Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2016 02 Ran by Michal (2016-07-14 22:47:08) Running from C:\Users\Michal\Downloads Windows 10 Home Version 1511 (X64) (2016-01-27 22:48:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2786685492-2715245155-4169903166-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2786685492-2715245155-4169903166-503 - Limited - Disabled) Guest (S-1-5-21-2786685492-2715245155-4169903166-501 - Limited - Disabled) Michal (S-1-5-21-2786685492-2715245155-4169903166-1001 - Administrator - Enabled) => C:\Users\Michal ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-2786685492-2715245155-4169903166-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Avast Internet Security (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software) Bloody6 (HKLM-x32\...\Bloody3) (Version: 16.06.0011 - Bloody) CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.55.62 - Conexant) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc) Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo) Energy Manager (x32 Version: 1.5.0.21 - Lenovo) Hidden Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) GG (HKU\S-1-5-21-2786685492-2715245155-4169903166-1001\...\GG) (Version: 12 - GG Network S.A.) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3910 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited) Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1323.2_WHQL - Sonix) Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.) Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 2.0.0.19 - Lenovo) Lenovo PhoneCompanion (x32 Version: 2.0.0.19 - Lenovo) Hidden Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1826.01 - CyberLink Corp.) Lenovo Photo Master (x32 Version: 1.0.1826.01 - CyberLink Corp.) Hidden Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited) Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo) Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.0.0.65 - Lenovo) Lenovo Updates (x32 Version: 1.0.0.65 - Lenovo) Hidden Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 47.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 pl)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla) Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10614 - CyberLink Corp.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek) SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.6.201604191723 - Sony Mobile Communications Inc.) Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony) SopCast 4.2.0 (HKLM-x32\...\SopCast) (Version: 4.2.0 - www.sopcast.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59131 - TeamViewer) User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN) WarRock (HKLM-x32\...\Warrock EU) (Version: - ) Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) World of Tanks (HKU\S-1-5-21-2786685492-2715245155-4169903166-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2786685492-2715245155-4169903166-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michal\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2786685492-2715245155-4169903166-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B03F36F-5670-49FA-B021-843B691F1629} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {17E80EEE-5D67-42BF-9539-8E0D593ED205} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-13] (Microsoft Corporation) Task: {42BD91B4-C7BA-40BA-9821-F3C040420CE6} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.) Task: {4934D64F-FC77-4292-8CF3-8AF6B3F1BCBC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-14] (AVAST Software) Task: {5396C5B7-677F-420E-AF6B-BC82A08351F6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated) Task: {6B464D65-73C8-468B-B3EB-B502CF0E2A0B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {7B8610C4-72C0-48C6-8E95-41C0DEAFEE96} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Office2013\OFFICEICON.vbs [2013-06-03] () Task: {7DE5B2F8-CDEA-43C3-86EE-941B1C8C6C9C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {7DF0C0D6-D8D0-47EE-BE6D-E5BCE9A0DFAA} - System32\Tasks\SafeZone scheduled Autoupdate 1455897245 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software) Task: {9817673C-9679-4B35-9631-0CE0771E2380} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {9890366C-6718-49AF-9788-0E098FE3AED6} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-22] () Task: {A6902DE0-3715-47E4-9579-CF3DB856BBFF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {A813CD6D-494A-4803-9B3D-1EBC7E136EED} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo) Task: {B4758BD8-B7E1-4DF3-8DF3-2AB4A34825D9} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo) Task: {BAA6ED81-2B71-4B1E-9EB9-304F456BE1FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {BE835AEB-3DDB-406F-B64C-C0BF6E8F9C20} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C15E3578-E40D-4B93-9FC9-FFC14558CBD6} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo) Task: {C56F5816-D5B6-4BFA-8254-A644DB9A88A7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {CBE91FD9-A91C-4620-880A-D81D48DA9750} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] () Task: {CCD771C1-45BA-47AA-988D-3425FCD81801} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {D1CEEB37-DC7F-4291-B53D-6E89668C8C87} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {E4AF5973-8189-4C02-9C61-DAF6A0B4A602} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd) Task: {EC591612-659B-4572-8261-59469F0AD277} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {FB5322E7-8BD1-40AB-B4D6-599E222D1A17} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2014-11-06 23:23 - 2014-11-06 23:22 - 00133440 _____ () C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe 2014-11-06 23:18 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2016-07-13 18:53 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-13 18:53 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-20 18:20 - 2016-05-20 18:20 - 00959168 _____ () C:\Users\Michal\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-04-19 17:49 - 2016-04-19 17:49 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-01-28 07:10 - 2016-01-28 07:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-13 18:55 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-13 18:53 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-13 18:53 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-13 18:53 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-13 18:53 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-27 22:24 - 2016-01-27 22:24 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe 2014-11-06 22:42 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2014-03-26 21:50 - 2014-11-06 23:25 - 00058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll 2016-06-29 17:39 - 2016-06-22 17:37 - 19168256 _____ () C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe 2016-07-14 21:46 - 2016-07-14 21:46 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-07-14 21:47 - 2016-07-14 21:47 - 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16071401\algo.dll 2016-07-14 21:46 - 2016-07-14 21:46 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2014-11-06 22:39 - 2013-09-16 20:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-04-19 17:49 - 2016-04-19 17:49 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 17:49 - 2016-04-19 17:49 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-05-20 18:19 - 2016-05-20 18:19 - 00679624 _____ () C:\Users\Michal\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-06-29 17:39 - 2013-10-11 09:43 - 00085504 _____ () C:\Program Files (x86)\Bloody6\Bloody6\DLL\DLL_ZoomControl.dll 2016-06-29 17:39 - 2016-05-26 15:28 - 04672512 _____ () C:\Program Files (x86)\Bloody6\Bloody6\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll 2016-07-14 21:46 - 2016-07-14 21:46 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:BC359956 [126] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2786685492-2715245155-4169903166-1001\...\hola.org -> hxxp://hola.org ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2786685492-2715245155-4169903166-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michal\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\(tapeciarnia.pl)235655_chevrolet_corvette_przebijajace_swiatlo.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2786685492-2715245155-4169903166-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-2786685492-2715245155-4169903166-1001\...\StartupApproved\Run: => "GG" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{F1F3B910-F074-49B4-8C56-20B8C4B3254E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{164865C4-897C-4402-938C-B90F31F9A253}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{16EB0FCE-79C5-41EA-93A3-F519F45A6E56}C:\users\michal\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\michal\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{AABCE741-953E-4416-9EF0-0C23BA97E38F}C:\users\michal\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\michal\appdata\local\akamai\netsession_win.exe FirewallRules: [{5E25EDE8-FC5C-43AD-957B-935DB887811D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{FA7B3C7F-618B-4CCB-98DF-25F2D3A6F9A0}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{F396568F-184C-4AE3-9D80-A4C71863787E}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{FB917CE3-9DEB-4008-9D77-AF4EDFB4086B}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{53A1B274-2329-4719-94F2-E722FAAB886D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE FirewallRules: [{4936B72C-CE48-4CB1-8984-269E0F505960}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe FirewallRules: [{EA643882-BA12-4643-B6D4-9D8910AAC4C5}] => (Allow) C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe FirewallRules: [{B8D6EEB0-E1B8-41B7-90F4-449023E005F9}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe FirewallRules: [{D8AC33F9-06F7-4249-A75F-0EE595275850}] => (Allow) LPort=55100 FirewallRules: [{2AF33FE3-01F2-4149-A985-EEB90B574152}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe FirewallRules: [{0678A9D2-1D94-4D47-A3C0-DE624B1C0A85}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F46429D9-30E3-48EE-A064-E358A26FBDD8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3E781FE5-AA51-4844-A927-35472DCDB3A4}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{3654E67D-450A-4010-9E43-3D2655860213}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{A3F0C816-EBF8-432A-A4FA-7AD41320F541}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{33720570-48B8-4155-B4DF-4830594383F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{96C44B11-7676-4AE2-A952-0383C4F4D6D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{51D94419-09C9-4CC0-896E-99F95B63D349}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{E232637D-19F4-4974-9EEE-35DE1C0439E4}C:\users\michal\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\michal\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{FD6A1872-1608-4C94-82B5-91E3544535F2}C:\users\michal\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\michal\appdata\local\akamai\netsession_win.exe FirewallRules: [{69DCF780-E01A-4F5B-BF0F-97AFDFF3E3C2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{386B5ED0-22DE-48ED-98CD-2937202DF0DE}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{A4CC1D62-9E01-480E-83C9-D9E97DBB12A3}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{A14F7AF4-378D-4CD4-AC83-211BB1377C1B}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{47A1741A-F6DF-4CBA-8FC3-06344AE0FBE0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{8507D375-167C-4BF1-A101-D075137D4FCD}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{EC01FC4A-7E27-4175-A61A-3229E786CE70}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{12C1DA50-7F2D-4B4D-B471-9129479D8388}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B47E5266-5EB5-40A6-99F3-1645E5F5B50B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{FEDF53F1-8BE4-41F6-A861-27C5E699F483}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E4428BEE-4409-48B0-8261-3A3CFD9D9D35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{460D0A23-0A50-4150-A9CE-48A0270BF541}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{440893F6-1180-4688-A546-AF87163207F9}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [TCP Query User{CF49245C-D748-4C6E-A894-BD6BB1024C8E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [UDP Query User{ED8900CD-CBBD-4F6D-AAC1-7F34ED7B9124}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe FirewallRules: [{337A0399-D660-4C55-8F4A-B70D75F6F670}] => (Allow) C:\Users\Michal\AppData\Local\Chromium\Application\chrome.exe ==================== Restore Points ========================= 23-06-2016 18:19:50 Windows Update 02-07-2016 13:35:19 Scheduled Checkpoint 05-07-2016 17:32:15 ASU_MSI_TRAN 13-07-2016 18:59:02 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/14/2016 10:39:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Exception code: 0xc0000409 Fault offset: 0x0000000000015953 Faulting process id: 0x1388 Faulting application start time: 0xigfxHK.exe0 Faulting application path: igfxHK.exe1 Faulting module path: igfxHK.exe2 Report Id: igfxHK.exe3 Faulting package full name: igfxHK.exe4 Faulting package-relative application ID: igfxHK.exe5 Error: (07/14/2016 10:18:35 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (07/14/2016 10:18:34 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (07/14/2016 10:18:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Exception code: 0xc0000409 Fault offset: 0x0000000000015953 Faulting process id: 0x1270 Faulting application start time: 0xigfxHK.exe0 Faulting application path: igfxHK.exe1 Faulting module path: igfxHK.exe2 Report Id: igfxHK.exe3 Faulting package full name: igfxHK.exe4 Faulting package-relative application ID: igfxHK.exe5 Error: (07/14/2016 09:49:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Exception code: 0xc0000409 Fault offset: 0x0000000000015953 Faulting process id: 0x10d4 Faulting application start time: 0xigfxHK.exe0 Faulting application path: igfxHK.exe1 Faulting module path: igfxHK.exe2 Report Id: igfxHK.exe3 Faulting package full name: igfxHK.exe4 Faulting package-relative application ID: igfxHK.exe5 Error: (07/14/2016 09:25:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Exception code: 0xc0000409 Fault offset: 0x0000000000015953 Faulting process id: 0x1218 Faulting application start time: 0xigfxHK.exe0 Faulting application path: igfxHK.exe1 Faulting module path: igfxHK.exe2 Report Id: igfxHK.exe3 Faulting package full name: igfxHK.exe4 Faulting package-relative application ID: igfxHK.exe5 Error: (07/14/2016 05:37:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Exception code: 0xc0000409 Fault offset: 0x0000000000015953 Faulting process id: 0x1084 Faulting application start time: 0xigfxHK.exe0 Faulting application path: igfxHK.exe1 Faulting module path: igfxHK.exe2 Report Id: igfxHK.exe3 Faulting package full name: igfxHK.exe4 Faulting package-relative application ID: igfxHK.exe5 Error: (07/13/2016 06:59:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (07/13/2016 05:46:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Exception code: 0xc0000409 Fault offset: 0x0000000000015953 Faulting process id: 0x390 Faulting application start time: 0xigfxHK.exe0 Faulting application path: igfxHK.exe1 Faulting module path: igfxHK.exe2 Report Id: igfxHK.exe3 Faulting package full name: igfxHK.exe4 Faulting package-relative application ID: igfxHK.exe5 Error: (07/12/2016 11:03:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Michal) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (07/14/2016 10:42:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (07/14/2016 10:35:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_4a45f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/14/2016 10:35:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_4a45f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/14/2016 10:35:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_4a45f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/14/2016 10:35:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_4a45f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/14/2016 10:35:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (07/14/2016 10:21:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (07/14/2016 10:17:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_4b7d4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/14/2016 10:17:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_4b7d4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/14/2016 10:17:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_4b7d4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-07-14 17:36:21.744 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-19 21:09:10.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-18 07:39:44.954 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-16 17:44:09.042 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-14 18:40:51.212 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-14 09:06:27.839 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-13 16:43:37.791 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-12 17:35:54.996 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-10 21:39:41.300 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-16 12:15:27.419 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) 3558U @ 1.70GHz Percentage of memory in use: 62% Total physical RAM: 3988.27 MB Available physical RAM: 1486.84 MB Total Virtual: 4692.27 MB Available Virtual: 2148.16 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:889.89 GB) (Free:809.93 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:17.8 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: C7D02258) Partition: GPT. ==================== End of Addition.txt ============================