Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by stan (2016-03-17 16:48:43) Running from C:\Users\stan\Downloads Windows 10 Home Version 1511 (X64) (2016-02-13 17:31:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2831285199-3536826771-1048164271-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2831285199-3536826771-1048164271-503 - Limited - Disabled) Guest (S-1-5-21-2831285199-3536826771-1048164271-501 - Limited - Disabled) stan (S-1-5-21-2831285199-3536826771-1048164271-1002 - Administrator - Enabled) => C:\Users\stan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee — ochrona antywirusowa i przed oprogramowaniem szpiegującym (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee — ochrona antywirusowa i przed oprogramowaniem szpiegującym (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) AirDroid 3.2.1.1 (HKLM-x32\...\AirDroid) (Version: 3.2.1.1 - Sand Studio) Aktualizacje NVIDIA 2.9.1.22 (Version: 2.9.1.22 - NVIDIA Corporation) Hidden ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden ASUS Console (HKLM\...\{6D989E08-8143-4AB8-B0A8-5B836235CAA4}) (Version: 1.0.5 - ASUS) Asus FaceID (HKLM-x32\...\{C4071085-DDF0-403F-90F9-27582FC22C9B}) (Version: 7.7.6.1 - ASUS) ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.1.7 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS) ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Ccleaner Business Edition x64 x86 Tom_Da_Man (HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\Ccleaner Business Edition x64 x86 Tom_Da_Man) (Version: - ) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0115 - Disc Soft Ltd) DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.0.1.0425 - Disc Soft Ltd) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.) DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden F4500 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation) GamerForest (HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\{468EB987-5B1F-44A5-97C0-EE278B3B0DFC}) (Version: - GamerForest) Garmin Express (HKLM-x32\...\{0733d53f-b41d-47cc-b336-d95751c4b2cb}) (Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{FD126052-310E-4364-937B-6B5564F24578}) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.2.8.25 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.2.8.17 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation) Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle) Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.0.0 - PandoraTV) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.) Media Go (HKLM-x32\...\{1CBCA994-0290-49AD-98D3-9013A0F102E6}) (Version: 2.9.406 - Sony) Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony) Media Go Video Playback Engine 2.16.105.12020 (HKLM-x32\...\{3A0F02F8-9A04-26AC-1446-38F32F00481A}) (Version: 2.16.105.12020 - Sony) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) NVIDIA Sterownik graficzny 361.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.91 - NVIDIA Corporation) Panel sterowania NVIDIA 361.91 (Version: 361.91 - NVIDIA Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Sony PC Companion 2.10.281 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.281 - Sony) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - ) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 6.0.0.66) (HKLM\...\1EFB54678773735560B565BE7FA6F2BCC557EE21) (Version: 06/17/2015 6.0.0.66 - ASUS) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\stan\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0F38E735-936D-4943-A714-B78A179638B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-11] (Microsoft Corporation) Task: {1342A886-F29C-4DAF-8723-1DEAB7EE7B9A} - System32\Tasks\GamerForest Updater => C:\Users\stan\AppData\Local\GamerForest\updater.exe [2015-08-25] (GamerForest) Task: {285B4D1B-159E-48DF-8003-28CAE726D2FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard) Task: {346A4805-5484-4EFA-9135-F8213FBA9096} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor) Task: {36479CDD-1DF2-4561-BC0A-7E11A2736F38} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {36E27157-D0DB-4D2D-A708-3BCE4417161E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.) Task: {3B5ED5CE-34A1-4341-B1A7-4D50008DEA07} - System32\Tasks\ASUS Console => C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe [2014-02-06] (ASUSTek Computer Inc.) Task: {528AD976-B9D9-40A8-A9A2-F095FFD3BCAD} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-17] (McAfee, Inc.) Task: {58E48A2C-7A4F-4C9D-A2E8-DEC3BD6E0941} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {5ABD0269-2C73-41F4-AEDB-AA2DA06868D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {5D4758BA-F86F-46B1-A935-7DF46C9AD681} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] () Task: {5E588565-F2B0-4838-8F6C-30324923CF9D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.) Task: {6206DF8D-2C1A-4214-9F5C-E6E406536207} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.) Task: {688541B5-B773-436D-8409-5E1FF03D7F71} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.) Task: {6D76DF53-AF31-483F-A6D2-EB31A44EEDF3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {73901CBE-16EA-4CDB-B2E5-EB083DD23653} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard) Task: {751D2A97-67FC-4B3D-8185-AEB95FC6357D} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-17] (McAfee, Inc.) Task: {80CF4F10-3812-4933-BF65-DCB8D07301D4} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-02-11] () Task: {80FA0CDE-AC67-4F13-A1AC-DF9D5FBDC9E3} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS) Task: {81F68659-E192-42CE-8065-683397A5CF1F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.) Task: {834B15D1-0A1F-451B-A903-804271B153CE} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-avaloon19705@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated) Task: {835E0373-83E0-45F0-9D28-80C55ECECF5A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {8CDE6F4F-5694-4759-AC0D-7F69EC015ED9} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-11] (ASUS) Task: {8DD37686-ED32-4360-90AF-C49DF6902383} - System32\Tasks\GamerForest Support => C:\Users\stan\AppData\Local\GamerForest\gfore_run.exe [2015-08-25] (GamerForest) Task: {905F7E86-77E7-4F9E-9A00-74C37F812B7B} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe Task: {90A95B9D-4233-4D1E-868C-DFCEFF96B440} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {91691E3A-B22B-4968-A324-23AE6068CFF1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {9349361D-D43B-40F2-8B91-5057487A723E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.) Task: {9A4FE020-29D9-4426-9B59-79578BDB4F3A} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe Task: {A14F99F7-5978-4A94-BE70-0345FFFC97BB} - System32\Tasks\UpdateTask => C:\Users\stan\AppData\Local\{C341F~1\UNINST~1.EXE Task: {A23B7711-987C-412E-8BA7-2295AE08C30E} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.) Task: {A567E2DA-D66A-485B-BC89-CB68F3BB21F0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {B2AC41C5-31C7-42C2-8E30-7FDA081BBF33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {B65DE533-51BD-43DD-9471-3C9576EE760E} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {C3810534-A781-462D-86EF-8C5540D7FC9F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {CE1CC270-3197-463C-BEFA-86AB4D1F060A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.) Task: {D818E433-EFEE-4D41-B95D-AB609A387F66} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-24] (Realtek Semiconductor) Task: {DC5C66E1-4A94-4F92-9B4B-BEACA5BA64C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {E3784814-3BA1-4F99-A58C-78DD0749EFDC} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.) Task: {E40E63A5-2A2B-4AE6-ACF8-60DC34AC9FF9} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ASUS-stan Asus => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {E74C6C10-BCF7-4664-ADB9-1D4CE70681E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard) Task: {F439E50D-7A30-4AEC-938D-A2C006BC22B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.) Task: {F95D6CD8-1AEE-4307-BAF1-B97D77840C9D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {FCE52EFC-EB8C-4E49-8C8D-355BB310328E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GamerForest Support.job => C:\Users\stan\AppData\Local\GAMERF~1\gfore_run.exe Task: C:\WINDOWS\Tasks\GamerForest Updater.job => C:\Users\stan\AppData\Local\GamerForest\updater.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\UpdateTask.job => C:\Users\stan\AppData\Local\{C341F~1\UNINST~1.EXE ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-02-21 11:48 - 2016-01-12 04:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-02-13 16:54 - 2016-02-09 05:29 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-03-05 20:30 - 2016-02-23 11:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2014-02-11 16:08 - 2014-02-11 16:08 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2014-02-11 16:08 - 2014-02-11 16:08 - 00028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll 2016-03-05 20:30 - 2016-02-23 11:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-01-28 18:55 - 2016-01-28 18:55 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-02-13 16:46 - 2016-02-13 16:46 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-05 20:30 - 2016-02-23 08:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-02-13 16:46 - 2016-02-13 16:46 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-02-13 16:46 - 2016-02-13 16:46 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-02-13 16:46 - 2016-02-13 16:46 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-02-13 16:46 - 2016-02-13 16:46 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-03-15 18:21 - 2016-03-08 02:51 - 02140824 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll 2016-03-15 18:21 - 2016-03-08 02:51 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll 2015-03-17 00:34 - 2015-03-17 00:34 - 00141312 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pl_pl\PDFMaker\PDFMOutlookAddin.POL 2015-12-18 15:42 - 2015-12-18 15:42 - 06999736 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\X64\AdobePDFMakerX.dll 2015-12-18 15:42 - 2015-12-18 15:42 - 03365376 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pl_PL\PDFMaker\AdobePDFMakerX.POL 2012-10-01 19:36 - 2012-10-01 19:36 - 01408624 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll 2015-09-30 20:47 - 2015-09-30 20:47 - 02861752 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\X64\SendAsLinkX.dll 2015-07-03 05:09 - 2015-07-03 05:09 - 00231424 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pl_PL\Adobe Send\SendAsLinkX.POL 2016-02-24 12:48 - 2016-02-24 12:49 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-13 17:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-02-13 17:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-02-13 17:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2016-02-13 17:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-10-08 19:41 - 2013-10-08 19:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2013-09-09 17:23 - 2013-09-09 17:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2015-08-25 08:20 - 2016-01-12 04:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-02-24 12:48 - 2016-02-24 12:49 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-02-24 12:48 - 2016-02-24 12:49 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7871 more sites. IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\123simsen.com -> www.123simsen.com There are 7871 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2016-03-13 07:55 - 00450956 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15469 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\stan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dsc_5260.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: lfsvc => 3 HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "ASUS InstantKey" HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent" HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall" HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer" HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-2831285199-3536826771-1048164271-1002\...\StartupApproved\Run: => "GarminExpressTrayApp" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{5D45AF55-5DC9-4902-B811-EFB29C461BD9}] => (Block) C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [{2658EA0B-3F1B-4EA5-BDB1-234CD2CFBC03}] => (Block) C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [UDP Query User{68403354-0DE3-4FF3-9F19-4853832B72EA}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [TCP Query User{C06CE477-FBE4-42BF-9554-614C7DFC98C7}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [{965A151B-6F7E-4E67-AAE9-1443BE9D5B28}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{D59DD639-1B2A-4208-8ABD-5F04D4457011}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe FirewallRules: [{9BE1237C-6506-47A7-B18C-095D5C623053}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{AAEBB010-16AC-4F30-8F9D-8FDF167AEFE4}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{90C4D568-084A-466B-82A7-A854658D3D8C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{59CDE99E-8347-40A8-B15E-770BFFBD0423}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{F4E67857-79FE-457E-B1FF-E169C94B7415}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{04F16E0B-5603-49B8-AC5E-00B3F77199A3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{EE605B17-03FF-4B23-ABE5-5829BB436BBA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{B27666C6-7F4A-43F8-B529-8011A1D2D189}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{908818A9-9210-4C58-B9B7-C7FD21AD87D4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{2DBC424A-406E-4475-B7C7-16FD8B8FC3FA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{90BEF57D-6633-4C0D-A26C-E3C0FACD764B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{00E80AAE-BF62-4593-A8A2-EB5F57591DCB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{0B2F3B68-3BE4-4549-9E08-C8C5D024E0E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{7DA24154-F5A3-453C-B4F3-3186F63532B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{4485CBF8-0CD7-4E34-BFF9-53E788EDB905}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{33914543-F8E0-4BA8-8ECB-8D1DC263F103}] => (Allow) C:\Users\stan\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{28E2716C-B02E-488A-9DEA-82DA23045D17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{AA67EBA1-CA74-43C4-838C-0C11E180B10E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{15520ED6-F7EA-4F0E-9BF7-4F702072EF06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{47B3F9D2-6A0A-4F7D-9219-90C3FA2E33A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{2D76EE2B-BFCA-4312-AD2B-A44A7A5F2024}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{BA69640F-DB6F-4A8F-9802-F2CB3C58C762}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{4E5B83CC-E9FD-4B29-964E-ACE65AAD6EE9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{17CB152B-0B11-4B9F-B576-15A402011EDC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B437F106-9975-4AA0-83D2-ECF677BFA942}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{24CD7BD3-40DB-4752-9D33-9BFF6726B30F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{389725A3-DAB3-4A4B-946F-F794212DBC5E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{D48F6F7F-BD46-41F0-BD6B-37F58504FF32}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{ACF5FCB1-F4A0-46FB-BC7B-1E5DF8B2A2E3}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{CB0F38B4-301F-410B-ABA0-6CC08FBB6DA4}] => (Allow) C:\Users\stan\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{89B1C512-EF93-4C5C-ADA6-0283CBA26574}] => (Allow) C:\Users\stan\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F8871B0D-0C0E-4C02-A80C-093ECF5B8DF7}] => (Allow) C:\Users\stan\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6CB5E5E7-8A76-44A0-B09F-A6597FC4CB61}] => (Allow) C:\Users\stan\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F3892D8B-A261-4B59-89ED-47ECCC6D92AE}] => (Allow) C:\Users\stan\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BF8AE59A-9F5C-4792-B367-C8F5E2F03F70}] => (Allow) C:\Users\stan\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{51947DA0-54A4-4082-9BFB-14661E8993E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 03-03-2016 18:19:39 Windows Update 04-03-2016 19:35:05 Operacja przywracania 06-03-2016 16:43:12 Windows Modules Installer 11-03-2016 20:24:29 Windows Update ==================== Faulty Device Manager Devices ============= Name: Deskjet F4500 series Description: Deskjet F4500 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Deskjet F4500 Description: HP Deskjet F4500 Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Hewlett-Packard Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/17/2016 04:36:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: igfxHK.exe, wersja: 6.15.10.4331, sygnatura czasowa: 0x564cc83e Nazwa modułu powodującego błąd: igfxHK.exe, wersja: 6.15.10.4331, sygnatura czasowa: 0x564cc83e Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x0000000000015953 Identyfikator procesu powodującego błąd: 0x124c Godzina uruchomienia aplikacji powodującej błąd: 0xigfxHK.exe0 Ścieżka aplikacji powodującej błąd: igfxHK.exe1 Ścieżka modułu powodującego błąd: igfxHK.exe2 Identyfikator raportu: igfxHK.exe3 Pełna nazwa pakietu powodującego błąd: igfxHK.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: igfxHK.exe5 Error: (03/17/2016 10:30:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: igfxHK.exe, wersja: 6.15.10.4331, sygnatura czasowa: 0x564cc83e Nazwa modułu powodującego błąd: igfxHK.exe, wersja: 6.15.10.4331, sygnatura czasowa: 0x564cc83e Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x0000000000015953 Identyfikator procesu powodującego błąd: 0x18cc Godzina uruchomienia aplikacji powodującej błąd: 0xigfxHK.exe0 Ścieżka aplikacji powodującej błąd: igfxHK.exe1 Ścieżka modułu powodującego błąd: igfxHK.exe2 Identyfikator raportu: igfxHK.exe3 Pełna nazwa pakietu powodującego błąd: igfxHK.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: igfxHK.exe5 Error: (03/17/2016 09:56:24 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (03/17/2016 09:51:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: igfxHK.exe, wersja: 6.15.10.4331, sygnatura czasowa: 0x564cc83e Nazwa modułu powodującego błąd: igfxHK.exe, wersja: 6.15.10.4331, sygnatura czasowa: 0x564cc83e Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x0000000000015953 Identyfikator procesu powodującego błąd: 0x139c Godzina uruchomienia aplikacji powodującej błąd: 0xigfxHK.exe0 Ścieżka aplikacji powodującej błąd: igfxHK.exe1 Ścieżka modułu powodującego błąd: igfxHK.exe2 Identyfikator raportu: igfxHK.exe3 Pełna nazwa pakietu powodującego błąd: igfxHK.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: igfxHK.exe5 Error: (03/17/2016 08:18:25 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (03/17/2016 08:09:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ASUS) Description: Aktywacja aplikacji Microsoft.Windows.Photos_8wekyb3d8bbwe!App nie powiodła się. Błąd: -2147023170. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (03/17/2016 08:08:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: igfxHK.exe, wersja: 6.15.10.4331, sygnatura czasowa: 0x564cc83e Nazwa modułu powodującego błąd: igfxHK.exe, wersja: 6.15.10.4331, sygnatura czasowa: 0x564cc83e Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x0000000000015953 Identyfikator procesu powodującego błąd: 0x2648 Godzina uruchomienia aplikacji powodującej błąd: 0xigfxHK.exe0 Ścieżka aplikacji powodującej błąd: igfxHK.exe1 Ścieżka modułu powodującego błąd: igfxHK.exe2 Identyfikator raportu: igfxHK.exe3 Pełna nazwa pakietu powodującego błąd: igfxHK.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: igfxHK.exe5 Error: (03/16/2016 03:14:24 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (03/16/2016 03:04:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: igfxHK.exe, wersja: 6.15.10.4331, sygnatura czasowa: 0x564cc83e Nazwa modułu powodującego błąd: igfxHK.exe, wersja: 6.15.10.4331, sygnatura czasowa: 0x564cc83e Kod wyjątku: 0xc0000409 Przesunięcie błędu: 0x0000000000015953 Identyfikator procesu powodującego błąd: 0x5e8 Godzina uruchomienia aplikacji powodującej błąd: 0xigfxHK.exe0 Ścieżka aplikacji powodującej błąd: igfxHK.exe1 Ścieżka modułu powodującego błąd: igfxHK.exe2 Identyfikator raportu: igfxHK.exe3 Pełna nazwa pakietu powodującego błąd: igfxHK.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: igfxHK.exe5 Error: (03/15/2016 06:03:23 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 System errors: ============= Error: (03/17/2016 04:53:32 PM) (Source: DCOM) (EventID: 10010) (User: ASUS) Description: {A951719F-3DC3-4A20-90F8-54DBCE88AB99} Error: (03/17/2016 04:53:02 PM) (Source: DCOM) (EventID: 10010) (User: ASUS) Description: {A951719F-3DC3-4A20-90F8-54DBCE88AB99} Error: (03/17/2016 04:52:31 PM) (Source: DCOM) (EventID: 10010) (User: ASUS) Description: {A951719F-3DC3-4A20-90F8-54DBCE88AB99} Error: (03/17/2016 04:52:01 PM) (Source: DCOM) (EventID: 10010) (User: ASUS) Description: {A951719F-3DC3-4A20-90F8-54DBCE88AB99} Error: (03/17/2016 04:51:31 PM) (Source: DCOM) (EventID: 10010) (User: ASUS) Description: {A951719F-3DC3-4A20-90F8-54DBCE88AB99} Error: (03/17/2016 04:51:01 PM) (Source: DCOM) (EventID: 10010) (User: ASUS) Description: {A951719F-3DC3-4A20-90F8-54DBCE88AB99} Error: (03/17/2016 04:50:31 PM) (Source: DCOM) (EventID: 10010) (User: ASUS) Description: {A951719F-3DC3-4A20-90F8-54DBCE88AB99} Error: (03/17/2016 04:50:00 PM) (Source: DCOM) (EventID: 10010) (User: ASUS) Description: {A951719F-3DC3-4A20-90F8-54DBCE88AB99} Error: (03/17/2016 04:49:30 PM) (Source: DCOM) (EventID: 10010) (User: ASUS) Description: {A951719F-3DC3-4A20-90F8-54DBCE88AB99} Error: (03/17/2016 04:49:00 PM) (Source: DCOM) (EventID: 10010) (User: ASUS) Description: {A951719F-3DC3-4A20-90F8-54DBCE88AB99} CodeIntegrity: =================================== Date: 2016-03-15 17:58:12.481 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-14 18:00:38.940 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-14 07:58:52.384 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-07 12:59:47.702 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-06 16:50:19.006 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-04 20:10:20.783 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-03 23:19:21.015 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-03 23:12:00.978 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-28 18:28:48.644 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-27 13:41:22.300 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz Percentage of memory in use: 43% Total physical RAM: 7883.06 MB Available physical RAM: 4461.41 MB Total Virtual: 9099.06 MB Available Virtual: 5515.71 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:284.52 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Data) (Fixed) (Total:542.8 GB) (Free:542.59 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 57F3B677) Partition: GPT. ==================== End of Addition.txt ============================