:19 - 2017-04-05 06:23 - 00435712 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-04-05 06:19 - 2017-04-05 06:23 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-07-30 22:43 - 2016-07-30 22:43 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2015-07-26 20:34 - 2011-12-14 19:31 - 06194176 _____ () C:\Program Files (x86)\NAPI-PROJEKT\napisy.exe 2017-03-08 12:53 - 2017-02-08 16:18 - 00864768 _____ () C:\Program Files (x86)\FreeCodecPack\Haali\Splitter.x64.ax 2017-03-08 12:53 - 2017-02-08 16:18 - 00088432 _____ () C:\Program Files (x86)\FreeCodecPack\Haali\mkzlib.x64.dll 2017-03-08 12:53 - 2017-02-08 16:18 - 00028016 _____ () C:\Program Files (x86)\FreeCodecPack\Haali\mkunicode.x64.dll 2017-03-08 12:53 - 2017-02-08 16:18 - 00177520 _____ () C:\Program Files (x86)\FreeCodecPack\Haali\mkx.x64.dll 2017-04-06 18:00 - 2017-03-29 10:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll 2017-04-06 18:00 - 2017-03-29 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll 2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll 2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll 2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll 2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll 2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll 2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll 2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll 2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll 2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll 2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll 2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll 2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll 2017-03-06 13:26 - 2008-06-22 11:58 - 00134656 _____ () C:\Program Files (x86)\NAPI-PROJEKT\chsdet.dll 2017-05-04 20:04 - 2017-05-04 20:04 - 00380928 _____ () C:\Users\tomasz\Downloads\Programs\355wur6n.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences [386] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-04-08 14:39 - 2017-04-23 21:57 - 00001473 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 idb.iobit.com 127.0.0.1 asc55.iobit.com 127.0.0.1 is360.iobit.com 127.0.0.1 asc.iobit.com 127.0.0.1 pf.iobit.com 127.0.0.1 98.129.229.186 127.0.0.1 www.iana.org 127.0.0.1 iana.org0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com There are 12 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\tomasz\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\sfondo del visualizzatore foto di windows.jpg HKU\S-1-5-21-3496410110-4066453920-4167670126-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg HKU\S-1-5-21-3496410110-4066453920-4167670126-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run: => "StartCN" HKLM\...\StartupApproved\Run: => "cAudioFilterAgent" HKLM\...\StartupApproved\Run: => "BtServer" HKLM\...\StartupApproved\Run: => "RtsFT" HKLM\...\StartupApproved\Run: => "SmartAudio" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "KiesTrayAgent" HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\StartupApproved\StartupFolder: => "boottimer.lnk" HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\StartupApproved\Run: => "AppEx Accelerator UI" HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-3496410110-4066453920-4167670126-1002\...\StartupApproved\Run: => "EPLTarget\P0000000000000001" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F21F7692-5EBD-4164-94B5-01C40730BC57}] => (Allow) C:\Users\tomasz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0FCFC484-7099-4D2F-9BDF-50E12B47CC8D}] => (Allow) C:\Users\tomasz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{32C0C7A8-9B8D-440C-9546-81698BF9DE28}] => (Allow) C:\Users\tomasz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B88C900F-1ECB-433F-B738-C052CEE38088}] => (Allow) C:\Users\tomasz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0B82FB77-E17E-4DC1-B9D3-8E1B8907F5F0}] => (Allow) C:\Users\tomasz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{361D48B5-22A2-47A7-9B9A-A348DE956210}] => (Allow) C:\Users\tomasz\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{640609B5-2220-4610-8C8F-86FB375510DD}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{72DC0526-4E83-48DB-9E00-4EED60DB3D8F}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{F965233A-F0DC-4B51-AB4C-02959E82383D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE FirewallRules: [{7B12F318-423A-4A8F-87FD-84886A35D619}] => (Allow) LPort=55100 FirewallRules: [{2BFAC15E-DAAD-4095-9A17-DD4758C18DAF}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe FirewallRules: [TCP Query User{C6FB23E0-DE89-493D-872B-E543162A2064}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{7B78BE93-8FF8-45C0-9C49-F90B83D3F343}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{B5AE681F-15BB-4281-9992-E146E26E4EFC}] => (Allow) C:\WINDOWS\SysWOW64\muzapp.exe FirewallRules: [{63DC57D3-8FB7-4656-B9A6-59776A82B10D}] => (Allow) C:\WINDOWS\SysWOW64\muzapp.exe FirewallRules: [{025297A2-2473-470D-89E8-CA17FDE05C68}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe FirewallRules: [{BA37FCC0-BC26-4D69-93D9-85AA290A5D72}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe FirewallRules: [{6FD74CF3-D69E-4B05-84E7-426EE1F76D12}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe FirewallRules: [{3C776D5F-768A-4FE8-9BB7-B0C4A1B7BC63}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe FirewallRules: [{FE7E7F07-38A3-4E74-A712-58D66F72215A}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe FirewallRules: [{13DFBD56-DFC2-4422-B542-3B7030EF85C5}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe FirewallRules: [{E43ACF82-336A-429F-AD58-68B40E680D2A}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe FirewallRules: [{3A1F1818-ADAE-410B-9698-8524EA4DA0D6}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe FirewallRules: [{A6CB0D97-E116-4740-8AAA-41F36DBC3BD4}] => (Allow) LPort=8743 FirewallRules: [{5CAF1F3C-DCC0-4489-9641-D47FEC4F5C42}] => (Allow) LPort=8643 FirewallRules: [{04095E2D-6458-4867-9C1C-0750A89C13CE}] => (Allow) LPort=7676 FirewallRules: [{7EEF1834-A715-41B9-9B59-5F5A774C2544}] => (Allow) LPort=7679 FirewallRules: [{D4EC37B3-3AA1-4230-8A79-2D6B073590D2}] => (Allow) LPort=24234 FirewallRules: [{910F337C-7CE4-475A-A968-3AF17D0B9DD3}] => (Allow) LPort=7900 FirewallRules: [{CC2EF933-8DFB-4797-97A9-53709D6E08E6}] => (Allow) LPort=1900 FirewallRules: [{ABEDE5E0-C0D1-4CE1-8608-E39ECC1F4026}] => (Block) c:\program files\samsung\samsung link\samsung link.exe FirewallRules: [{918463A6-601C-4F75-BC6F-2FB4AD9C8E00}] => (Block) c:\program files\samsung\samsung link\samsung link.exe FirewallRules: [{A4E1741F-013F-4405-8841-197ACDBACF9F}] => (Allow) C:\Program Files\Opera beta\45.0.2552.89\opera.exe FirewallRules: [{59A766D9-AD66-403C-9B15-09133F82F319}] => (Allow) C:\Program Files\Opera beta\45.0.2552.225\opera.exe FirewallRules: [{464AF41A-B47D-4E4E-9D0C-5C285BBF8D55}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{A262C81E-03E5-4824-A8CF-8BB281D4647C}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe FirewallRules: [{85A3596E-B742-456C-B94B-ECF20F227941}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe FirewallRules: [{36AD6E5C-24F4-4C2E-BFA5-AC9E63728FBE}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe FirewallRules: [{E1D0150D-1C80-4981-ADEC-F2CF7EE7343C}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe ==================== Restore Points ========================= 28-04-2017 19:47:58 Scheduled Checkpoint 01-05-2017 17:18:53 Installed OttPlayer 03-05-2017 13:55:46 Driver Booster : AMD High Definition Audio Device 03-05-2017 18:11:28 Operazione di ripristino ==================== Faulty Device Manager Devices ============= Name: Microsoft Wi-Fi Direct Virtual Adapter Description: Scheda virtuale Microsoft Wi-Fi Direct Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/04/2017 04:41:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 10.0.14393.0, timestamp: 0x57899b1c Nome del modulo che ha generato l'errore: LicenseManager.dll, versione: 10.0.14393.1066, timestamp: 0x58d9f428 Codice eccezione: 0xc0000005 Offset errore 0x0000000000023b6b ID processo che ha generato l'errore: 0x2fc Ora di avvio dell'applicazione che ha generato l'errore: 0x01d2c4e465f0585c Percorso dell'applicazione che ha generato l'errore: C:\WINDOWS\system32\svchost.exe Percorso del modulo che ha generato l'errore: c:\windows\system32\LicenseManager.dll ID segnalazione: b962d9c3-98ce-46e6-8f8d-d72a9b243b7b Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (05/04/2017 02:27:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: svchost.exe, versione: 10.0.14393.0, timestamp: 0x57899b1c Nome del modulo che ha generato l'errore: LicenseManager.dll, versione: 10.0.14393.1066, timestamp: 0x58d9f428 Codice eccezione: 0xc0000005 Offset errore 0x0000000000023b6b ID processo che ha generato l'errore: 0x3f8 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d2c4d1a76e18a8 Percorso dell'applicazione che ha generato l'errore: C:\WINDOWS\system32\svchost.exe Percorso del modulo che ha generato l'errore: c:\windows\system32\LicenseManager.dll ID segnalazione: b49bd32f-ffa6-4358-873a-ab4a1b5d8261 Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (05/04/2017 06:08:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome dell'applicazione che ha generato l'errore: svchost.exe_LicenseManager, versione: 10.0.14393.0, timestamp: 0x57899b1c Nome del modulo che ha generato l'errore: LicenseManager.dll, versione: 10.0.14393.1066, timestamp: 0x58d9f428 Codice eccezione: 0xc0000005 Offset errore 0x0000000000023b6b ID processo che ha generato l'errore: 0x410 Ora di avvio dell'applicazione che ha generato l'errore: 0x01d2c48bf4675f52 Percorso dell'applicazione che ha generato l'errore: C:\WINDOWS\system32\svchost.exe Percorso del modulo che ha generato l'errore: c:\windows\system32\LicenseManager.dll ID segnalazione: 63d41e5c-9ad0-4dfe-8e1f-d8d95487cbde Nome completo pacchetto che ha generato l'errore: ID applicazione relativo al pacchetto che ha generato l'errore: Error: (05/04/2017 06:08:10 AM) (Source: ESENT) (EventID: 455) (User: ) Description: taskhostw (4952) WebCacheLocal: Si è verificato l'errore -1811 (0xfffff8ed) durante l'apertura del file di log C:\Users\tomasz\AppData\Local\Microsoft\Windows\WebCache\V010001E.log. Error: (05/03/2017 08:02:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TOM2-PC) Description: Il pacchetto Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe+App è stato interrotto perché la sospensione richiedeva troppo tempo. Error: (05/03/2017 06:48:22 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Errore non specificato durante l'esecuzione di Ripristino configurazione di sistema (Installed OttPlayer). Informazioni aggiuntive: 0x80070091. Error: (05/03/2017 06:12:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Servizi di crittografia: impossibile elaborare la chiamata OnIdentity() nell'oggetto writer del sistema. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/03/2017 02:59:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOM2-PC) Description: Attivazione dell'app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI non riuscita con errore: -2144927142 Per ulteriori informazioni, consulta il registro Microsoft-Windows-TWinUI/Operativo. Error: (05/03/2017 02:13:35 PM) (Source: ESENT) (EventID: 455) (User: ) Description: SettingSyncHost (3212) {C9740B03-AD2A-4FBE-BDA6-32681DC61959}: Si è verificato l'errore -1811 (0xfffff8ed) durante l'apertura del file di log C:\Users\tomasz\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00434.log. Error: (05/03/2017 02:13:19 PM) (Source: ESENT) (EventID: 455) (User: ) Description: SettingSyncHost (3212) {185672AD-7633-4536-BA0C-5209DBD03694}: Si è verificato l'errore -1811 (0xfffff8ed) durante l'apertura del file di log C:\Users\tomasz\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb0010A.log. System errors: ============= Error: (05/04/2017 05:00:50 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: Il server {784E29F4-5EBE-4279-9948-1E8FE941646D} non ha effettuato la registrazione con DCOM nel tempo richiesto. Error: (05/04/2017 04:59:55 PM) (Source: DCOM) (EventID: 10010) (User: TOM2-PC) Description: Il server {21F282D1-A881-49E1-9A3A-26E44E39B86C} non ha effettuato la registrazione con DCOM nel tempo richiesto. Error: (05/04/2017 04:57:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Servizio HvHost terminato con l'errore: Un dispositivo collegato al sistema non è in funzione. Error: (05/04/2017 04:57:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Le impostazioni delle autorizzazioni application-specific non concedono l'autorizzazione di Activation in Local per l'applicazione server COM con CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} e APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} all'utente NT AUTHORITY\SID LOCAL SERVICE (S-1-5-19) dall'indirizzo LocalHost (Using LRPC) in esecuzione nel SID del contenitore di applicazioni Unavailable (Unavailable). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (05/04/2017 04:57:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Le impostazioni delle autorizzazioni application-specific non concedono l'autorizzazione di Activation in Local per l'applicazione server COM con CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} e APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} all'utente NT AUTHORITY\SID LOCAL SERVICE (S-1-5-19) dall'indirizzo LocalHost (Using LRPC) in esecuzione nel SID del contenitore di applicazioni Unavailable (Unavailable). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (05/04/2017 04:56:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Arresto imprevisto del modulo di estendibilità WLAN. Percorso modulo: C:\WINDOWS\system32\Rtlihvs.dll Error: (05/04/2017 04:56:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Arresto imprevisto del modulo di estendibilità WLAN. Percorso modulo: C:\WINDOWS\system32\Rtlihvs.dll Error: (05/04/2017 04:56:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: Arresto imprevisto del modulo di estendibilità WLAN. Percorso modulo: C:\WINDOWS\system32\Rtlihvs.dll Error: (05/04/2017 04:56:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Le impostazioni delle autorizzazioni application-specific non concedono l'autorizzazione di Activation in Local per l'applicazione server COM con CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} all'utente NT AUTHORITY\SID SYSTEM (S-1-5-18) dall'indirizzo LocalHost (Using LRPC) in esecuzione nel SID del contenitore di applicazioni Unavailable (Unavailable). Per modificare tale autorizzazione di sicurezza, è possibile utilizzare lo strumento amministrativo Servizi componenti. Error: (05/04/2017 04:56:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Il servizio Windows Media Player Network Sharing Service è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Restart the service. CodeIntegrity: =================================== Date: 2017-04-04 18:15:56.344 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-04 17:07:24.141 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-04 16:43:57.187 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-03 16:02:09.013 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-03 06:29:37.308 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-03 06:22:11.205 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-03 04:11:39.485 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-02 20:17:36.911 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-02 20:02:05.523 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-04-02 13:09:06.836 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\AtihdWT6.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD E1-6010 APU with AMD Radeon R2 Graphics Percentage of memory in use: 55% Total physical RAM: 3544.26 MB Available physical RAM: 1569.96 MB Total Virtual: 7128.26 MB Available Virtual: 4789.63 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:425.63 GB) (Free:50.97 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.06 GB) NTFS Drive e: (PLYTA_RATUNKOWA) (CDROM) (Total:1.17 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 4323ABDA) Partition: GPT. ==================== End of Addition.txt ============================