Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Brunoxp (2016-03-28 22:01:22) Running from C:\Users\Brunoxp\Desktop Windows 10 Pro N (X64) (2015-08-07 17:48:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2859653239-1582936044-2243940205-500 - Administrator - Disabled) Brunoxp (S-1-5-21-2859653239-1582936044-2243940205-1001 - Administrator - Enabled) => C:\Users\Brunoxp DefaultAccount (S-1-5-21-2859653239-1582936044-2243940205-503 - Limited - Disabled) Guest (S-1-5-21-2859653239-1582936044-2243940205-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2859653239-1582936044-2243940205-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.2.0.1120 - 360 Security Center) Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{B73DADFD-55B4-2DB6-2A03-7162A7D5AC81}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) ArchiCAD 18 INT (HKLM\...\001FFF2FFF18FF00FF0701F01F02F000-R1) (Version: 18.0 - GRAPHISOFT) ASUS Xonar DX Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version: - ASUSTeK Computer Inc.) calibre (HKLM-x32\...\{5AD205E9-E80E-4F4B-88A5-C6B5CC12BBE4}) (Version: 2.48.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) CodeMeter Runtime Kit v5.10a (HKLM\...\{CADFF08A-A157-474F-B6A8-8F26F81F7ABE}) (Version: 5.10.1224.501 - WIBU-SYSTEMS AG) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd) Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - ) ffdshow x64 v1.3.4527 [2013-12-03] (HKLM\...\ffdshow64_is1) (Version: 1.3.4527.0 - ) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.5 - Ellora Assets Corporation) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Greenshot 1.2.4.10 (HKLM\...\Greenshot_is1) (Version: 1.2.4.10 - Greenshot) Intel(R) Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.3.400 - Intel Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.1.5 - PandoraTV) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 45.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 pl)) (Version: 45.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla) MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Napisy24 (HKLM-x32\...\{D1985DBC-F09E-4317-91B8-932AD0FD4A27}_is1) (Version: 1.1 - Napisy24.pl) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Poczta usługi Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Raptr (HKLM-x32\...\Raptr) (Version: - ) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.6.0.13 - GOG.com) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.12.1.0 - GOG.com) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) World of Warships (HKU\S-1-5-21-2859653239-1582936044-2243940205-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2859653239-1582936044-2243940205-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Brunoxp\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {22DEAC17-CFE9-48B5-827A-81BB2F2333B8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {273AB5E5-346E-4BD2-AA61-9343F5642C2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {44B9F7AD-0C5F-463E-AE72-3DE8791252BC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {5782FEBB-7896-42F9-97C8-EE41C651DE46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {6E7079E2-2DEE-4744-A894-66CE82D2A577} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {703EB456-CB49-4DE8-B434-C2FB9C5DF74E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {787C769A-996A-4773-B695-14ADB070D145} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-14] (Adobe Systems Incorporated) Task: {80DAB343-6CEC-4EE6-B3D5-A0ADF577B6DD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {8673A145-4B43-4699-9560-1C36D9D55959} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {88851601-DA6A-45EE-A6B3-91060829C0A7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {B77E190B-AE5A-4B67-B88D-63774E8D2FD9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {BF8C9125-BFC8-4AEA-9CD7-5E8950B91CC7} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation) Task: {D22D11BB-E985-461F-963B-C6B849E041B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D2E5BC36-D6B7-4289-BE35-1000480F0300} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation) Task: {D8CB05EC-8289-4335-87C5-33A357AFCBB4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {F76B67F3-E239-45D7-8AD6-002B34BF2353} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-08-07 21:37 - 2015-08-07 21:37 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-08-19 16:43 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-10-04 19:23 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-04 19:23 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2016-03-28 11:29 - 2016-03-10 11:57 - 00614480 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll 2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () D:\Notepad++\NppShell_06.dll 2015-10-04 19:23 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 12:58 - 2015-07-10 12:58 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2015-12-09 00:25 - 2015-11-25 06:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-12-09 00:25 - 2015-11-25 06:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-09 00:25 - 2015-11-25 06:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-04 19:23 - 2015-09-17 07:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 12:59 - 2015-07-10 18:30 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2016-03-11 22:31 - 2016-03-11 22:31 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll 2016-03-04 23:21 - 2016-03-04 23:21 - 00016384 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-03-04 23:21 - 2016-03-04 23:21 - 16062976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-03-04 23:21 - 2016-03-04 23:21 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2015-07-10 12:58 - 2015-07-10 12:58 - 00060416 _____ () C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Microsoft.CloudExperienceHost.dll 2016-03-28 11:29 - 2016-03-10 11:57 - 00098736 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll 2015-03-07 18:43 - 2016-02-10 03:17 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-03-07 18:43 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-03-07 18:43 - 2016-03-10 21:02 - 02547792 _____ () C:\Program Files (x86)\Steam\video.dll 2015-03-07 18:43 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-03-07 18:43 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-03-07 18:43 - 2016-02-09 01:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-03-07 18:43 - 2016-02-09 01:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-03-07 18:43 - 2016-02-09 01:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-03-07 18:43 - 2016-02-09 01:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-03-07 18:43 - 2016-02-09 01:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-03-07 18:43 - 2016-03-10 21:02 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-10 18:17 - 2016-02-18 00:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2015-03-07 18:43 - 2016-02-09 03:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2016-03-26 19:33 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2859653239-1582936044-2243940205-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brunoxp\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 192.168.101.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "Greenshot" HKLM\...\StartupApproved\Run32: => "comowin_otut_20160325" HKLM\...\StartupApproved\Run32: => "IDSCPRODUCT" HKU\S-1-5-21-2859653239-1582936044-2243940205-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" HKU\S-1-5-21-2859653239-1582936044-2243940205-1001\...\StartupApproved\Run: => "GalaxyClient" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{60F171A7-8886-46A8-AF7C-6525715A3CE4}D:\world_of_warships\wowslauncher.exe] => (Allow) D:\world_of_warships\wowslauncher.exe FirewallRules: [TCP Query User{9C3EAFE1-7F17-4380-90C1-DCA7DC191ED4}D:\world_of_warships\wowslauncher.exe] => (Allow) D:\world_of_warships\wowslauncher.exe FirewallRules: [UDP Query User{866FCD28-A373-49E9-BFCC-F5FE2C6ECB32}D:\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) D:\the witcher 2 enhanced edition\bin\witcher2.exe FirewallRules: [TCP Query User{99F94873-B19F-4544-8BA0-32859EFA2896}D:\the witcher 2 enhanced edition\bin\witcher2.exe] => (Block) D:\the witcher 2 enhanced edition\bin\witcher2.exe FirewallRules: [{9F26548B-EFD5-44D4-8287-6DE1C991CBB6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{02A92B0C-B6B1-4AAC-84D6-17F112E4A50C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{6DF5C04E-E21F-4AE5-B495-426138F9D0B4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{B0176DBB-0630-4174-9AA3-E4F08A8722AF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{7534619C-F5DB-4B52-B719-672AE5C84AE5}] => (Allow) LPort=1900 FirewallRules: [{02D82FA8-3AEB-401D-BB5A-602F86908A0A}] => (Allow) LPort=2869 FirewallRules: [{9F37BFE4-BDB4-4D3A-9E2E-B68FFC16A3BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [UDP Query User{A2ECF6D2-71CB-4A43-86AC-E3495AE3910B}D:\world_of_tanks (2)\wotlauncher.exe] => (Allow) D:\world_of_tanks (2)\wotlauncher.exe FirewallRules: [TCP Query User{C78E997F-DE3F-4915-BDA3-8C7C2AD4A79D}D:\world_of_tanks (2)\wotlauncher.exe] => (Allow) D:\world_of_tanks (2)\wotlauncher.exe FirewallRules: [{81947DA3-F2F2-4A06-81C0-0E0CB767AD2E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{764C09C2-5C7F-411B-868F-DF87D1119A28}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{BD81E434-BFEB-4019-BAFA-3EF2D1E9029C}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [UDP Query User{E80B62BB-52BB-4386-965F-3647266A881B}E:\alien isolation\ai.exe] => (Block) E:\alien isolation\ai.exe FirewallRules: [TCP Query User{966F2535-0880-459E-BD6C-EBD85EA65D52}E:\alien isolation\ai.exe] => (Block) E:\alien isolation\ai.exe FirewallRules: [UDP Query User{F0FE67AF-E48B-436A-83AA-2F791E631A1D}D:\world_of_tanks (2)\worldoftanks.exe] => (Allow) D:\world_of_tanks (2)\worldoftanks.exe FirewallRules: [TCP Query User{0EC43D88-AE8C-43E6-AA6A-934C166E15D4}D:\world_of_tanks (2)\worldoftanks.exe] => (Allow) D:\world_of_tanks (2)\worldoftanks.exe FirewallRules: [{7AF160AD-76D7-46DF-9FF0-CC56E394807D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{58D2A074-70F6-4525-B94E-4EA172E4FE22}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{1FC38C26-720E-4B4E-A6EE-E7BC24492AA7}D:\metro last light\metrollbenchmark.exe] => (Block) D:\metro last light\metrollbenchmark.exe FirewallRules: [TCP Query User{6BC99033-4ADB-4496-80F1-8579C1E1FD19}D:\metro last light\metrollbenchmark.exe] => (Block) D:\metro last light\metrollbenchmark.exe FirewallRules: [{70DF1FA1-9189-4B13-A168-4A7DB19D2B3D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{16FCA080-D682-4198-8B52-8455EC9F02A6}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{928C4496-13EB-43B3-8563-3777F6252A2C}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{E65BB55A-EF81-47EC-B276-2801020D6574}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{4FA5471D-37F2-4E6E-97FC-9C2046E7B1EC}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{A4A4D638-D255-4974-9BCE-BDEC61D163B8}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{C34C2674-A1E9-4B4D-B0FA-F5F3C0B7CE9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5BCC7731-6D94-4F1E-92DD-3C7EAE5E0D1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{86A684FC-6C09-4455-BB78-04EF33B47006}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\ArchiCAD.exe FirewallRules: [{0F3A6FB3-641D-4640-8480-19674AC1D2E0}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\ArchiCAD.exe FirewallRules: [{A203D46A-95D5-4935-9CDC-314934745E7B}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\CineRender\CineRender 64bit.exe FirewallRules: [{23A4AC0E-5745-42D8-B0E2-B52A7A7B427A}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\CineRender\CineRender 64bit.exe FirewallRules: [{38DFDEAC-D7F4-4730-B269-CD74EA94B618}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{48C1AB7A-3BC1-4129-981E-DE9258CB6691}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{F2F3CE9A-2EAF-4AE5-B720-D2B35EA7C10B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{60D567B9-93BF-4536-A076-FD56C0474C8B}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{B03C05D5-1C4C-4BD7-95DF-F2ABB7CD1B18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F89312B5-F021-4048-A6EA-C6FA8A707D2A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A7CB2767-4777-4700-A499-890887506C75}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{5AAA12B6-DB99-4BFA-A358-961A72AE8855}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [TCP Query User{64881ADC-5A53-4415-8957-0CC0E2347B3E}D:\xcom 2\binaries\win64\xcom2.exe] => (Block) D:\xcom 2\binaries\win64\xcom2.exe FirewallRules: [UDP Query User{DFE60CB6-E9B7-4171-8D3A-25C3D1B03EB1}D:\xcom 2\binaries\win64\xcom2.exe] => (Block) D:\xcom 2\binaries\win64\xcom2.exe FirewallRules: [TCP Query User{6C8C8483-1270-4419-A479-7BB30C2FB51A}E:\nfs\need for speed the run\need for speed the run.exe] => (Block) E:\nfs\need for speed the run\need for speed the run.exe FirewallRules: [UDP Query User{90F507EF-90CC-4320-AA4D-BB50F5C57F33}E:\nfs\need for speed the run\need for speed the run.exe] => (Block) E:\nfs\need for speed the run\need for speed the run.exe FirewallRules: [{B1C62AD3-6396-4C77-84CF-2FDCA00255F5}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\InstantSetup.exe FirewallRules: [{08415662-A134-461A-9F2D-E27151C2AF56}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\InstantSetup.exe FirewallRules: [{1D121836-9D33-45E8-883F-8B8FD98454B9}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe FirewallRules: [{2EBA4438-5321-4821-ABA7-199B52EF4058}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe FirewallRules: [{104FE98E-82D1-4C4A-8B7E-4F06CF2DC808}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe FirewallRules: [{D09179AC-36F7-49FA-BD8D-068E0822E079}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe FirewallRules: [{BD8206E4-DB76-4D0B-9B86-75C8C07A475A}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe FirewallRules: [{9F57ADF2-A84B-4B37-B533-1AD66AAD64CE}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/28/2016 09:16:56 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/28/2016 09:10:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEXMACHINE) Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/28/2016 09:10:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x56553724 Exception code: 0x80000003 Fault offset: 0x0000000000151c4f Faulting process ID: 0x87c Faulting application start time: 0xSearchUI.exe0 Faulting application path: SearchUI.exe1 Faulting module path: SearchUI.exe2 Report ID: SearchUI.exe3 Faulting package full name: SearchUI.exe4 Faulting package-relative application ID: SearchUI.exe5 Error: (03/28/2016 09:10:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEXMACHINE) Description: Activation of application Microsoft.Getstarted_3.5.10.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/28/2016 09:10:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b Faulting module name: CortanaApi.dll, version: 0.0.0.0, time stamp: 0x56553724 Exception code: 0x80000003 Fault offset: 0x0000000000151c4f Faulting process ID: 0x6fc Faulting application start time: 0xSearchUI.exe0 Faulting application path: SearchUI.exe1 Faulting module path: SearchUI.exe2 Report ID: SearchUI.exe3 Faulting package full name: SearchUI.exe4 Faulting package-relative application ID: SearchUI.exe5 Error: (03/28/2016 08:57:20 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/28/2016 08:33:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEXMACHINE) Description: Activation of application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/28/2016 08:33:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEXMACHINE) Description: Activation of application Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/28/2016 08:22:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEXMACHINE) Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/28/2016 07:56:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SEXMACHINE) Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (03/28/2016 09:21:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (03/28/2016 09:17:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (03/28/2016 09:17:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (03/28/2016 09:17:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (03/28/2016 09:17:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (03/28/2016 09:14:46 PM) (Source: DCOM) (EventID: 10005) (User: SEXMACHINE) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/28/2016 09:14:46 PM) (Source: DCOM) (EventID: 10005) (User: SEXMACHINE) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/28/2016 09:14:44 PM) (Source: DCOM) (EventID: 10005) (User: SEXMACHINE) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/28/2016 09:14:44 PM) (Source: DCOM) (EventID: 10005) (User: SEXMACHINE) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (03/28/2016 09:14:44 PM) (Source: DCOM) (EventID: 10005) (User: SEXMACHINE) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} CodeIntegrity: =================================== Date: 2016-03-13 17:52:04.564 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-17 20:34:22.269 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-13 09:53:01.310 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-11 21:02:18.221 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-30 09:09:46.614 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-15 20:57:37.244 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-27 23:30:35.897 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-17 21:21:16.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-12 17:19:55.451 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-11 19:30:11.266 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz Percentage of memory in use: 31% Total physical RAM: 8175.24 MB Available physical RAM: 5614.68 MB Total Virtual: 9839.24 MB Available Virtual: 6982.92 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.45 GB) (Free:13.8 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (nowy partycja #1) (Fixed) (Total:465.76 GB) (Free:77.72 GB) NTFS Drive e: (nowy partycja #2) (Fixed) (Total:465.74 GB) (Free:72.27 GB) NTFS Drive f: () (Fixed) (Total:0.34 GB) (Free:0.33 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 77408E7B) Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=111.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: FBD257B1) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================