Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016 Ran by Pati (01-10-2016 18:22:27) Running from D:\zz NAPRAWA Windows 8.1 Pro (Update) (X64) (2015-04-13 17:46:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1057106586-2403482295-1909535323-500 - Administrator - Disabled) Guest (S-1-5-21-1057106586-2403482295-1909535323-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1057106586-2403482295-1909535323-1004 - Limited - Enabled) Pati (S-1-5-21-1057106586-2403482295-1909535323-1001 - Administrator - Enabled) => C:\Users\Pati ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Aktualizacje NVIDIA 17.12.8 (Version: 17.12.8 - NVIDIA Corporation) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) B110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation) bl (x32 Version: 1.0.0 - Your Company Name) Hidden BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform) CEWE Fotoswiat (HKLM-x32\...\CEWE Fotoswiat) (Version: 6.0.5 - CEWE Stiftung u Co. KGaA) Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft) Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden ETDWare PS/2-X64 10.7.14.12_WHQL (HKLM\...\Elantech) (Version: 10.7.14.12 - ELAN Microelectronic Corp.) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{C63184F3-8343-408F-A948-DDB0AC969A99}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) K-Lite Codec Pack 11.1.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - ) Malwarebytes Anti-Malware wersja 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 8.0.0.8196 - MyHeritage.com) Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Sterownik graficzny 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) Panel sterowania NVIDIA 341.44 (Version: 341.44 - NVIDIA Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden ph (x32 Version: 1.0.0 - Your Company Name) Hidden PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) PS_AIO_07_B110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Tablet Wacom (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0D763D79-3CDE-41A2-993D-7CBA748B3ED2} - System32\Tasks\{C05415B8-B11A-485B-9375-CEDF83AF929D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Zathdom\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Zathdom\uninstall.dat" -a uninstallme ED2D987A-9283-494C-ACD9-03C7A093A4CC DeviceId=f970916d-284d-235d-1251-46cc4fa05103 BarcodeId=51107003 ChannelId=3 DistributerName=APSFClickMeIn Task: {1035FC6E-2D34-4D4D-90BD-65798B006E2E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-22] (AVAST Software) Task: {11770350-0E6F-4924-BA67-E562ADFA7E2A} - System32\Tasks\SafeZone scheduled Autoupdate 1471894936 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {314FEA2A-E935-4A55-9A90-3E0B8A252B2C} - System32\Tasks\AdobeAAMUpdater-1.0-PAT-KOMPUTER-Pati => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {32F9A1C6-7764-4268-82AF-219E30FE7AD8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-13] (Google Inc.) Task: {52CBDEB7-A254-4AB5-96B8-C4A6D7BDF3C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-15] (Adobe Systems Incorporated) Task: {7C381AEF-A093-4F3B-89AA-CAB49CDE531B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd) Task: {8BAA457D-36B8-424D-BCDC-9CD8E68DDED6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-09-15] (Microsoft Corporation) Task: {8ED54BAD-81FD-4EE6-AB35-AF07F203BA2E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {9741D73A-DB42-45FF-9FA2-1F28C1D26CE2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {9D6CA5F3-321E-46AD-A966-CE647036C7F8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.) Task: {A6DD9A1D-33E5-4A6E-9813-260A464D7807} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-22] (AVAST Software) Task: {B4657CB0-8F35-40D1-BB95-BF8315E2A286} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-13] (Google Inc.) Task: {B87454B3-B62A-46D7-8464-3BA681215950} - System32\Tasks\Coerwcult Center => C:\Program Files (x86)\Crecult\Coerwcultcntdnk.exe Task: {FE9B79F4-7120-487C-AC73-3B753BD63A5C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION ShortcutWithArgument: C:\Users\Pati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Pati\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Pati\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Pati\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Pati\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Pati\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc ==================== Loaded Modules (Whitelisted) ============== 2016-08-22 14:20 - 2016-08-22 14:20 - 00141824 ____H () C:\Program Files (x86)\local64spl.dll 2016-08-22 14:20 - 2016-08-22 14:20 - 00141824 _____ () C:\ProgramData\FastPrinter\local64spl.dll 2015-04-13 21:04 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-10-08 19:45 - 2015-08-21 20:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2016-08-22 21:37 - 2016-08-22 21:37 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-08-22 21:37 - 2016-08-22 21:37 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-09-28 13:46 - 2016-09-28 13:46 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092801\algo.dll 2016-10-01 14:37 - 2016-10-01 14:37 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100104\algo.dll 2016-08-22 23:35 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-08-22 23:35 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-08-22 23:35 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2016-08-22 23:35 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2016-08-22 23:35 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2016-08-22 21:38 - 2016-08-22 21:38 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Pati\Cookies:eLzXAceo1JHpJ06dclVDZj7KM [2324] AlternateDataStreams: C:\Users\Pati\AppData\Local\zaupT9tpAAXks:5H3eduoCRYxQTYpDl4RAtBNP2 [2234] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2016-03-21 20:41 - 00000999 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 clients2.google.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1057106586-2403482295-1909535323-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pati\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta z Przeglądarki fotografii systemu Windows.jpg DNS Servers: 188.120.239.115 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKU\S-1-5-21-1057106586-2403482295-1909535323-1001\...\StartupApproved\Run: => "IRsoft" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{EF0868AD-7D63-452F-B7BE-27FCEA7E9D21}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DB354130-8033-48FE-8ADE-F9F8AAD553F3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{07506365-3A82-4F07-A2C1-BFCE93705603}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{D4E83F27-3951-465F-9A6A-EC155E8EC854}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{1BC982D4-C232-40DC-A3EF-85A10EE76708}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{F3F0233C-47FE-4E46-8B30-2D089E185224}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C21C7359-93A3-46C0-86F0-362F97755873}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{3479EEF4-8CD6-4F2E-BD3C-E5FAEDD2630D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{337EF42B-ABEA-45FF-8920-2D228DE893AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{CF6B9FF9-EEA3-4854-B0DB-A91CBE74FB30}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{8C54F026-1AAC-4E88-AE10-753A927E8957}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{6ED4D393-DB1A-41F3-8BF7-6B8A8676133B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{A33718D6-4615-461B-879C-4D4E070DA980}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{F3E1C602-9AA4-4454-8E20-F05782B17A1B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{82245B56-FF31-457B-BBAD-1F941F766B34}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{AD0642F9-2BC2-4406-A061-818C101DA567}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{650C4EC3-6BC9-42BA-88E4-9B2C2A4AD1B9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{1DB1BD7A-FBF7-4F7D-8D6E-8F06FD22BFC1}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{48771F6D-A7C8-469A-894B-C4267EA89478}] => (Allow) D:\Program Files\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{1A150E74-E5F3-4773-AE53-48F534C0409E}] => (Allow) D:\Program Files\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{7C11B065-9FD5-4EAB-8432-560808717504}] => (Allow) LPort=7935 FirewallRules: [{C0241BA6-E81D-46FD-8C4F-8CC4114F992A}] => (Allow) D:\Program Files\Bettle.net\Battle.net\Battle.net.exe FirewallRules: [{10BA5D6A-4F7D-46E1-9C4D-9D9DB2465766}] => (Allow) D:\Program Files\Bettle.net\Battle.net\Battle.net.exe FirewallRules: [{207AA512-58CC-4144-A439-C0C4861FB1D4}] => (Allow) D:\Program Files\Bettle.net\Hearthstone\Hearthstone.exe FirewallRules: [{AC415DD1-2FDB-4B4D-A6A7-361F876268D7}] => (Allow) D:\Program Files\Bettle.net\Hearthstone\Hearthstone.exe FirewallRules: [{53B8421E-E668-4BBE-90FE-3568045FA2E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 18-08-2016 08:49:46 Windows Update 15-09-2016 19:21:51 Windows Update 20-09-2016 18:01:22 Windows Update ==================== Faulty Device Manager Devices ============= Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart B110 series Description: Photosmart B110 series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/01/2016 06:01:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAT-KOMPUTER) Description: Aktywacja aplikacji Microsoft.BingWeather_8wekyb3d8bbwe!App nie powiodła się. Błąd: -2144927148. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (10/01/2016 06:01:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAT-KOMPUTER) Description: Aktywacja aplikacji Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness nie powiodła się. Błąd: -2144927148. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (10/01/2016 05:01:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAT-KOMPUTER) Description: Aktywacja aplikacji Microsoft.BingNews_8wekyb3d8bbwe!AppexNews nie powiodła się. Błąd: -2144927148. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (10/01/2016 04:01:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAT-KOMPUTER) Description: Aktywacja aplikacji Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness nie powiodła się. Błąd: -2144927148. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (10/01/2016 04:01:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAT-KOMPUTER) Description: Aktywacja aplikacji Microsoft.BingWeather_8wekyb3d8bbwe!App nie powiodła się. Błąd: -2144927148. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (10/01/2016 03:01:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAT-KOMPUTER) Description: Aktywacja aplikacji Microsoft.BingNews_8wekyb3d8bbwe!AppexNews nie powiodła się. Błąd: -2144927148. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (10/01/2016 02:53:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/01/2016 02:46:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAT-KOMPUTER) Description: Aktywacja aplikacji Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness nie powiodła się. Błąd: -2144927148. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (10/01/2016 02:46:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAT-KOMPUTER) Description: Aktywacja aplikacji Microsoft.BingWeather_8wekyb3d8bbwe!App nie powiodła się. Błąd: -2144927148. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (10/01/2016 02:46:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAT-KOMPUTER) Description: Aktywacja aplikacji Microsoft.BingNews_8wekyb3d8bbwe!AppexNews nie powiodła się. Błąd: -2144927148. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. System errors: ============= Error: (10/01/2016 04:57:04 PM) (Source: DCOM) (EventID: 10010) (User: PAT-KOMPUTER) Description: Serwer {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (10/01/2016 04:56:34 PM) (Source: DCOM) (EventID: 10010) (User: PAT-KOMPUTER) Description: Serwer {1B1F472E-3221-4826-97DB-2C2324D389AE} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (10/01/2016 04:16:47 PM) (Source: DCOM) (EventID: 10010) (User: PAT-KOMPUTER) Description: Serwer {1B1F472E-3221-4826-97DB-2C2324D389AE} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (10/01/2016 04:16:17 PM) (Source: DCOM) (EventID: 10010) (User: PAT-KOMPUTER) Description: Serwer {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (10/01/2016 06:33:12 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (09/30/2016 04:25:05 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 Error: (09/30/2016 01:24:51 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (09/30/2016 01:12:39 PM) (Source: DCOM) (EventID: 10010) (User: PAT-KOMPUTER) Description: Serwer {1B1F472E-3221-4826-97DB-2C2324D389AE} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (09/30/2016 01:12:09 PM) (Source: DCOM) (EventID: 10010) (User: PAT-KOMPUTER) Description: Serwer {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (09/30/2016 03:18:44 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 5 CodeIntegrity: =================================== Date: 2016-03-09 18:20:32.375 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-29 14:59:47.173 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-21 16:29:07.276 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-18 15:06:07.934 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-16 16:17:09.425 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-12 11:45:32.980 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-27 18:10:26.441 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-26 09:20:09.892 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-25 12:48:03.034 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-13 12:04:22.960 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz Percentage of memory in use: 36% Total physical RAM: 3956.4 MB Available physical RAM: 2527.57 MB Total Virtual: 6640.69 MB Available Virtual: 4505.83 MB ==================== Drives ================================ Drive c: (System Reserved) (Fixed) (Total:195.31 GB) (Free:123.16 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:736.2 GB) (Free:493.76 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B26C02FB) Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=736.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================