Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by DB (25-08-2016 20:13:40)
Running from C:\Users\DB\Downloads\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) (2015-01-18 13:09:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-304442932-291022296-845227809-500 - Administrator - Disabled)
DB (S-1-5-21-304442932-291022296-845227809-1000 - Administrator - Enabled) => C:\Users\DB
Guest (S-1-5-21-304442932-291022296-845227809-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 7.0.3 - Ministerstwo Finansow)
e-Deklaracje Desktop (x32 Version: 7.0.3 - Ministerstwo Finansow) Hidden
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
Nero 9 Essentials (HKLM-x32\...\{71060c7a-1fba-4633-9dfd-d184c50e7ff2}) (Version:  - Nero AG)
OpenOffice 4.1.2 (HKLM-x32\...\{E0ED9630-38E3-418F-A615-A9B2B5758BE5}) (Version: 4.12.9782 - Apache Software Foundation)
PLAY ONLINE (HKLM-x32\...\PLAY ONLINE) (Version: 11.302.09.06.264 - Huawei Technologies Co.,Ltd)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
UsbFix (HKLM-x32\...\Usbfix) (Version: 8.247 - El Desaparecido - www.usb-antivirus.com - www.sosvirus.net)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1046D400-4767-42EF-BFDD-7D429C860E8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07] (Google Inc.)
Task: {6D396272-25D8-4FCF-9D19-7561EFA7952D} - System32\Tasks\{133725A7-F79E-4411-8688-81663D14C094} => pcalua.exe -a "C:\Program Files (x86)\Picexa\uninstall.exe"
Task: {A7BAAFD6-30DE-425B-A2D1-7DBFF3C6FD12} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {D60117BA-1059-4EE2-95BB-2F21D7AACA95} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-07] (Google Inc.)
Task: {DC29E5AA-4B9B-4072-8E30-37093EF34502} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-06] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\DB\AppData\Local\Microsoft\Windows\GameExplorer\{555D5291-F451-4C7F-9211-B6EC4164262C}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.maxpayne.com/
Shortcut: C:\Users\DB\AppData\Local\Microsoft\Windows\GameExplorer\{205FAE82-2121-40CB-BAFD-449B4EACB7C1}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.maxpayne2.com/

==================== Loaded Modules (Whitelisted) ==============

2010-11-16 15:38 - 2010-11-16 15:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2016-05-27 08:57 - 2016-05-27 08:57 - 01839104 _____ () C:\UsbFix\UsbFix.exe
2016-08-04 22:55 - 2016-08-03 02:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-04 22:55 - 2016-08-03 02:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-08-04 22:54 - 2016-08-03 01:54 - 17602240 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33635503.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33635503.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-304442932-291022296-845227809-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 37.8.214.2 - 31.11.202.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{AB83A0D8-7D4A-4BB7-8B92-B0F08C326C93}C:\users\db\appdata\local\{a4da38ec-842a-10d3-4426-f62c23e9cad5}\syshost.exe] => (Block) C:\users\db\appdata\local\{a4da38ec-842a-10d3-4426-f62c23e9cad5}\syshost.exe
FirewallRules: [UDP Query User{AEF4935E-7CEB-4B09-8A61-6430DDA0B77E}C:\users\db\appdata\local\{a4da38ec-842a-10d3-4426-f62c23e9cad5}\syshost.exe] => (Block) C:\users\db\appdata\local\{a4da38ec-842a-10d3-4426-f62c23e9cad5}\syshost.exe
FirewallRules: [TCP Query User{AC94585C-B094-4866-965D-FC7040387B0A}C:\windows\installer\{cf8275df-0bad-6921-0502-be0fe4e3b96d}\syshost.exe] => (Block) C:\windows\installer\{cf8275df-0bad-6921-0502-be0fe4e3b96d}\syshost.exe
FirewallRules: [UDP Query User{485BAF55-058C-4C42-8105-F65FE5EEE3FA}C:\windows\installer\{cf8275df-0bad-6921-0502-be0fe4e3b96d}\syshost.exe] => (Block) C:\windows\installer\{cf8275df-0bad-6921-0502-be0fe4e3b96d}\syshost.exe
FirewallRules: [TCP Query User{17897D38-7939-43AB-9A39-98CF3F60D4FF}C:\windows\installer\{cf8275df-0bad-6921-0502-be0fe4e3b96d}\syshost.exe] => (Block) C:\windows\installer\{cf8275df-0bad-6921-0502-be0fe4e3b96d}\syshost.exe
FirewallRules: [UDP Query User{CA264E43-3245-471A-94D6-629C1FCFBDC2}C:\windows\installer\{cf8275df-0bad-6921-0502-be0fe4e3b96d}\syshost.exe] => (Block) C:\windows\installer\{cf8275df-0bad-6921-0502-be0fe4e3b96d}\syshost.exe
FirewallRules: [{83AA53CF-62F2-4AEA-943E-B91F925B58F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9266CC7A-82C0-4310-9766-6B4BAEA61F37}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F0D27625-22FC-484B-BEBB-0F7EE2A80C7B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

==================== Restore Points =========================

25-08-2016 19:56:53 Installed Microsoft Fix it 50688

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2016 03:01:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2016 10:08:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2016 10:07:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/24/2016 10:07:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/24/2016 10:04:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/24/2016 09:55:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/24/2016 09:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/24/2016 08:15:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/24/2016 08:15:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/24/2016 07:11:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/24/2016 10:04:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/24/2016 09:18:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: 
%%1070 = After starting, the service hung in a start-pending state.

Error: (08/24/2016 09:18:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: 
%%1070 = After starting, the service hung in a start-pending state.

Error: (08/24/2016 09:16:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Avira Real-Time Protection service hung on starting.

Error: (08/24/2016 07:25:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMSwissArmy service failed to start due to the following error: 
%%31 = A device attached to the system is not functioning.

Error: (08/24/2016 07:24:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMSwissArmy service failed to start due to the following error: 
%%31 = A device attached to the system is not functioning.

Error: (08/24/2016 07:24:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 
%%31 = A device attached to the system is not functioning.

Error: (08/24/2016 07:24:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMProtector service failed to start due to the following error: 
%%31 = A device attached to the system is not functioning.

Error: (08/24/2016 07:12:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Mail Protection service terminated with service-specific error %%1 = Incorrect function..

Error: (08/24/2016 07:12:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avnetflt service failed to start due to the following error: 
%%31 = A device attached to the system is not functioning.


CodeIntegrity:
===================================
  Date: 2016-01-29 17:01:45.338
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\1a86e.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-29 17:01:45.245
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\1a86e.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 69%
Total physical RAM: 1977.98 MB
Available physical RAM: 595.79 MB
Total Virtual: 3955.95 MB
Available Virtual: 2237.26 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:139.04 GB) (Free:7.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:14.66 GB) (Free:12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 0F0E39E8)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================