Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015 Ran by user (2015-11-09 14:50:17) Running from C:\Users\user\Downloads\gmer Windows 7 Professional Service Pack 1 (X64) (2015-01-19 16:30:16) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3455464757-3093656346-2702893615-500 - Administrator - Disabled) Gast (S-1-5-21-3455464757-3093656346-2702893615-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3455464757-3093656346-2702893615-1002 - Limited - Enabled) user (S-1-5-21-3455464757-3093656346-2702893615-1000 - Administrator - Enabled) => C:\Users\user ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E} AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3455464757-3093656346-2702893615-1000\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Reader XI (11.0.13) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) Airline Tycoon Evolution (HKLM-x32\...\{16E43D5F-5296-4D53-B303-9D951AFE510F}) (Version: - ) Airytec Switch Off (HKLM\...\Airytec Switch Off) (Version: 3.5.1 - Airytec) Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.38.0 - Alcor Micro Corp.) Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.38.0 - Alcor Micro Corp.) Hidden Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Baldur's Gate II - Enhanced Edition (HKLM-x32\...\1207666373_is1) (Version: 2.0.0.1 - GOG.com) Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform) CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CrystalDiskInfo 6.3.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World) Driver Booster 3.0 (HKLM-x32\...\Driver Booster_is1) (Version: 3.0 - IObit) EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Governor of Poker 2 Premium Edition v1.0 Multi (HKLM-x32\...\{8BF806C4-2D77-4F67-8435-D4BDCEB665A8}_is1) (Version: - My Company, Inc.) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) Heroes of Might and Magic III - Złota Edycja (HKLM-x32\...\Heroes of Might and Magic III - Złota Edycja_is1) (Version: - ) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.08.1017 - Hewlett-Packard Company) HP Softpaq SP45367 (HKLM-x32\...\SP45367) (Version: - ) HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company) HP System Default Settings (HKLM-x32\...\{EE5F1911-EA95-4F1A-AF97-495972F5032D}) (Version: 2.4.3.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT) Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation) Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation) IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan) Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.) KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.2.7.240 - Recisio) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation) Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean) Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Panda Devices Agent (x32 Version: 1.03.05 - Panda Security) Hidden Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.00.01.0000 - Panda Security) Panda Free Antivirus (Version: 8.03.00.0000 - Panda Security) Hidden Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.9 - Panda Security and Visicom Media Inc.) PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) Radeon RAMDisk (HKLM-x32\...\{90AC17CF-3394-4349-A1B8-ECC2C18CD787}) (Version: 4.4.0.32 - Dataram, Inc.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.49.1 - Synaptics Incorporated) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) UltraStar Deluxe (HKLM-x32\...\UltraStar Deluxe) (Version: 1.1 - USDX Team) Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.) VirtualDJ PRO Full (HKLM-x32\...\{311545C7-3432-4EB3-9229-D5E8DB10AE8A}) (Version: 7.2 - Atomix Productions) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows 7 Codec Pack 4.1.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.0 - Windows 7 Codec Pack) Windows Driver Package - Sagem, SA (SG762_64) Net (10/28/2005 6.3.0.0) (HKLM\...\DBDB2B2E231D0260DB18F8EAFCA6C8AE7C206629) (Version: 10/28/2005 6.3.0.0 - Sagem, SA) WinRAR 5.20 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Worms Armageddon (HKLM-x32\...\Worms Armageddon) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-10-28 05:32 - 00000828 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {14968155-0568-4BE2-9002-BBEFFD9C4065} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {24237DCF-E5B8-4EF6-B4D2-A56EAFE8622F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {25ED5BC3-10CC-48ED-93CB-F55B7B72108B} - System32\Tasks\{A785BDC3-EA77-4CFB-B446-28129F11A650} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4UPCHB0\sp52211.exe" -d C:\Users\Administrator\Desktop Task: {2BB17D4E-02B0-4934-A81A-35C1EC2E8B63} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd) Task: {50186475-7912-4CB1-AD3A-A4016D99BBEC} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-10-16] (IObit) Task: {6795F5F2-457E-45EC-AEE0-81BEC4DE31DE} - System32\Tasks\{97F9A8A6-0A04-4FCB-B979-581D1F680188} => pcalua.exe -a C:\Users\user\Downloads\sp61783.exe -d C:\Users\user\Downloads Task: {68271B30-EB14-41AB-A0A8-CB6C0FEB2BF9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {6EDB8218-6DD9-4455-A1A9-833CA51B72B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company) Task: {749F71EB-6B4A-469E-A98B-B1AF5B7C4A96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {7C126D02-5C56-4F87-B01F-258C4879A02D} - System32\Tasks\{EE207310-3657-4921-888A-BC1576655CC5} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KG5G8L6C\sp55757.exe" -d C:\Users\Administrator\Desktop Task: {7C85F6D7-5A89-4371-87B6-46AC53B18B91} - System32\Tasks\Driver Booster SkipUAC (user) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-10-22] (IObit) Task: {86FB52D6-41DC-47B9-8474-6D485B520E1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {878C2334-1001-48AA-9C9C-11FBAF938A6E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated) Task: {9790C64C-1B2A-4584-840E-A2ADC21D4898} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company) Task: {9ED8420B-7CE5-4B2A-99B4-F812FF740749} - System32\Tasks\{D5B23B92-5528-49B5-A7AF-4D30BA9F1090} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO44V2D5\sp54614.exe" -d C:\Users\Administrator\Desktop Task: {C9DBB28D-2647-41C4-8EC4-44A94521C598} - System32\Tasks\{4263683A-706B-4A3F-8F63-2D51FA86BC01} => pcalua.exe -a "C:\Users\user\Downloads\dxwebsetup (1).exe" -d C:\Users\user\Downloads Task: {D36D0AA6-3E4E-4F2B-B98C-88F63306A13C} - System32\Tasks\BatteryCareAuto => C:\Program Files (x86)\BatteryCare\BatteryCare.exe Task: {D464F946-6549-4A8B-88FD-B6FEA9C7EAF9} - System32\Tasks\{72FB0EC8-F6F1-4A08-AECA-F3BD82B2B52D} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNQIDYNS\sp54317.exe" -d C:\Users\Administrator\Desktop Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2011-07-19 01:48 - 2011-07-19 01:48 - 00156216 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2011-10-12 10:55 - 2011-10-12 10:55 - 00213328 _____ () C:\Windows\system32\PassThroughOTP.dll 2011-03-25 16:19 - 2011-03-25 16:19 - 00205088 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2012-12-12 15:17 - 2011-10-21 17:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll 2015-10-23 01:38 - 2015-10-20 15:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll 2015-10-23 01:38 - 2015-10-20 15:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3455464757-3093656346-2702893615-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 62.179.1.63 - 62.179.1.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AESTFilters => 2 MSCONFIG\Services: AgereModemAudio => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: AMPPALR3 => 2 MSCONFIG\Services: BTHSSecurityMgr => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: nvsvc => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Games\HEROES\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe" MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{CA4E94FE-97C6-4274-8004-34E9D87A85B6}] => (Allow) C:\Users\user\AppData\Local\Temp\nsc33CE.tmp\CnetInstaller-10515039.exe FirewallRules: [{CD7FBCC7-88D2-4369-8D1C-D546BE1A0657}] => (Allow) C:\Users\user\AppData\Local\Temp\nsc33CE.tmp\CnetInstaller-10515039.exe FirewallRules: [{AFE5D381-5C9F-4A4E-821E-751632649ECC}] => (Allow) C:\Users\user\AppData\Local\Temp\nswED5C.tmp\CnetInstaller-76011874.exe FirewallRules: [{43CD76AC-7A60-438E-A598-895C0A8C9524}] => (Allow) C:\Users\user\AppData\Local\Temp\nswED5C.tmp\CnetInstaller-76011874.exe FirewallRules: [{2958F481-1017-42BD-A51E-06526E293447}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{32AE971D-1066-40DF-847B-30AACEA4528D}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{565CBF03-B53F-4EC3-8021-F813CCB53FD8}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8A57AC62-B45E-479A-96D0-FBC51BCA5185}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{02A0EE98-812C-4E47-B786-9F224014FCB2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{06D5CE54-5F1C-458A-B616-F20EAE5BF47E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B3AD05FA-760A-48A7-BE46-522CEEAFBD26}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [TCP Query User{5F573C47-C126-49E5-8B16-D71796A6A450}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe FirewallRules: [UDP Query User{C39E17EA-2185-476F-B06B-947D780B6F86}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe FirewallRules: [TCP Query User{E3C5F722-5959-4AE9-B096-FF7F41A2520F}D:\games\heroes\gra\_hd3_data\heroes3.exe] => (Block) D:\games\heroes\gra\_hd3_data\heroes3.exe FirewallRules: [UDP Query User{27B10EF3-C891-4383-943A-022E2D2CEE59}D:\games\heroes\gra\_hd3_data\heroes3.exe] => (Block) D:\games\heroes\gra\_hd3_data\heroes3.exe FirewallRules: [TCP Query User{8FF74E92-EBC6-4945-8D80-97D627F44CA9}D:\games\heroes\gra\_hd3_data\heroes3.exe] => (Allow) D:\games\heroes\gra\_hd3_data\heroes3.exe FirewallRules: [UDP Query User{9491AC03-44A7-4E33-83E0-C905214F0853}D:\games\heroes\gra\_hd3_data\heroes3.exe] => (Allow) D:\games\heroes\gra\_hd3_data\heroes3.exe FirewallRules: [TCP Query User{FE07DC1C-0AC3-4920-9C88-A2743C92BF21}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{CBAA4032-7B8F-4C58-BAB6-00361FC8F842}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [TCP Query User{E99656D3-8A19-4383-B9E9-51F95DF1D47A}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{F31BC474-3E7D-4633-A0F5-8B12AB778EE3}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [TCP Query User{7CC9CD00-7262-4578-AFE3-6B860DE42CAD}D:\games\worms\wa.exe] => (Allow) D:\games\worms\wa.exe FirewallRules: [UDP Query User{A28392AD-D808-4162-81ED-B5DF26032776}D:\games\worms\wa.exe] => (Allow) D:\games\worms\wa.exe FirewallRules: [{35869365-2713-44AA-A0A7-6B6712493002}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{4F09BF2F-9C58-4F84-8515-3FD0733E4532}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{4F952D9D-47D4-4B46-AAA0-34F10388A93C}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{51953902-BB67-4280-B611-B105D6E60AE2}] => (Allow) LPort=1542 FirewallRules: [{B4E5C707-BAEC-4BDF-AD22-7F135EA2A129}] => (Allow) LPort=1542 FirewallRules: [{7D5EC2FE-929B-4E99-AB3B-0905CEFFAFE0}] => (Allow) LPort=53 FirewallRules: [{F0D9BDEB-B90A-4D47-80B3-A0B37C7435AB}] => (Allow) LPort=67 FirewallRules: [{FA0C8EAB-3430-437D-8E1D-D5668342A55F}] => (Allow) LPort=68 FirewallRules: [{935360CB-D878-45E8-A08D-6F71299068EF}] => (Allow) LPort=53 FirewallRules: [{758C4D63-50CE-4C04-9BAF-6108BFEC7716}] => (Allow) LPort=53 FirewallRules: [{70234B30-7FA5-431F-93DF-4D7E25973CD7}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\Rtldhcp.exe FirewallRules: [{7A5737E3-0FB7-4E15-9A87-047D38B65DD3}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe FirewallRules: [{5B50493B-CF24-4597-9E0D-BE41D8708A40}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe FirewallRules: [{3D6DD6F1-F4EE-4DCD-B553-D67F5380DA10}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [{AA64165C-5A6F-4B1D-9C0B-9E8F190B9C4D}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe FirewallRules: [TCP Query User{D88FA1D3-8CBE-410F-9BAB-643C919B9855}D:\games\airline tycoon evolution\at.exe] => (Block) D:\games\airline tycoon evolution\at.exe FirewallRules: [UDP Query User{99DAA374-BD1C-4A1E-BE2D-0544DCE2CC93}D:\games\airline tycoon evolution\at.exe] => (Block) D:\games\airline tycoon evolution\at.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Broadcom 2070 Bluetooth Description: Broadcom 2070 Bluetooth Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Intel(R) 82579LM Gigabit Network Connection Description: Intel(R) 82579LM Gigabit Network Connection Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: e1cexpress Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/09/2015 02:42:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/09/2015 02:42:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0 Error: (11/09/2015 02:42:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0 Error: (11/09/2015 02:42:35 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0 Error: (11/08/2015 07:02:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gmer.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83 Faulting module name: gmer.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83 Exception code: 0xc0000005 Fault offset: 0x0008d93e Faulting process id: 0xda8 Faulting application start time: 0xgmer.exe0 Faulting application path: gmer.exe1 Faulting module path: gmer.exe2 Report Id: gmer.exe3 Error: (11/08/2015 06:43:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/08/2015 06:42:50 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0 Error: (11/08/2015 06:42:50 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0 Error: (11/08/2015 06:42:50 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY) Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0 Error: (11/08/2015 05:19:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/09/2015 02:42:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The rimmptsk service failed to start due to the following error: %%1058 Error: (11/09/2015 02:42:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Portrait Displays SDK Service service failed to start due to the following error: %%2 Error: (11/09/2015 02:42:34 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 14:40:56 on ‎2015-‎11-‎09 was unexpected. Error: (11/08/2015 06:42:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The rimmptsk service failed to start due to the following error: %%1058 Error: (11/08/2015 06:42:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Portrait Displays SDK Service service failed to start due to the following error: %%2 Error: (11/08/2015 06:41:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (11/08/2015 06:41:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (11/08/2015 06:41:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (11/08/2015 06:41:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (11/08/2015 06:41:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2015-11-04 01:13:42.376 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-04 01:13:40.318 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-04 01:13:35.610 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-04 01:09:44.526 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-20 14:25:09.488 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-20 14:24:38.814 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-20 14:24:34.560 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-20 14:24:34.379 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-20 14:24:33.034 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-15 05:02:16.188 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\AESTAC64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz Percentage of memory in use: 45% Total physical RAM: 6054.36 MB Available physical RAM: 3290.82 MB Total Virtual: 12061.57 MB Available Virtual: 8879.46 MB ==================== Drives ================================ Drive c: (system) (Fixed) (Total:80.59 GB) (Free:33.53 GB) NTFS Drive d: (dane) (Fixed) (Total:138 GB) (Free:26.05 GB) NTFS Drive i: (muza) (Fixed) (Total:535.83 GB) (Free:29.8 GB) NTFS Drive k: (karaoke) (Fixed) (Total:176.73 GB) (Free:11.08 GB) NTFS Drive z: (stary dysk) (Fixed) (Total:148.7 GB) (Free:99.87 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 49881C12) Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=148.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 092F225D) Partition 1: (Active) - (Size=361 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=80.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=850.6 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================