Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016 Ran by Kamila (07-11-2016 18:36:47) Running from C:\Users\Kamila\Desktop Windows 8.1 (Update) (X64) (2015-04-16 17:39:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1284645723-4238519777-3840485311-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-1284645723-4238519777-3840485311-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1284645723-4238519777-3840485311-1003 - Limited - Enabled) Kamila (S-1-5-21-1284645723-4238519777-3840485311-1001 - Administrator - Enabled) => C:\Users\Kamila ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1284645723-4238519777-3840485311-1001\...\uTorrent) (Version: 3.4.3.40097 - BitTorrent Inc.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft) AMD Catalyst Install Manager (HKLM\...\{99213849-249E-7726-EBA7-ADFCA48E2246}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.227 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.) DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.5700 - DTS, Inc.) Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project) Fallout (HKLM-x32\...\Fallout) (Version: - ) Gadwin PrintScreen (64-Bit) (HKLM\...\{5A946012-DDD3-45CA-87E4-125819D33C9F}) (Version: 5.0.3.0 - Gadwin Systems) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HWiNFO64 Version 4.24 (HKLM\...\HWiNFO64_is1) (Version: 4.24 - Martin Malík - REALiX) Jagged Alliance 2 (HKLM-x32\...\Jagged Alliance 2) (Version: - ) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden Light Alloy 4.7.7 (build 1041) (HKLM-x32\...\Light Alloy) (Version: 4.7.7 (build 1041) - ) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) NapiProjekt (2.1.0.2287) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Nero 9 Essentials (HKLM-x32\...\{086c88c1-20d4-4c8f-9daa-45330b491fc8}) (Version: - Nero AG) Nero BurningROM 2015 (HKLM-x32\...\{7DEF9F2B-97EE-432E-91D9-FF39816B29D6}) (Version: 16.0.02700 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1007 - Nero AG) OpenOffice 4.1.1 (HKLM-x32\...\{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}) (Version: 4.11.9775 - Apache Software Foundation) Opera Stable 41.0.2353.46 (HKLM-x32\...\Opera 41.0.2353.46) (Version: 41.0.2353.46 - Opera Software) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Prerequisite installer (x32 Version: 16.0.0004 - Nero AG) Hidden PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7173 - Realtek Semiconductor Corp.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.2 - Synaptics Incorporated) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59131 - TeamViewer) TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.02.6402 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.0.6404 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\{2DB90351-FBAA-472B-9F12-6E1EBBB354DE}) (Version: v2.1.0.22 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation) TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.5.1 - Toshiba Europe GmbH) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) WarThunder (HKLM\...\WarThunder) (Version: - WarThunder) <==== ATTENTION Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D63075B-63E3-438B-887C-4607FD0A73EE} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-03-04] (Nero AG) Task: {423050E3-6031-4D45-8A81-FA0624727128} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-17] (Google Inc.) Task: {58516253-7EEA-448B-ACB0-A7283D7EA6E1} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation) Task: {6D590412-95F5-4D00-9E0E-CEED00B52C1C} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-12-24] (Toshiba Europe GmbH) Task: {7157EA11-54EF-42DF-92A3-672A779E9DF5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {8381B94E-1F66-4B4F-91E5-1D8BA47F7329} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-17] (Google Inc.) Task: {8D509D63-322B-4CA1-BCF0-3AF3567FAF19} - System32\Tasks\Opera scheduled Autoupdate 1434561205 => C:\Program Files (x86)\Opera\launcher.exe [2016-10-24] (Opera Software) Task: {B807B8C5-74AA-433D-A3A8-B609992E5A76} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-25] (Synaptics Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Kamila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=2&click_id=18d6b3f46dc53782394c0a6fa0eb05479244c572 --start-fullscreen ShortcutWithArgument: C:\Users\Kamila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Kamila\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=2&click_id=18d6b3f46dc53782394c0a6fa0eb05479244c572 --start-fullscreen ShortcutWithArgument: C:\Users\Kamila\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2014-04-23 06:48 - 2014-04-23 06:48 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2014-02-24 22:11 - 2014-02-24 22:11 - 00021328 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2015-04-18 21:26 - 2015-04-18 21:26 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\5c9c0b89a558d0e589c254af6b1ca238\Windows.UI.ni.dll 2015-04-18 21:26 - 2015-04-18 21:26 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\e291aa8a59dc390d0cdf99d3c6d8b6e5\Windows.Data.ni.dll 2013-08-22 08:19 - 2013-08-22 07:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd 2014-04-23 06:48 - 2014-04-23 06:48 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll 2015-12-22 01:47 - 2015-12-22 01:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll 2016-10-25 02:22 - 2016-10-20 09:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll 2016-10-25 02:22 - 2016-10-20 09:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll 2016-10-26 06:49 - 2016-10-24 10:03 - 17771200 _____ () C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.205\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2016-11-07 18:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1284645723-4238519777-3840485311-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "Eraser" HKU\S-1-5-21-1284645723-4238519777-3840485311-1001\...\StartupApproved\Run: => "Gadwin PrintScreen (64-bit)" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{38115C0F-C0E1-40B3-AAF6-82D7E3B01987}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{B6213250-ADE8-4D03-A8FC-74120A4B7007}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{473751F5-7EEB-4CBE-9FEB-E3271391C18A}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{0C34103E-371F-429D-880A-94CB12B28C38}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{6EDEBD9C-B09C-405C-8002-77321A4171D5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{0060643F-DDD7-4016-B883-B852B0CD8981}] => (Allow) C:\Users\Kamila\Desktop\CZYSZCZENIE.KOMPA\utorrent_windows_ver3.4.30660.exe FirewallRules: [{E2BB8400-2958-4081-843E-3F2CE18A8602}] => (Allow) C:\Users\Kamila\Desktop\CZYSZCZENIE.KOMPA\utorrent_windows_ver3.4.30660.exe FirewallRules: [{28A91020-85AF-4599-AD21-00B50149E887}] => (Allow) C:\Users\Kamila\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8B7725AD-163D-40DD-B9B5-901BAE638CDA}] => (Allow) C:\Users\Kamila\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{58E9E541-C6A7-4676-BB3A-B2832819B5C3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{168B44CE-04FB-4467-BCFC-7DB99EBC7AA2}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{9547EA85-F8F5-4B1B-A85D-C968E0C4203B}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\StartNBR.exe FirewallRules: [{A1A8CB0A-3455-486A-8FCE-4B0B0C30F274}] => (Allow) C:\Program Files (x86)\Nero\Nero 2015\Nero Burning ROM\nero.exe FirewallRules: [{F3D66955-7D01-4DA9-A310-B8ABBD529B0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{02F2B80E-C03D-42FF-A964-853403FEC40B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{ACDE2DBA-4F22-438A-AF3E-C88F261A4B80}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3437101D-765C-4654-9AB0-CCD0A0B623C4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{AD412288-908A-42A2-99DA-F3ABEDA32C40}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Restore Points ========================= 19-10-2016 19:18:24 Scheduled Checkpoint 30-10-2016 12:28:12 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/07/2016 06:20:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Au_.exe version 2.1.1.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 14f4 Start Time: 01d2391ac9e54fe9 Termination Time: 4294967295 Application Path: C:\Users\Kamila\AppData\Local\Temp\~nsuA.tmp\Au_.exe Report Id: 73ea4fb7-a50e-11e6-82a0-008cfa83e312 Faulting package full name: Faulting package-relative application ID: Error: (11/07/2016 04:33:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ByteFence.exe, version: 2.1.1.6, time stamp: 0x56f9c43d Faulting module name: LSASRV.dll, version: 6.3.9600.17918, time stamp: 0x558e04d1 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0xd34 Faulting application start time: 0x01d23670fae10875 Faulting application path: C:\Program Files\ByteFence\ByteFence.exe Faulting module path: C:\WINDOWS\SYSTEM32\LSASRV.dll Report Id: e32095b1-a49a-11e6-82a0-008cfa83e312 Faulting package full name: Faulting package-relative application ID: Error: (11/05/2016 04:33:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ByteFence.exe, version: 2.1.1.6, time stamp: 0x56f9c43d Faulting module name: LSASRV.dll, version: 6.3.9600.17918, time stamp: 0x558e04d1 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0xd34 Faulting application start time: 0x01d23670fae10875 Faulting application path: C:\Program Files\ByteFence\ByteFence.exe Faulting module path: C:\WINDOWS\SYSTEM32\LSASRV.dll Report Id: 98013e23-a308-11e6-82a0-008cfa83e312 Faulting package full name: Faulting package-relative application ID: Error: (11/04/2016 09:26:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005). Error: (11/04/2016 04:33:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ByteFence.exe, version: 2.1.1.6, time stamp: 0x56f9c43d Faulting module name: LSASRV.dll, version: 6.3.9600.17918, time stamp: 0x558e04d1 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x1c80 Faulting application start time: 0x01d2364bb914e826 Faulting application path: C:\Program Files\ByteFence\ByteFence.exe Faulting module path: C:\WINDOWS\SYSTEM32\LSASRV.dll Report Id: 6fa5d95d-a23f-11e6-829f-008cfa83e312 Faulting package full name: Faulting package-relative application ID: Error: (10/31/2016 04:33:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ByteFence.exe, version: 2.1.1.6, time stamp: 0x56f9c43d Faulting module name: LSASRV.dll, version: 6.3.9600.17918, time stamp: 0x558e04d1 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x1ae0 Faulting application start time: 0x01d233270f602d74 Faulting application path: C:\Program Files\ByteFence\ByteFence.exe Faulting module path: C:\WINDOWS\SYSTEM32\LSASRV.dll Report Id: b9a66cb6-9f1a-11e6-829f-008cfa83e312 Faulting package full name: Faulting package-relative application ID: Error: (10/29/2016 06:55:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005). Error: (10/27/2016 03:34:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ByteFence.exe, version: 2.1.1.6, time stamp: 0x56f9c43d Faulting module name: LSASRV.dll, version: 6.3.9600.17918, time stamp: 0x558e04d1 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x168c Faulting application start time: 0x01d22ffa03f38cdf Faulting application path: C:\Program Files\ByteFence\ByteFence.exe Faulting module path: C:\WINDOWS\SYSTEM32\LSASRV.dll Report Id: dd421cd8-9bed-11e6-829f-008cfa83e312 Faulting package full name: Faulting package-relative application ID: Error: (10/25/2016 03:33:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ByteFence.exe, version: 2.1.1.6, time stamp: 0x56f9c43d Faulting module name: LSASRV.dll, version: 6.3.9600.17918, time stamp: 0x558e04d1 Exception code: 0xc0000005 Fault offset: 0x000000000005036a Faulting process id: 0x2fa0 Faulting application start time: 0x01d22e67af1e2f8d Faulting application path: C:\Program Files\ByteFence\ByteFence.exe Faulting module path: C:\WINDOWS\SYSTEM32\LSASRV.dll Report Id: 79753d09-9a5b-11e6-829f-008cfa83e312 Faulting package full name: Faulting package-relative application ID: Error: (10/24/2016 12:55:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005). System errors: ============= Error: (11/04/2016 08:52:18 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:42:59 AM on ‎11/‎4/‎2016 was unexpected. Error: (10/18/2016 07:52:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (09/24/2016 05:19:15 PM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk1\DR3, has a bad block. Error: (09/24/2016 12:52:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/24/2016 12:52:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. Error: (09/24/2016 12:52:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Quality Windows Audio Video Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/24/2016 12:52:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/23/2016 09:25:44 PM) (Source: DCOM) (EventID: 10010) (User: KAMILA) Description: The server {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E} did not register with DCOM within the required timeout. Error: (08/25/2016 11:39:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70. Error: (08/24/2016 08:32:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: Incorrect function. ==================== Memory info =========================== Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics Percentage of memory in use: 61% Total physical RAM: 3545.23 MB Available physical RAM: 1356.47 MB Total Virtual: 6853.23 MB Available Virtual: 2655.29 MB ==================== Drives ================================ Drive c: (TI31334200A) (Fixed) (Total:619.42 GB) (Free:557.59 GB) NTFS Drive d: (New Volume) (Fixed) (Total:300 GB) (Free:225.21 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================