Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017 Ran by maf2 (08-03-2017 09:31:37) Running from C:\Users\maf2\AppData\Local\Temp\scoped_dir6988_24357 Windows 10 Pro Version 1607 (X64) (2017-02-13 07:37:41) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1564095453-3564214088-3623100993-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-1564095453-3564214088-3623100993-503 - Limited - Disabled) Guest (S-1-5-21-1564095453-3564214088-3623100993-501 - Limited - Disabled) maf2 (S-1-5-21-1564095453-3564214088-3623100993-1002 - Administrator - Enabled) => C:\Users\maf2 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: ESET NOD32 Antivirus 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET NOD32 Antivirus 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . . (Version: 2.1.28.3 - Intel) Hidden . . . (x32 Version: 2.7.1.1 - Intel) Hidden 7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov) Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.17.1 - Mirillis) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Alien Swarm (HKLM-x32\...\Steam App 630) (Version: - Valve) Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1508.1001 - Micro-Star International Co., Ltd.) Battery Calibration (x32 Version: 1.0.1508.1001 - Micro-Star International Co., Ltd.) Hidden Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB) CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform) CDBurnerXP (HKLM-x32\...\{389A4CEF-2D8E-4D6A-ADB3-D8876AC7D0C3}) (Version: 4.5.7.6521 - Canneverbe Limited) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6321 - CDBurnerXP) Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.) COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) COMODO Firewall (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Decrap my Computer (HKLM-x32\...\Decrap my Computer) (Version: - Macecraft Software) EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies) ELAN Touchpad 15.13.5.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.5.2 - ELAN Microelectronic Corp.) ESET NOD32 Antivirus (HKLM\...\{ACA1303F-28D2-4C73-A0A3-785F0327E0B6}) (Version: 10.0.390.0 - ESET, spol. s r.o.) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) FileZilla Client 3.24.1 (HKLM-x32\...\FileZilla Client) (Version: 3.24.1 - Tim Kosse) FlashGet(JetCar) (HKLM-x32\...\FlashGet(JetCar)) (Version: - ) Foscam Web Components 2.1.2.4066 (HKLM-x32\...\{97FD518A-EA1F-4B44-B7D7-890164D6B22E}_is1) (Version: 2.1.2.4066 - FOSCAM) Fritz 13 (HKLM-x32\...\{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}) (Version: 13.0.0.0 - ChessBase) GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version: - ) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Havij 1.15 Free (HKLM-x32\...\Havij_is1) (Version: - ITSecTeam) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.77.0 - HTC) I Am Alive (x32 Version: 1.01.0 - Ubisoft) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{29539bc2-b48e-4b56-93e8-420e38a6d551}) (Version: 2.7.1.1 - Intel) Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation) IPCWebComponents 3.1.0.9 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.1.0.9 - ) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation) Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab) Kaspersky Software Updater (x32 Version: 2.0.0.623 - Kaspersky Lab) Hidden KB9X Radio Switch Driver (HKLM\...\B16388B2E5D3CBA8F0EE88A8C5459BADAF4DE251) (Version: 1.0.7112.20593 - ENE TECHNOLOGY INC.) Kingo ROOT version 1.5.0.2927 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.0.2927 - Kingosoft Technology Ltd.) K-Lite Mega Codec Pack 10.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - ) LibreOffice 5.1.4.2 (HKLM\...\{3D0938AC-CEED-48CF-9649-D433CE8A4AF7}) (Version: 5.1.4.2 - The Document Foundation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Setup (English) (HKLM\...\{DCB0EF4F-E2C2-420B-B8C9-B317A8ECE73A}) (Version: 11.2.5343.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.2.5058.0 - Microsoft Corporation) MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mobile Upgrade S 4.2.3 (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Communication Technology Holdings Limited) Mozilla Firefox 51.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 pl)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSI Intel Extreme Tuning Utility (HKLM-x32\...\{2301bb34-385a-4a57-877f-c54347957fad}) (Version: 4.0.6.305 - Intel Corporation) MSI Intel Extreme Tuning Utility (x32 Version: 4.0.6.305 - Intel Corporation) Hidden MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.06 - MSI) MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.026 - MSI) MSIRegister (HKLM-x32\...\{80B995A4-3A86-4690-98A6-563F1A788835}_is1) (Version: 2.0.0.05 - MSI) NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org) NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.10 - MSI) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team) NVIDIA Graphics Driver 376.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.67 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) O&O CleverCache (HKLM\...\{2A64B9EB-AAEF-462B-8D5A-855B1DD5467A}) (Version: 7.1.2737 - O&O Software GmbH) Odkurzacz (HKLM-x32\...\Odkurzacz 14.3_is1) (Version: 14.3.0.4600 - FranmoSoftware - Maciej Opaliński) Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software) Oprogramowanie Intel® PROSet/Wireless WiFi (HKLM\...\{E671D411-5F2E-45D6-957C-EB78641192AB}) (Version: 15.05.4000.1515 - Intel Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.) PerfectDisk Professional Business (HKLM\...\{C4E01CDC-0063-493C-B383-9C4FCF7A89F7}) (Version: 14.0.890 - Raxco Software Inc.) Portal 2 Sixense Perceptual Pack (HKLM-x32\...\Steam App 247120) (Version: - ) Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation) Prince of Persia Sands of Time (HKLM-x32\...\Uplay Install 111) (Version: - Ubisoft) Profesor Klaus - Intensywny kurs (HKLM-x32\...\Klaus_Intensywny_kurs_cd1_is1) (Version: - ) Profesor Klaus - Intensywny kurs (HKLM-x32\...\Klaus_Intensywny_kurs_cd2_is1) (Version: - ) Profesor Klaus - Intensywny kurs (HKLM-x32\...\Klaus_Intensywny_kurs_cd3_is1) (Version: - ) Profesor Klaus - Intensywny kurs (HKLM-x32\...\Klaus_Intensywny_kurs_cd4_is1) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.) SCM (HKLM\...\{C6C6E64E-6C48-47FE-A175-4C73C3A465CF}) (Version: 10.013.03016 - Application) SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology) Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia) Service Pack 2 for SQL Server 2012 (KB2958429) (64-bit) (HKLM\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation) Shadow Warrior Classic (1997) (HKLM-x32\...\Steam App 238070) (Version: - 3D Realms) Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - ) Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.104 - Skype Technologies S.A.) SMPlayer 0.8.6.0 (HKLM-x32\...\SMPlayer) (Version: 0.8.6.0 - Ricardo Villalba) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1 - Krzysztof Kowalczyk) SuperMemo UX (HKLM-x32\...\SuperMemo UX) (Version: 1.5.4.2 - SuperMemo World) System Mechanic (HKLM-x32\...\InstallShield_{49DCB5CB-235B-4A14-BD8E-1E9FC1B0311C}) (Version: 16.0.0.464 - iolo technologies, LLC) System Mechanic (x32 Version: 16.0.0.464 - iolo technologies, LLC) Hidden The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd) THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.04.02 - Creative Technology Limited) TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{86A7EED0-02D0-4D91-8183-8D2F23F5E6AE}) (Version: 1.3.1 - TP-LINK) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden TuneUp Utilities Language Pack (pl-PL) (x32 Version: 13.0.3020.16 - TuneUp Software) Hidden Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.26 - Tweaking.com) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) UpdateAssistant (x32 Version: 1.3.0.0 - Microsoft Corporation) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 20.2 - Ubisoft) VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX) VNC Server 6.0.2 (HKLM\...\{28FB9024-BEDC-4F89-AFEE-98C6CBB986CF}) (Version: 6.0.2.25562 - RealVNC Ltd) VNC Viewer 6.0.2 (HKLM\...\{D00A94FF-DF45-49D3-B89D-2708812F644B}) (Version: 6.0.2.25562 - RealVNC Ltd) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST) Windows 10 Manager (HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\Windows 10 Manager 2.0.6) (Version: 2.0.6 - Yamicsoft) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation) WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1564095453-3564214088-3623100993-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05126112-88D9-40A7-959B-C6B24C078D88} - \WPD\SqmUpload_S-1-5-21-1564095453-3564214088-3623100993-1002 -> No File <==== ATTENTION Task: {0635CDE3-1D61-47AD-9346-78455F75D981} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO) Task: {106D2823-8BF9-486C-8E08-99DBFEBECC26} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO) Task: {12F07964-3CAB-4E74-9BB5-21F23837BAE0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {1FC923A8-5A29-4DDE-A6A1-645F9C35FB68} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-02] (Intel Corporation) Task: {25D688A4-686E-4D86-8979-4271874858DE} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-28] (COMODO) Task: {2887E153-65E6-47E7-A610-9584975F011F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {2E5B8A04-839E-4A43-86BB-A6D13F6B4E5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {32F42077-BE9D-4BF7-9CC2-9D64EE465E0B} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2014-04-23] (Realtek Semiconductor) Task: {343E985B-59B8-4303-A6C7-55AFE7891CAD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe Task: {37A3178D-1E8F-4B60-94DC-1E8253503974} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {44164A06-B609-4771-B6C4-EAC2369D2795} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {44C04869-6D8D-4257-BE80-DA2B9E3CB102} - System32\Tasks\ioloToaster => C:\Program Files (x86)\iolo\System Mechanic\ioloToaster.exe [2017-02-21] (iolo technologies, LLC) Task: {4691D504-DB4D-4CF1-9158-9F09ABCE011B} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2016-01-14] () Task: {584825E1-0BD6-49B5-B956-F6F9D42C16DD} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-02-17] (Oracle Corporation) Task: {6B03AEAB-1417-4B57-A406-C77AF7875AE0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {6C1E3C96-38EA-44D2-AD27-5E5348211CBB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {8072AECB-7D4C-46C9-9A58-8029CCEAE016} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\iolo\System Mechanic\ioloSmartUpdater.exe [2017-02-21] (iolo technologies, LLC) Task: {8B5D9E5B-16CD-4373-8616-11960BD0EC50} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd) Task: {9126F776-B91F-41A3-B8C8-1B9DAE18EE4F} - System32\Tasks\Opera scheduled Autoupdate 1391538487 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software) Task: {9FD5B47B-D730-4B0B-ABFB-6820C38AB389} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {A01A0CD5-EBD1-48ED-AA2F-A0622925A4FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {A028D662-44ED-4147-93C0-96A7371F7BE5} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-06-28] (iolo technologies, LLC) Task: {A7690EB1-80EF-4F94-A7B1-D52EDB733346} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-28] (COMODO) Task: {A7D06F85-4333-4807-990F-073651F8FBE8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2016-11-02] (Microsoft Corporation) Task: {ABE062BD-96A5-480E-AE91-52632E196ABE} - \WPD\SqmUpload_S-1-5-21-1564095453-3564214088-3623100993-1001 -> No File <==== ATTENTION Task: {B8254FA5-1EBA-4567-AD1A-A4E96D5D3C87} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-03-06] (Adobe Systems Incorporated) Task: {BA3AEC11-3097-4EAA-ADEF-57EE97174A91} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C1A4FD06-4E51-4B45-84BC-4D14272C5CBC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {D1E93B72-D7F9-4591-B96F-44C7AAEE865C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {DF9EF7C0-323A-467A-8928-6D507EC02C47} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO) Task: {E6F1EDB0-D977-448B-80D7-F3516DA517B6} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com) Task: {EB33E46A-7989-42FC-AEFE-C2DC2E6ADC8F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-02] (Intel Corporation) Task: {EC916812-FE3D-454C-924D-0174DA55FBB6} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO) Task: {EDC83A42-A1B3-4101-BCD5-F56A1539D706} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2017-02-18] (Intel Corporation) Task: {F417A3CD-3437-4A3A-AC32-13678F54A878} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-06] (Adobe Systems Incorporated) Task: {F6008182-7380-4012-8BF6-A745CD55B97F} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe [2017-02-21] (iolo technologies, LLC) Task: {F8EE8AE9-916B-4193-84E7-7A1DF10B7FB9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {FBCAD498-74B4-49C9-8787-FB5290C0C7AD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-03-01 00:52 - 2017-01-06 18:29 - 00017384 _____ () C:\Users\maf2\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe 2013-07-01 09:21 - 2013-07-01 09:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe 2013-07-01 00:15 - 2013-07-01 00:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll 2013-07-01 00:17 - 2013-07-01 00:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll 2013-07-01 00:17 - 2013-07-01 00:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll 2013-07-01 00:16 - 2013-07-01 00:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll 2013-07-01 00:16 - 2013-07-01 00:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll 2013-07-01 00:15 - 2013-07-01 00:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll 2013-07-01 09:21 - 2013-07-01 09:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe 2013-07-01 00:16 - 2013-07-01 00:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll 2013-07-01 00:16 - 2013-07-01 00:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll 2013-07-01 00:17 - 2013-07-01 00:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll 2013-10-17 15:27 - 2017-02-14 14:50 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2017-02-13 07:43 - 2017-01-16 00:55 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-12-28 00:17 - 2016-12-28 00:17 - 00155320 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll 2016-12-28 00:16 - 2016-12-28 00:16 - 00107704 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll 2016-12-28 00:16 - 2016-12-28 00:16 - 00179896 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2017-02-13 08:42 - 2017-02-13 08:42 - 00959168 _____ () C:\Users\maf2\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll 2016-10-21 09:07 - 2017-02-14 14:51 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe 2017-02-13 08:12 - 2017-02-13 08:12 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-02-13 08:12 - 2017-02-13 08:12 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-02-22 21:42 - 2017-02-22 21:42 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-02-22 21:42 - 2017-02-22 21:42 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-02-22 21:42 - 2017-02-22 21:43 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-02-13 09:35 - 2017-02-13 09:35 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll 2017-02-28 23:55 - 2017-02-27 09:19 - 53908056 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_browser.dll 2017-02-21 22:13 - 2017-02-21 22:13 - 00052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2017-02-28 23:55 - 2017-02-27 09:19 - 59948632 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll 2017-02-28 23:55 - 2017-02-27 09:19 - 02559576 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libglesv2.dll 2017-02-28 23:55 - 2017-02-27 09:19 - 00100952 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libegl.dll 2017-03-08 09:18 - 2017-03-08 09:18 - 00380928 _____ () C:\Users\maf2\Downloads\gkyqm4l5.exe 2016-10-21 09:07 - 2016-10-21 09:07 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2016-10-21 09:07 - 2016-10-21 09:07 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll 2016-10-21 09:08 - 2016-10-21 09:08 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll 2016-10-21 09:09 - 2016-10-21 09:09 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll 2017-02-18 03:45 - 2017-02-18 03:45 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll 2016-11-26 23:42 - 2016-11-26 23:42 - 00332104 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\dblite.dll 2016-12-21 20:21 - 2016-12-21 20:21 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libcef.dll 2016-11-26 23:37 - 2016-11-26 23:37 - 00418512 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\ipm_service.dll 2016-12-21 20:21 - 2016-12-21 20:21 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libglesv2.dll 2016-12-21 20:21 - 2016-12-21 20:21 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Shareaza download:Shareaza.GUID [16] AlternateDataStreams: C:\WINDOWS\NvContainerRecovery.bat:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc45.dat:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WmiAcpi.bat:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\SETBF52.tmp:$CmdTcID [64] AlternateDataStreams: C:\Users\maf2\Downloads:Shareaza.GUID [16] AlternateDataStreams: C:\Users\maf2\Downloads\1759EMS1.509.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\AIDA32_v3.94.2:Shareaza.GUID [16] AlternateDataStreams: C:\Users\maf2\Downloads\Battery_Calibration_1.0.1405.0701.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\Bluetooth_Radar_2.2.msi:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\Dragon Gaming Centerv2.0.1701.0601.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\fastboot-win.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\HDDEraseWeb.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\maf2\Downloads\HDDEraseWeb.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\KingoRoot.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\lan_killer_bigfoot_6.1.0.547_w800:Shareaza.GUID [16] AlternateDataStreams: C:\Users\maf2\Downloads\me_8.1.0.1263_w8_64bit:Shareaza.GUID [16] AlternateDataStreams: C:\Users\maf2\Downloads\MSI Setup_SSE2.9.2015.1.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\quick (1).cgi:$CmdTcID [64] AlternateDataStreams: C:\Users\maf2\Downloads\quick (1).cgi:$CmdZnID [26] AlternateDataStreams: C:\Users\maf2\Downloads\quick.cgi:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "vpngui.exe.lnk" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "Nvtmru" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "OODefragTray" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "COMODO Internet Security" HKLM\...\StartupApproved\Run32: => "Live Update" HKLM\...\StartupApproved\Run32: => "PerfectGuard" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Super Charger" HKLM\...\StartupApproved\Run32: => "Adobe RGB Color" HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\StartupApproved\Run: => "TrueCrypt" HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1564095453-3564214088-3623100993-1002\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{AF7F262A-6D62-49EF-A42B-F5784EE3502D}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe FirewallRules: [TCP Query User{7BAE570E-E0C4-42CF-81FD-91D01A0FBE46}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinderpro.exe FirewallRules: [{BBD955FF-9E2F-4552-A36D-6611E02E1E9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EC693C59-D3F7-43C9-B89D-FEBBCDDBB47B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E93A5420-35B3-4A9A-9D24-0C2CE7FCBF3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B6961162-35AE-46AC-ADBB-84259EBEBB9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{ED13F98E-5755-47C7-A71F-9E33F66779D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{DA9F2FD4-7DAC-45F0-A693-285F1AB86C5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{FDE07DDA-9EAC-4B45-B0AE-B91447517F46}] => (Allow) C:\Program Files (x86)\Intel\Extreme Tuning Utility\Client\PerfTune.exe FirewallRules: [{A9F27B82-2CEF-4ACE-8CF8-EED975255C50}] => (Allow) C:\Program Files (x86)\QNapi\qnapi.exe FirewallRules: [{1138212E-945B-49F6-B134-BA8A043583C2}] => (Allow) C:\Program Files (x86)\QNapi\qnapi.exe FirewallRules: [{8EB548FB-45B7-4E0F-858C-42DA78376704}] => (Allow) C:\Program Files (x86)\Ubisoft\I Am Alive\src\System\IAmAlive_game.exe FirewallRules: [{181316BE-A11B-46AE-B5EB-8A9998F1C3C7}] => (Allow) C:\Program Files (x86)\Ubisoft\I Am Alive\src\System\IAmAlive_game.exe FirewallRules: [{F1607B68-9F60-45D2-9CE2-82798AC91D58}] => (Allow) C:\Program Files (x86)\Ubisoft\I Am Alive\IAmAlive_Launcher.exe FirewallRules: [{36FB8905-1E63-4D66-9EE0-D85D5F15C746}] => (Allow) C:\Program Files (x86)\Ubisoft\I Am Alive\IAmAlive_Launcher.exe FirewallRules: [{9CD8C0D7-EF6B-4CB3-88EF-0445E6098F77}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Swarm\swarm.exe FirewallRules: [{ED658B25-C8E1-4510-AB02-D1CE487CA147}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Swarm\swarm.exe FirewallRules: [{73EB092B-24C9-41EF-8A1D-2B4355911D64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadow Warrior Original\bin\launcher.exe FirewallRules: [{92786051-A8D8-4686-A1B0-7524FC1C8288}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadow Warrior Original\bin\launcher.exe FirewallRules: [{0462B106-CCF7-4E99-8241-B851B0CD771A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2 Sixense Perceptual Pack\portal2.exe FirewallRules: [{C482F3F4-11C6-4D90-B354-5605B8731233}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2 Sixense Perceptual Pack\portal2.exe FirewallRules: [TCP Query User{98532AAE-7C0C-4B35-8A4C-77D32AB879D5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{EE5E0B94-4897-428C-9053-3B298D2DE2C2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{68068DBE-C644-40B8-853C-E005B13C9011}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{49A1F1EE-45C0-477B-BB79-2A3CD9BC114F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D6550C54-2AD2-4010-B78F-17D0C7550F40}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe FirewallRules: [{9B284D64-715D-40CF-B3EF-1C8D627FEF3F}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe FirewallRules: [{87D907A7-E3F6-4A00-8BCF-78DFFA1C1C60}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe FirewallRules: [{59592861-8389-4C45-BDB2-45830C6BA82F}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe FirewallRules: [{888554BB-FDBF-48CA-9863-7C6C7A039B37}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Shrew Soft Virtual Adapter Description: Shrew Soft Virtual Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Shrew Soft Service: vnet Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/08/2017 08:59:25 AM) (Source: usbperf) (EventID: 2001) (User: ) Description: Unable to read the "First Counter" value under the usbperf\Performance Key. Status codes returned in data. Error: (03/08/2017 08:57:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.6.0.1030, time stamp: 0x5042b0f0 Faulting module name: IAStorUtil.ni.dll, version: 11.6.0.1030, time stamp: 0x5042b0eb Exception code: 0xc0000005 Fault offset: 0x0002e421 Faulting process ID: 0x17b0 Faulting application start time: 0x01d297e147130aff Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\ae0898501a358cb6c0f621a9f4016707\IAStorUtil.ni.dll Report ID: 6907dce4-0d07-49f8-8c48-28cc1eebe18f Faulting package full name: Faulting package-relative application ID: Error: (03/08/2017 08:57:19 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IAStorDataMgrSvc.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.NullReferenceException at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges() at IAStorUtil.SystemDataModelListener.LoadSavedSystemState() at IAStorDataMgr.EventRelay.b__0(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (03/08/2017 08:54:18 AM) (Source: usbperf) (EventID: 2001) (User: ) Description: Unable to read the "First Counter" value under the usbperf\Performance Key. Status codes returned in data. Error: (03/08/2017 08:53:15 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (03/08/2017 08:52:37 AM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: Could not get performance counter registry information for WSearchIdxPi for instance due to the following error: The operation completed successfully. 0x0. Error: (03/08/2017 08:52:34 AM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer. Context: Application, SystemIndex Catalogue Error: (03/08/2017 08:52:23 AM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer. Error: (03/08/2017 08:46:55 AM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: Could not get performance counter registry information for WSearchIdxPi for instance due to the following error: The operation completed successfully. 0x0. Error: (03/08/2017 08:46:55 AM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer. Context: Application, SystemIndex Catalogue System errors: ============= Error: (03/08/2017 08:57:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Technologia pamięci Intel® Rapid service terminated unexpectedly. It has done this 1 time(s). Error: (03/08/2017 08:57:19 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (03/08/2017 08:53:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/08/2017 08:53:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect. Error: (03/08/2017 08:52:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the vncserver service to connect. Error: (03/08/2017 08:52:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SuperRAIDSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/08/2017 08:52:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SuperRAIDSvc service to connect. Error: (03/08/2017 08:52:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/08/2017 08:52:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (03/08/2017 08:52:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The FontCache3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2017-03-08 09:01:51.025 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 08:58:03.448 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 08:38:18.941 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-08 08:35:18.220 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-08 08:34:26.686 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements. Date: 2017-03-08 08:34:09.399 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-08 08:30:02.079 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-08 08:29:54.070 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\iseguard64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-08 08:29:54.035 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-08 08:29:48.924 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz Percentage of memory in use: 43% Total physical RAM: 8088.91 MB Available physical RAM: 4568.49 MB Total Virtual: 8600.91 MB Available Virtual: 5044.72 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:362.54 GB) (Free:64.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 0000D5DF) Partition 1: (Not Active) - (Size=335.3 GB) - (Type=05) Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=362.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=487 MB) - (Type=83) ==================== End of Addition.txt ============================