Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2017 01 Ran by Marek (19-06-2017 23:00:03) Running from D:\Pobrane Windows 10 Home Version 1703 (X64) (2017-04-25 23:25:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3448522441-4031563645-3186595796-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3448522441-4031563645-3186595796-503 - Limited - Disabled) Guest (S-1-5-21-3448522441-4031563645-3186595796-501 - Limited - Disabled) Marek (S-1-5-21-3448522441-4031563645-3186595796-1001 - Administrator - Enabled) => C:\Users\Marek ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 35MM (HKLM\...\Steam App 466500) (Version: - Носков Сергей) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) American Truck Simulator (HKLM\...\Steam App 270880) (Version: - SCS Software) Ansel (Version: 382.53 - NVIDIA Corporation) Hidden Arcanum (HKLM\...\Steam App 500810) (Version: - Troika Games) ASUS Gaming Center (HKLM-x32\...\{23C8A788-4790-4F3C-B103-0ACC7D9DC5BE}) (Version: 1.0.6 - ASUS) ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS) ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.027 - ASUS) ASUS ROG MacroKey (HKLM-x32\...\{348022C5-F497-4333-AFEE-208F22F169F2}_is1) (Version: 1.0.0.29 - G-spy Co., Ltd) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.13 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.30 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS) Call of Cthulhu: Dark Corners of the Earth (HKLM\...\Steam App 22340) (Version: - Headfirst Productions) Car Mechanic Simulator 2015 (HKLM\...\Steam App 320300) (Version: - Red Dot Games) Carmageddon: Max Damage (HKLM\...\Steam App 505170) (Version: - Stainless Games Ltd) CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform) Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{7EC5A347-1BF1-4115-9063-55025F19AEFB}) (Version: 3.1.07021 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.07021 - Cisco Systems, Inc.) Hidden Cities: Skylines (HKLM\...\Steam App 255710) (Version: - Colossal Order Ltd.) Colin McRae Rally (HKLM\...\Steam App 287340) (Version: - Codemasters Digital) Construction Machines 2014 (HKLM\...\Steam App 252050) (Version: - GameCask) Construction-Simulator 2015 (HKLM\...\Steam App 289950) (Version: - weltenbauer. Software Entwicklung GmbH) CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 51.0.1.0 - 8pecxstudios) CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.) CyberLink PhotoDirector 5 (Version: 5.0.5.6515 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.) Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.) Dying Light (HKLM\...\Steam App 239140) (Version: - Techland) ELAN Touchpad 11.5.20.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.20.3 - ELAN Microelectronic Corp.) Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version: - SCS Software) Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.) Fallout 2 (HKLM\...\Steam App 38410) (Version: - Black Isle Studios) Fallout 3 - Game of the Year Edition (HKLM\...\Steam App 22370) (Version: - Bethesda Game Studios) Fallout: New Vegas (HKLM\...\Steam App 22490) (Version: - Obsidian Entertainment) Farming Simulator 2013 (HKLM\...\Steam App 220260) (Version: - Giants Software) FastStone Image Viewer 6.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.2 - FastStone Soft) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic) Giant Machines 2017 (HKLM\...\Steam App 402750) (Version: - Code Horizon) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Grand Theft Auto: Vice City (HKLM\...\Steam App 12110) (Version: - Rockstar Games) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation) Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Interstate '76 (HKLM-x32\...\1207661003_is1) (Version: 2.1.0.17 - GOG.com) <==== ATTENTION Interstate '76 Nitro Pack (HKLM-x32\...\1207661023_is1) (Version: 2.1.0.17 - GOG.com) <==== ATTENTION Jagged Alliance 2 Gold: Unfinished Business (HKLM\...\Steam App 12380) (Version: - Strategy First) Jagged Alliance 2: Gold Pack (HKLM\...\Steam App 12370) (Version: - Strategy First) klocki (HKLM\...\Steam App 499440) (Version: - Maciej Targoni) Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden LibreOffice 5.3.2.2 (HKLM-x32\...\{8DA98699-6AD4-49CF-A9A0-B5E7B7981BE6}) (Version: 5.3.2.2 - The Document Foundation) Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Maxx Audio Installer (x64) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden Metro 2033 Redux (HKLM\...\Steam App 286690) (Version: - 4A GAMES) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3448522441-4031563645-3186595796-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Mozilla Firefox 54.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 pl)) (Version: 54.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla) Muve Downloader (HKLM-x32\...\{29850ACF-D3C1-4EEC-84C4-DE795C6207F1}) (Version: 1.5.0 - Muve) Need for Speed: SHIFT (HKLM\...\Steam App 24870) (Version: - Slightly Mad Studios) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.1 - Notepad++ Team) NVIDIA 3D Vision Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.53 - NVIDIA Corporation) NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation) NVIDIA Graphics Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.53 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation) NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden Opera Neon (HKU\S-1-5-21-3448522441-4031563645-3186595796-1001\...\Opera Neon) (Version: 1.0.2531.0 - Opera Software AS) Origin (HKLM-x32\...\Origin) (Version: 10.4.12.59996 - Electronic Arts, Inc.) PITy2016 IPS 1.8 kompilacja:1.8.3.20 (HKLM-x32\...\PITy2016IPS_is1) (Version: 1.8 - IPS Przedsiębiorstwo Informatyczne) PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.33 - ASUS) Project CARS (HKLM\...\Steam App 234630) (Version: - Slightly Mad Studios) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7576 - Realtek Semiconductor Corp.) ROG Game First III (HKLM-x32\...\{0C6E32E1-31D9-49F1-B67F-2941994002D5}) (Version: 1.00.27 - ASUSTeK Computer Inc.) S.T.A.L.K.E.R. Call of Pripyat (HKLM-x32\...\1207660583_is1) (Version: 2.1.0.17 - GOG.com) S.T.A.L.K.E.R. Shadow of Chernobyl (HKLM-x32\...\1207660573_is1) (Version: 2.1.0.9 - GOG.com) SGBP Extractor version 2.0 (HKLM-x32\...\{624DD212-8DC8-47A0-BBE1-81268618657E}_is1) (Version: 2.0 - Backup Guard) Shadow Warrior Classic Redux (HKLM\...\Steam App 225160) (Version: - 3D Realms) Shadow Warrior Complete (HKLM-x32\...\1207659142_is1) (Version: 2.1.0.8 - GOG.com) SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden SimCity 3000 Unlimited (HKLM-x32\...\2086050016_is1) (Version: 2.0.0.3 - GOG.com) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) SSD Fresh 2016 (HKLM-x32\...\{71149886-0AA3-4F31-81F9-CC90EA0D55EF}_is1) (Version: 5.0 - Abelssoft) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) Syberia (HKLM\...\Steam App 46500) (Version: - Microids) Syberia II (HKLM-x32\...\{BF1534B0-BE09-457E-A4CF-0EFC803125F2}) (Version: 1.0.0.16 - Microids) TDU2 Unofficial Patch (HKLM-x32\...\TDU2 Unofficial Patch) (Version: - ) TDU2 Unpacked (HKLM-x32\...\TDU2 Unpacker GUI) (Version: - ) Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version: - Atari) The Witcher 3 - Wild Hunt - Game of the Year Edition (HKLM-x32\...\1495134320_is1) (Version: 1.30.0.0 - GOG.com) Thunderbolt(TM) Software (HKLM-x32\...\{E265C71F-14DA-462C-A06A-CBA776B695F1}) (Version: 15.2.32.250 - Intel Corporation) Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 19.1 - Ubisoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.7.557 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows Driver Package - ASUS (ATP) Mouse (02/24/2016 1.0.0.262) (HKLM\...\62C40FA617FED5B2A080FDFA260932672C6B64D7) (Version: 02/24/2016 1.0.0.262 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS) WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4947 - Kingsoft Corp.) XSplit Gamecaster (HKLM-x32\...\{98356AA7-2838-4E10-A3B7-DF6C0312471B}) (Version: 2.3.1504.3026 - SplitmediaLabs) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0F71139B-44DA-4814-95B3-36544058B19C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] () Task: {128EFC8E-06E5-4693-B0CA-FB0AAD0C3D24} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.) Task: {16C0F2CB-05FF-42DC-B079-DCDC8E771142} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe [2015-08-18] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {1A9750AB-7983-4759-B884-B9C82AFC20BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.) Task: {22BF343B-F26A-4064-A2E8-494881D2CCC9} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation) Task: {2B87FDF9-B9DF-4CD4-9DF1-50FBE78A69CE} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.) Task: {38736546-716D-45EA-99D8-5336E9B8AF08} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation) Task: {39C7943B-4C54-46E2-AF8D-4FC3826D874B} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe [2015-05-15] (SplitmediaLabs) Task: {3A4EFE65-AD27-47E5-8C1F-6527C0E259D3} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation) Task: {41663DF1-9FE6-4550-870D-875A7B8917B0} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] () Task: {47B485D9-1AC5-4DE9-BEE0-A56921B2021A} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe [2015-08-18] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {560F8B14-2AF7-4D31-92F8-313CED27201E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation) Task: {5658778E-9666-4DB6-A192-8E2C0C929846} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS) Task: {5696814F-E5BF-4777-9552-0940FF17BF97} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-06] (Realtek Semiconductor) Task: {57DD7FDA-11D7-4395-9B3B-FBE092A5C69C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] () Task: {6B5D4200-A9AE-4A72-9D46-4B6E1B996191} - System32\Tasks\Gaming Center => C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe [2015-02-13] (ASUSTek Computer Inc.) Task: {7055B39F-FAE1-4147-BB17-00D1AA2EA3D2} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe Task: {711BA8C6-3CFE-4EC4-BA50-BA499F056AF7} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-06] (Realtek Semiconductor) Task: {72AD6756-B73F-434D-A9C9-84A7C059BC18} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.) Task: {7EE4A2C4-C2CE-4347-81E4-3F5164C3D77D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04] (Google Inc.) Task: {8577744A-AFF8-4B41-B569-D03CE56DB743} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation) Task: {88EA821D-1A7C-45EA-887B-BC4A9B5E3789} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation) Task: {8B2BDB28-E5DC-4909-A181-D29ECA73E868} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2016-03-04] (AsusTek) Task: {9DD1D70E-D5F6-46D8-AD38-3633CB4AB301} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] () Task: {A1FF1B83-0BAA-4151-B40D-0C325ECD86AA} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe Task: {B810410E-D793-4D49-8FC7-B440F7741C3C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService Task: {BA5EB24A-57FA-4A6C-B323-006E3C85CC38} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-08-06] (Realtek Semiconductor) Task: {BAFED0B4-8A48-4C1D-A4D5-978A20F23AD9} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe Task: {BC6B3917-7181-4E83-A6A5-7B28C9E5E832} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd) Task: {C914EDAE-1D7D-414D-9D98-06CA57307854} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation) Task: {E330439F-4F80-4430-8437-79FD52B83730} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-09-18 07:08 - 2014-04-14 17:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2016-10-05 20:43 - 2017-05-03 20:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-06-18 22:33 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-04-25 23:20 - 2017-06-07 23:55 - 00133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-03-18 20:58 - 2017-03-18 20:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 20:59 - 2017-03-20 03:43 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-09-18 06:59 - 2013-05-15 13:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe 2015-02-19 15:37 - 2015-02-19 15:37 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2015-07-21 23:18 - 2015-07-21 23:18 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-01-28 10:22 - 2017-05-03 20:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2015-06-09 19:25 - 2015-06-09 19:25 - 00035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2015-06-09 19:25 - 2015-06-09 19:25 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2016-10-05 20:44 - 2017-05-03 20:20 - 65709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2013-04-27 09:24 - 2013-04-27 09:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 11:04 - 2015-07-10 11:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3448522441-4031563645-3186595796-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marek\Pictures\47182511-volkswagen-wallpaper.jpg DNS Servers: 192.168.8.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run32: => "WebStorage" HKU\S-1-5-21-3448522441-4031563645-3186595796-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{50BFE17E-6F8B-49FB-8758-8D55C2765030}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe FirewallRules: [{DECD6EA5-6935-4453-A27E-B99346770346}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe FirewallRules: [{738CD711-92B6-4C97-BC20-902131CEF859}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{034A6424-A341-4991-948A-E640F40839A2}] => (Allow) D:\Program Files (x86)\Origin Games\Syberia II\Syberia2.exe FirewallRules: [{2346F9E9-140A-4529-AC58-C201FFD2587B}] => (Allow) D:\Program Files (x86)\Origin Games\Syberia II\Syberia2.exe FirewallRules: [{A98115FF-CC70-4357-BE6A-65755AAF9FF4}] => (Allow) D:\SteamLibrary\steamapps\common\Syberia\Game.exe FirewallRules: [{20F18383-F95C-4B69-8D5F-6424C5A199BD}] => (Allow) D:\SteamLibrary\steamapps\common\Syberia\Game.exe FirewallRules: [{2D698F6C-8BB0-4EFA-BAB2-21FC293F3977}] => (Allow) D:\SteamLibrary\steamapps\common\Metro 2033 Redux\metro.exe FirewallRules: [{C0CEC2E0-E1AC-4CC3-8FC6-F4AEBEEF8D0B}] => (Allow) D:\SteamLibrary\steamapps\common\Metro 2033 Redux\metro.exe FirewallRules: [{A9D0A2E4-E402-4808-B3D1-255499CC7DFB}] => (Allow) D:\SteamLibrary\steamapps\common\Arcanum\SierraLauncher.exe FirewallRules: [{5C3A0FA2-04C7-4453-BCE0-79AA44573A65}] => (Allow) D:\SteamLibrary\steamapps\common\Arcanum\SierraLauncher.exe FirewallRules: [{7A4C87E9-29F3-4A49-9CF5-DA646BFF4C4A}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior Classic\bin\dosbox\DOSBox.exe FirewallRules: [{6D8D245B-5A39-4F73-807B-FF98F2B91A68}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior Classic\bin\dosbox\DOSBox.exe FirewallRules: [{26AA02E4-6893-4BC9-9E85-FC951CE37334}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior Classic\bin\sw.exe FirewallRules: [{26CCFD3F-2CB1-44FA-B6A0-9FD032FB23AF}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior Classic\bin\sw.exe FirewallRules: [{4C4B82AD-321D-44C2-99C8-F772B4A30714}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{20CB873A-43AA-4A63-AC28-383A89ACF331}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1C501793-3F19-4796-B97C-2DFD8CBC4C3C}] => (Allow) D:\SteamLibrary\steamapps\common\Carmageddon Max Damage\bin\Carmageddon_Max_Damage.exe FirewallRules: [{6BA99011-EEBA-44DE-B205-41DD9EA43F9F}] => (Allow) D:\SteamLibrary\steamapps\common\Carmageddon Max Damage\bin\Carmageddon_Max_Damage.exe FirewallRules: [{BEE76B52-B0B0-4A43-965D-BEC6778433D5}] => (Allow) C:\Program Files (x86)\Muve\Muve Downloader\MuveDownloader.exe FirewallRules: [{ED7423C7-A6A2-4BB5-BC76-7358ECB6FFCE}] => (Allow) C:\Program Files (x86)\Muve\Muve Downloader\MuveDownloader.exe FirewallRules: [{611CFB1F-60E5-4571-9A48-61E20FB80BC0}] => (Allow) C:\Program Files (x86)\Muve\Muve Downloader\Launcher.exe FirewallRules: [{A0631C9B-C852-47E5-845D-94E7B9B56280}] => (Allow) C:\Program Files (x86)\Muve\Muve Downloader\Launcher.exe FirewallRules: [UDP Query User{E3B49FD5-BB58-4337-AC2C-94E746D41E16}D:\gry\the crew (worldwide)\thecrew.exe] => (Allow) D:\gry\the crew (worldwide)\thecrew.exe FirewallRules: [TCP Query User{BA07C76B-F2A4-4770-B16A-D8381E31A5C6}D:\gry\the crew (worldwide)\thecrew.exe] => (Allow) D:\gry\the crew (worldwide)\thecrew.exe FirewallRules: [{2C97B457-8F06-4514-9F4B-15422D981229}] => (Allow) D:\SteamLibrary\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe FirewallRules: [{1F44F270-A3FB-4D6D-B5B4-EE65FCD827F2}] => (Allow) D:\SteamLibrary\steamapps\common\Car Mechanic Simulator 2015\cms2015.exe FirewallRules: [{16E6CEBB-0899-4164-A07A-3E3D70059CC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{C32604CE-340C-45EC-AF2D-EC31F2F292D6}] => (Allow) D:\SteamLibrary\steamapps\common\klocki\klocki.exe FirewallRules: [{A4A2FD77-B7A3-4BCB-BE48-C134172888F6}] => (Allow) D:\SteamLibrary\steamapps\common\klocki\klocki.exe FirewallRules: [{D027E5BA-254A-4C49-B598-A16C8B84F36D}] => (Allow) D:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe FirewallRules: [{00D5D395-DCF6-4267-AFED-4CC32AAACF9B}] => (Allow) D:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe FirewallRules: [{F1FBB676-BD7E-4AAA-A6CE-AEBD609593BA}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 2\Fallout2Launcher.exe FirewallRules: [{539AC49D-685E-4F97-B111-0C33DD3E6D56}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 2\Fallout2Launcher.exe FirewallRules: [UDP Query User{8405C42B-E9EC-4E11-91B4-C5F4FCCA66F2}D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe FirewallRules: [TCP Query User{8D8A753C-B9C2-4821-92F5-ABC09CBE2257}D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe] => (Allow) D:\steamlibrary\steamapps\common\fallout 4\fallout4.exe FirewallRules: [{303D606F-1D51-480D-BE40-F668A2A8CAAF}] => (Allow) C:\WINDOWS\system32\ftp.exe FirewallRules: [{5E66F00C-3B4A-45FC-A8AB-61036A598D72}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Cthulhu\Engine\CoCDCoTELauncher.exe FirewallRules: [{03F0278B-D6D6-4657-9ADA-462F4644A23F}] => (Allow) D:\SteamLibrary\steamapps\common\Call of Cthulhu\Engine\CoCDCoTELauncher.exe FirewallRules: [{6C3066E6-053F-4FF3-8D07-1F6EFBC90E01}] => (Allow) D:\SteamLibrary\steamapps\common\Jagged Alliance 2 Gold Unfinished Business\JA2UB.exe FirewallRules: [{E422D337-4CEA-4586-AA7A-31AAC8026550}] => (Allow) D:\SteamLibrary\steamapps\common\Jagged Alliance 2 Gold Unfinished Business\JA2UB.exe FirewallRules: [{542C80B4-AE4A-46FF-8392-CD21CB3FCD40}] => (Allow) D:\SteamLibrary\steamapps\common\Jagged Alliance 2 Gold\ja2.exe FirewallRules: [{54698776-D63F-4437-8B50-5FE3FD46F76D}] => (Allow) D:\SteamLibrary\steamapps\common\Jagged Alliance 2 Gold\ja2.exe FirewallRules: [{CD63E791-080D-4666-A652-DD8D01A72AAA}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout New Vegas enplczru\FalloutNVLauncher.exe FirewallRules: [{4298B09B-B272-459E-9E0B-A7DF9DCD63E4}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout New Vegas enplczru\FalloutNVLauncher.exe FirewallRules: [{B9D7CAB1-4608-4CE5-97EB-B96C9BC9C520}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{A43A53DF-BDD8-42C0-B2CB-F3C1371BDA72}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{B14F53C8-8166-462E-AA4A-9F076B6672AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{ADFE79A4-A613-4958-8E97-F357A3A6CDB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F3D3FBCE-AFB8-4E73-9AEE-CB586C5C5A53}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{F6A8B026-0B21-4102-8AA3-2EB3551ECE13}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D89A4E34-4788-4E67-93EE-903A21CB8118}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{87716C19-D16F-4BCF-AE28-619ED9A9D13D}] => (Allow) C:\Windows\SysWOW64\ftp.exe FirewallRules: [{97A0F939-BF69-4C1F-AC47-21AEFD525190}] => (Allow) C:\Windows\SysWOW64\ftp.exe FirewallRules: [{15E62B35-5213-4803-8519-E0168806E74C}] => (Allow) C:\Windows\system32\ftp.exe FirewallRules: [{816B2452-17B8-43A4-8434-1A042CCBDC5C}] => (Allow) C:\Windows\system32\ftp.exe FirewallRules: [{23C61974-1FAF-4A85-A469-C9E6C0490220}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C4571D41-BB83-4114-B02F-4BEE0B3D6590}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CE24B588-5427-4EAA-8087-EE205CAE2CEF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{7E4A19E4-827F-4B9F-B41C-525336EDEB45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [TCP Query User{C6A951C1-6479-421A-8712-617BD8CFA430}D:\gry\tdu2_unpacked\testdrive2.exe] => (Allow) D:\gry\tdu2_unpacked\testdrive2.exe FirewallRules: [UDP Query User{3D680257-08CE-4CB1-9AB6-AC0BADA94AC5}D:\gry\tdu2_unpacked\testdrive2.exe] => (Allow) D:\gry\tdu2_unpacked\testdrive2.exe FirewallRules: [{F4C8D7C7-2B34-4395-9BA4-C56F3AF134D6}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe FirewallRules: [{C0A43F4A-16A5-4546-B205-983D3D89E8C6}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 3 goty\FalloutLauncher.exe FirewallRules: [{9164CA20-2F04-4A02-842B-A96363A73ED8}] => (Allow) C:\Program Files (x86)\ASUS\ROG Game First III\gameFirst3.exe FirewallRules: [{D3F59934-992E-4B0B-98FE-1FE97C76BFC5}] => (Allow) C:\Program Files (x86)\ASUS\ROG Game First III\gameFirst3.exe FirewallRules: [{B77189DC-88EC-48DE-BBB0-B7A02AA4F6F3}] => (Allow) D:\SteamLibrary\steamapps\common\Metro Last Light\MetroLL.exe FirewallRules: [{8718A35F-5DF5-4FC6-BC02-2C139EBD66BD}] => (Allow) D:\SteamLibrary\steamapps\common\Metro Last Light\MetroLL.exe FirewallRules: [{EA2B8D55-62E1-49A0-BB81-66C78150F879}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior Classic\bin\build.exe FirewallRules: [{AD14599F-D781-4AC1-AAC7-C9C860C09073}] => (Allow) D:\SteamLibrary\steamapps\common\Shadow Warrior Classic\bin\build.exe FirewallRules: [{6CBF135E-0B47-41D2-99E1-31EAB0441BE9}] => (Allow) D:\SteamLibrary\steamapps\common\Colin McRae Rally\CMR.exe FirewallRules: [{445C885E-39BF-4395-A8BC-52E34764FDC2}] => (Allow) D:\SteamLibrary\steamapps\common\Colin McRae Rally\CMR.exe FirewallRules: [{E4EEB767-17F7-40FB-A7D6-6D89C216A86A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valiant Hearts\Valiant Hearts.exe FirewallRules: [{4F475E8A-D13E-476E-81C4-3D62D4948CF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valiant Hearts\Valiant Hearts.exe FirewallRules: [{96606B33-91AF-4B33-B9CD-48D643869D77}] => (Allow) D:\SteamLibrary\steamapps\common\Need For Speed Shift\SHIFT.exe FirewallRules: [{196D123D-1A98-43DC-9DD6-45ED921FE885}] => (Allow) D:\SteamLibrary\steamapps\common\Need For Speed Shift\SHIFT.exe FirewallRules: [{3975606D-950E-4505-8C7E-F05ADD3CBD34}] => (Allow) D:\SteamLibrary\steamapps\common\pCars\pCARS64.exe FirewallRules: [{2E5C645E-B3EC-4D18-B21A-8E105CA4F101}] => (Allow) D:\SteamLibrary\steamapps\common\pCars\pCARS64.exe FirewallRules: [{7D6838DC-D2FE-40CE-9CE0-B198D49D23E2}] => (Allow) D:\SteamLibrary\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe FirewallRules: [{AB9DB1AF-01F9-498D-BB1B-152C7524BCA5}] => (Allow) D:\SteamLibrary\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe FirewallRules: [{861ECA1F-D453-44D3-97E1-CD6D07BB4069}] => (Allow) D:\SteamLibrary\steamapps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe FirewallRules: [{C16178DB-6166-4A5F-9D95-47B403FF904D}] => (Allow) D:\SteamLibrary\steamapps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe FirewallRules: [{BE9D418E-FB4F-4DB5-AFA5-8002C8275E96}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe FirewallRules: [{DBBB8CB2-EBA1-40EB-A7CD-FED571FA8185}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe FirewallRules: [{AF0BA9DB-B9D1-4317-95A7-2ACD9FA3DA84}] => (Allow) D:\SteamLibrary\steamapps\common\35MM\35MM.exe FirewallRules: [{EBC5A172-8E37-4BA8-9FB0-1BBC5D949395}] => (Allow) D:\SteamLibrary\steamapps\common\35MM\35MM.exe FirewallRules: [{80CC0E61-1B22-486F-8F99-989BC1AC5E95}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe FirewallRules: [{656CC04A-509E-4D64-BCA9-C736E2FBE896}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DyingLightGame.exe FirewallRules: [{D65D1B16-AFF8-4594-ADDE-9F60E81AB44C}] => (Allow) D:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe FirewallRules: [{C49D4B37-2389-4475-B154-2C03A7A7D647}] => (Allow) D:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe FirewallRules: [{8F823AE9-5664-4B45-A5BA-19DA41D02E44}] => (Allow) D:\SteamLibrary\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe FirewallRules: [{8DFE035F-3E52-4BDF-840F-D82AFEF5AFBB}] => (Allow) D:\SteamLibrary\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe FirewallRules: [{101A37ED-8E90-4396-8EE7-929D27AC2593}] => (Allow) D:\SteamLibrary\steamapps\common\GiantMachines2017\GiantMachines2017.exe FirewallRules: [{CD1B7698-DD07-416E-9F68-0486EDF3D50D}] => (Allow) D:\SteamLibrary\steamapps\common\GiantMachines2017\GiantMachines2017.exe FirewallRules: [{257B3365-A15F-4A56-969B-C37DD584C152}] => (Allow) D:\SteamLibrary\steamapps\common\ConSim2015\ConSim2015.exe FirewallRules: [{0B428D25-B011-4410-8846-D30C761BE109}] => (Allow) D:\SteamLibrary\steamapps\common\ConSim2015\ConSim2015.exe FirewallRules: [{B0F006A7-9232-4714-9BB7-F690BFCAE1FB}] => (Allow) D:\SteamLibrary\steamapps\common\Construction Machines 2014\ConstructionMachines.exe FirewallRules: [{6744A053-1DFF-40A5-8CF8-7602D8DF1579}] => (Allow) D:\SteamLibrary\steamapps\common\Construction Machines 2014\ConstructionMachines.exe FirewallRules: [{6B40EC17-C8B1-4BA0-AB43-6CB3F103F81C}] => (Allow) D:\SteamLibrary\steamapps\common\Construction Machines 2014\Settings.exe FirewallRules: [{E69FD7B3-D136-4E34-ADF0-825562E5716B}] => (Allow) D:\SteamLibrary\steamapps\common\Construction Machines 2014\Settings.exe FirewallRules: [{5F40B120-E26E-41E9-9C72-0924673FC724}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{AE210CEA-FA4A-4127-9904-965311B708DD}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{11C751A6-1D3B-4D86-8E43-8810C9A04BDE}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe FirewallRules: [{73BA4633-A540-47D7-8F82-13CE6A461A37}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{8246BB7F-1165-4B70-856D-43578EDC6344}] => (Allow) D:\SteamLibrary\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe FirewallRules: [{F644CE1D-4167-4215-8D87-8B717F64EF6B}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe FirewallRules: [{AF8EADF1-5A21-4C52-AD06-5562F772118B}] => (Allow) D:\SteamLibrary\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe FirewallRules: [{85358579-9E30-4215-BE42-11139C88C541}] => (Allow) D:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe FirewallRules: [{A6D49C85-8462-4A49-8ADD-57F4B60D0E0A}] => (Allow) D:\SteamLibrary\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe FirewallRules: [TCP Query User{11B54016-EF6C-4EE5-A063-99BF1E644AE8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{4CDD152B-98ED-4B89-BC50-9E7C64ADA957}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe ==================== Restore Points ========================= 30-05-2017 21:38:30 Scheduled Checkpoint 10-06-2017 21:15:50 Scheduled Checkpoint 13-06-2017 23:03:10 Windows Update ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/19/2017 10:55:24 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/19/2017 10:55:24 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_CacheAgent.exe.Manifest". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/18/2017 10:49:16 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/18/2017 10:49:16 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_CacheAgent.exe.Manifest". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/18/2017 10:35:40 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/18/2017 10:35:40 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_CacheAgent.exe.Manifest". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/18/2017 08:31:10 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/18/2017 08:31:10 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_CacheAgent.exe.Manifest". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/18/2017 12:23:43 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_AudioCacheAgent.exe.Manifest". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/18/2017 12:23:43 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\CyberLink\PhotoDirector5\Kernel\CES\CES_CacheAgent.exe.Manifest". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (06/19/2017 10:51:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/19/2017 10:51:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/19/2017 10:51:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/19/2017 10:51:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/19/2017 08:09:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/19/2017 08:09:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/19/2017 08:09:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/19/2017 08:09:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/18/2017 10:49:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DHVJLVP) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Error: (06/18/2017 10:09:39 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DHVJLVP) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C} and APPID {CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2} to the user DESKTOP-DHVJLVP\Marek SID (S-1-5-21-3448522441-4031563645-3186595796-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-06-19 08:18:17.557 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-19 08:18:15.498 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-19 08:18:14.253 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-06-19 08:18:14.016 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-19 08:18:13.826 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-06-19 08:18:13.820 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-06-19 08:18:13.612 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-19 08:18:13.434 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-06-19 08:18:13.179 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2017-05-02 10:52:45.680 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4720HQ CPU @ 2.60GHz Percentage of memory in use: 40% Total physical RAM: 8141.1 MB Available physical RAM: 4831.28 MB Total Virtual: 13261.1 MB Available Virtual: 9555.43 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:237.72 GB) (Free:151.02 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:607.61 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: F5C0044C) Partition: GPT. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 037A4E0D) Partition: GPT. ==================== End of Addition.txt ============================