Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016 Ran by boogie (13-09-2016 20:24:17) Running from C:\Users\boogie\Desktop\antivir\skanery na forum Windows 7 Professional Service Pack 1 (X64) (2015-11-08 21:04:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3756860874-1814013104-2480899376-500 - Administrator - Disabled) boogie (S-1-5-21-3756860874-1814013104-2480899376-1000 - Administrator - Enabled) => C:\Users\boogie Guest (S-1-5-21-3756860874-1814013104-2480899376-501 - Administrator - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) 7-Zip 15.10 beta (x64) (HKLM\...\7-Zip) (Version: 15.10 - Igor Pavlov) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated) Black Desert (HKLM-x32\...\{4BD65630-3A19-4fc2-8AD8-2CF729DB6608}.30000000000) (Version: 1.0 - Global Gamers Solutions Ltd. ©) Brother HL-2170W (HKLM-x32\...\{F4688A21-030B-4E67-AC08-E19C4C28E547}) (Version: 1.00 - Brother) Brother MFL-Pro Suite DCP-J140W (HKLM-x32\...\{2FF959E3-FFE4-46C4-96DA-03F26BCFEFCC}) (Version: 1.1.5.0 - Brother Industries, Ltd.) DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd) e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 8.0.7 - Ministerstwo Finansow) e-Deklaracje Desktop (x32 Version: 8.0.7 - Ministerstwo Finansow) Hidden Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo) Energy Management (x32 Version: 7.0.3.4 - Lenovo) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.5.930 - Foxit Software Inc.) Fraps (HKLM-x32\...\Fraps) (Version: - ) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music) Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.10.0 - Intel) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.19 - Intel Corporation) Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{D91E3947-528C-4AC3-B26F-A283F2B79983}) (Version: 3.0.1342.02 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{7e493493-a430-4b7b-b8a2-48d61599e220}) (Version: 17.0.0 - Intel Corporation) iSocUSB Driver version 1.2.0 (HKLM\...\iSocUSB Driver_is1) (Version: 1.2.0 - Intel Corporation 2013) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Kingo ROOT version 1.4.6.2750 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.6.2750 - Kingosoft Technology Ltd.) KingRoot °ć±ľ 3.2.0 (HKLM-x32\...\{FA3B7324-9EB4-4ADC-84D0-5461BE113832}_is1) (Version: 3.2.0 - KingRoot) K-Lite Codec Pack 11.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.5 - ) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10269 - Realtek Semiconductor Corp.) Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.39.1 - ELAN Microelectronic Corp.) LibreOffice 4.3.3.2 (HKLM-x32\...\{87C753BB-81E3-403B-BD87-6293F870B20B}) (Version: 4.3.3.2 - The Document Foundation) Manufacturing Flash Tool version 6.0.43 (HKLM-x32\...\Manufacturing Flash Tool_is1) (Version: 6.0.43 - Intel Corporation) Mi PC Suite (HKU\S-1-5-21-3756860874-1814013104-2480899376-1000\...\MiPhoneManager) (Version: - Xiaomi Inc.) Microsoft .NET Framework 4.5.3 (HKLM\...\{9F6EA3D4-B2FA-3120-8DF8-07396231AFB4}) (Version: 4.5.53315 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.60.16 - Black Tree Gaming) NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation) NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation) NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek) RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder) SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3756860874-1814013104-2480899376-1000\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.11.0 - GOG.com) The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.0.10.0 - GOG.com) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WIN (HKLM-x32\...\win_en_77_is1) (Version: - ) <==== ATTENTION Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo) Wtyczka e-Deklaracje (HKLM-x32\...\{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1) (Version: 4.2.0 - Ministerstwo Finansów) XnView 2.35 (HKLM-x32\...\XnView_is1) (Version: 2.35 - Gougelet Pierre-e) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3756860874-1814013104-2480899376-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {12B23A4A-E501-455D-B5EB-179623010389} - System32\Tasks\Hybrid3 => taskkill [Argument = /f /im slui.exe] Task: {15ED63B3-C33A-48C0-8D40-DF82716A3FF2} - System32\Tasks\UnregisterNonABICompliantCodeRange => Wscript.exe C:\PROGRA~4\ps3d6lkk\8ux7y.js Task: {1642C0E6-7B9E-4196-B81D-B79E5860E0F8} - System32\Tasks\{E8E6B69C-EE66-44AE-9890-706979C4C9A7} => pcalua.exe -a C:\Users\boogie\Downloads\Programy\TrafficShaper\TrafficShaperXpSetup.exe -d C:\Users\boogie\Downloads\Programy\TrafficShaper Task: {2944C5F0-1E25-4923-B129-C99965534B2C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {6A97ADB3-D41F-411A-8ED4-26C26DD2F268} - System32\Tasks\Ksation Schedule => C:\Program Files (x86)\Sieyhokesy\placty.exe [2016-09-13] (CHENGDU YIWO Tech Development Co., Ltd) Task: {72952174-DAD8-4481-9C31-0BAEB87C31F1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {781EE4D4-B7F4-4D43-91FC-AD7AB7B7BC7A} - System32\Tasks\Hybrid2 => C:\Trial\IR7\IR7.vbs [2016-05-17] () Task: {9C64E352-EBF0-4797-8E82-6CC097DE4887} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-30] () Task: {A47AA470-3B30-48DE-B960-41F2F8C914B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {A4E5DC8D-3DFC-4BF7-ADFC-9CAC36AE2807} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.) Task: {A7771F24-289C-4033-9715-948676611BC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.) Task: {D96FAE6C-81C5-4C37-BC46-457A56D603AC} - System32\Tasks\Hybrid4 => taskkill [Argument = /f /im sppsvc.exe] Task: {F119DBC5-7536-41E4-B1A9-CD5B6711E4F8} - System32\Tasks\{A0C267A5-D070-4D3F-94C3-954A246C02EB} => pcalua.exe -a "C:\Program Files (x86)\Sieyhokesy\placty.exe" -c 4921cc4c-65ff-4aba-8595-517060699f5d "/k={6DE5D787-248D-499B-9284-6681D68BA37C}" Task: {F7516341-7252-45E5-B3E7-79E83D5A6B0A} - System32\Tasks\IR7 => cmd.exe /c cscript.exe /b C:\Windows\System32\slmgr.vbs /rearm && net stop sppsvc && net start sppsvc (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\boogie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\boogie\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc ShortcutWithArgument: C:\Users\boogie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\boogie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eacadfa43776aec\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData2 ==================== Loaded Modules (Whitelisted) ============== 2016-07-30 22:31 - 2016-07-13 18:00 - 00017376 _____ () C:\Users\boogie\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe 2015-11-17 22:44 - 2015-12-16 19:34 - 00012080 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-11-17 22:44 - 2015-12-16 16:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-12-26 13:24 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2008-12-20 04:20 - 2015-11-08 23:32 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2012-03-10 17:30 - 2015-11-08 23:32 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll 2008-12-20 04:20 - 2015-11-08 23:32 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2014-09-05 14:03 - 2014-09-05 14:03 - 00455784 _____ () C:\Windows\system32\igfxTray.exe 2015-11-08 23:40 - 2015-12-09 03:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-11-17 22:44 - 2015-12-16 19:34 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-12-13 18:41 - 2014-11-26 10:37 - 00107520 ____R () C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33060297.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70053003.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81472886.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83008810.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33060297.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70053003.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81472886.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83008810.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2016-09-13 16:46 - 00000853 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3756860874-1814013104-2480899376-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\boogie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.43.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: AdAnti => C:\Program Files (x86)\AdAnti\AdAnti.exe /S MSCONFIG\startupreg: Antamedia DBServer => C:\Antamedia\DBServer\ADBServer.exe MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: GalaxyClient => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart MSCONFIG\startupreg: GoogleChromeAutoLaunch_5F5250ADB2CFD375AE8B1D217CB54004 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window MSCONFIG\startupreg: MiPhoneManager => "C:\Users\boogie\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe" MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe -overwolfsilent MSCONFIG\startupreg: RtsFT => RTFTrack.exe MSCONFIG\startupreg: Seviler => "C:\Users\boogie\AppData\Roaming\GameLauncher\Seviler\Seviler.exe" MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\boogie\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: svchost0 => C:\Program Files (x86)\sbqh\uc.exe MSCONFIG\startupreg: win_en_77 => "C:\Program Files (x86)\win_en_77\win_en_77.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A08C3B93-840B-43E7-9F6A-B80D0F7679E5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{6D611E65-8FC8-4307-A87C-A93388D60C24}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{A0D80C00-057A-41C0-AE04-7AF5FE29ADD4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{A3FEDEF9-6F1A-459A-95E1-A85EF339F27E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{30CA5B08-BF3D-4D0B-BC6B-D099D8E747F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{8EBA9FBD-3ED4-429D-BB1E-A80609D70432}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{FF9C019A-9A08-4D20-9B23-B6F1932F67CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5B87C4B7-7E69-4119-8E67-FCBCCAEB912F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{8879577D-4B6B-40B3-8964-EE74D66C57DD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{5ACC600A-9200-4F5B-9F44-527B0F67BC4A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{DD04B516-D106-4961-8327-6CA4132503C7}C:\gry\farcry4\bin\farcry4.exe] => (Allow) C:\gry\farcry4\bin\farcry4.exe FirewallRules: [UDP Query User{FE704947-6D29-4C8F-A91B-7C599079649E}C:\gry\farcry4\bin\farcry4.exe] => (Allow) C:\gry\farcry4\bin\farcry4.exe FirewallRules: [TCP Query User{C20597BB-A9AC-4522-B1DB-A86CF192C0D4}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe FirewallRules: [UDP Query User{4FC5A8CA-9E7B-4D45-B4F9-577160955BDF}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => (Allow) C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe FirewallRules: [{7EBFCA36-749D-451B-97DA-BEB672117887}] => (Allow) LPort=54925 FirewallRules: [{78D4F6A4-836C-48DB-9EAD-371611108205}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{27726696-6467-4D7D-8B02-D434643B1559}] => (Allow) C:\Users\boogie\AppData\Local\MiPhoneManager\main\MiPCSuite.exe FirewallRules: [TCP Query User{E9F1D0A2-1AAA-4899-91B7-304B57205F38}C:\users\boogie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\boogie\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{F3ACF46E-3DEB-4F86-8F7F-A9538C2EB8AA}C:\users\boogie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\boogie\appdata\roaming\spotify\spotify.exe FirewallRules: [{87ACEA10-F63F-448D-BC82-8032DD6556FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0F512468-DEAF-4A5C-A523-9F30F1E8802E}] => (Allow) C:\Users\boogie\Downloads\Gry\BlackDesert\PlayBlackDesert.exe FirewallRules: [{82ECE50E-B452-4679-A1CD-5E2BA5583641}] => (Allow) C:\Users\boogie\Downloads\Gry\BlackDesert\PlayBlackDesert.exe FirewallRules: [{01CE9958-92C7-4AB5-947E-3C8E84C4A7AB}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe FirewallRules: [{ED739540-66C4-45BA-9F27-C789B2EF61CD}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe FirewallRules: [TCP Query User{CDDC257E-4BFF-469F-838A-146137A2808B}C:\antamedia\dbserver\adbserver.exe] => (Allow) C:\antamedia\dbserver\adbserver.exe FirewallRules: [UDP Query User{83F52022-E7EA-4484-BA9B-2AD4F0AB9138}C:\antamedia\dbserver\adbserver.exe] => (Allow) C:\antamedia\dbserver\adbserver.exe FirewallRules: [TCP Query User{0BC943A0-06F9-41AD-AED7-80C5E2F9B545}C:\antamedia\bandwidth manager\abandwidth.exe] => (Allow) C:\antamedia\bandwidth manager\abandwidth.exe FirewallRules: [UDP Query User{A23F44F8-CD73-47EC-83F6-75316713EBCC}C:\antamedia\bandwidth manager\abandwidth.exe] => (Allow) C:\antamedia\bandwidth manager\abandwidth.exe FirewallRules: [{1A19D550-1B66-4FD1-9844-FF8715F77A64}] => (Allow) C:\Users\boogie\AppData\Local\Temp\is-MKF5K.tmp\setup21502.tmp FirewallRules: [{88484FA4-7EF5-4400-B880-4361B594E392}] => (Allow) C:\Users\boogie\AppData\Local\Temp\is-MKF5K.tmp\setup21502.tmp FirewallRules: [{58F230DD-4FEF-4F12-9673-21D4B9CE60F0}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{2CECA536-E369-4AC6-9635-A1B3AAF73BB1}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{33782202-B66F-4AB6-97CE-946444078F19}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe ==================== Restore Points ========================= 13-09-2016 16:27:41 RepairDNS Restore Point 2016-09-13 16:27:41 13-09-2016 16:27:57 RepairDNS Restore Point 2016-09-13 16:27:57 13-09-2016 16:28:40 RepairDNS Restore Point 2016-09-13 16:28:40 ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: rtdiftex Description: rtdiftex Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: rtdiftex Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Bluetooth Device (Personal Area Network) #2 Description: Bluetooth Device (Personal Area Network) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BthPan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/13/2016 05:00:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2016 04:52:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2016 04:51:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2016 04:33:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2016 04:32:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2016 04:31:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2016 04:29:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2016 04:28:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2016 04:22:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2016 04:17:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (09/13/2016 05:00:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: rtdiftex Error: (09/13/2016 05:00:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Service service to connect. Error: (09/13/2016 05:00:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The nldrv service failed to start due to the following error: The system cannot find the path specified. Error: (09/13/2016 05:00:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Citdhwa service failed to start due to the following error: The system cannot find the file specified. Error: (09/13/2016 04:52:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: rtdiftex Error: (09/13/2016 04:52:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Service service to connect. Error: (09/13/2016 04:52:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The nldrv service failed to start due to the following error: The system cannot find the path specified. Error: (09/13/2016 04:52:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Citdhwa service failed to start due to the following error: The system cannot find the file specified. Error: (09/13/2016 04:51:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: rtdiftex Error: (09/13/2016 04:51:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Service service to connect. CodeIntegrity: =================================== Date: 2016-09-13 20:24:10.159 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Thetta64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-13 20:24:10.081 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Thetta64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-13 20:24:02.921 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Thetta64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-13 20:24:02.858 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Thetta64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-13 20:18:49.465 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\boogie\AppData\Local\Temp\tmp7B06.tmp because the set of per-page image hashes could not be found on the system. Date: 2016-09-13 20:18:49.402 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\boogie\AppData\Local\Temp\tmp7B06.tmp because the set of per-page image hashes could not be found on the system. Date: 2016-09-13 16:23:34.412 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Thetta64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-13 16:23:34.365 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Thetta64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-13 16:23:26.846 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Thetta64.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-13 16:23:26.784 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Thetta64.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4210H CPU @ 2.90GHz Percentage of memory in use: 29% Total physical RAM: 8104.28 MB Available physical RAM: 5698.5 MB Total Virtual: 12198.46 MB Available Virtual: 10051.55 MB ==================== Drives ================================ Drive c: (SYSTEM) (Fixed) (Total:238.25 GB) (Free:36.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: A442EFE4) Partition: GPT. ==================== End of Addition.txt ============================