Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01 Ran by ULA (2016-01-10 22:21:49) Running from C:\Users\ULA\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2014-11-04 17:59:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-290575239-1943465458-3441839995-500 - Administrator - Disabled) Guest (S-1-5-21-290575239-1943465458-3441839995-501 - Limited - Disabled) ULA (S-1-5-21-290575239-1943465458-3441839995-1000 - Administrator - Enabled) => C:\Users\ULA ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-290575239-1943465458-3441839995-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.) 3DStudio In 18 INT (HKLM\...\063FFF2FFF18FF00FF0701F01F02F000-R1) (Version: 18.0 - Graphisoft) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.0 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated) Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Advanced RAR Password Recovery (remove only) (HKLM-x32\...\Advanced RAR Password Recovery) (Version: - ) ALLPlayer Remote Control (HKLM-x32\...\{146BDBDD-ACD9-4B04-A286-C27471841E8E}_is1) (Version: 1.2 - ALLPlayer Group, Ltd.) ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) ArchiCAD 18 INT (HKLM\...\001FFF2FFF18FF00FF0701F01F02F000-R1) (Version: 18.0 - GRAPHISOFT) Artlantis Studio 5.1.2.4 (64 bit) (HKLM\...\Artlantis Studio 5 (64 bit)) (Version: 5.1.2.4 - Abvent R&D) AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk) Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk) Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk) Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk DWG TrueView 2016 - English (HKLM\...\DWG TrueView 2016 - English) (Version: 20.1.49.0 - Autodesk) Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk) Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform) CDCheck (HKLM-x32\...\CDCheck) (Version: - ) CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation) DraftSight x64 (HKLM\...\{9155EA6C-B377-4509-8C8C-0D6A915F7352}) (Version: 13.0.1081 - Dassault Systemes) DWG TrueView 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo) Energy Management (x32 Version: 7.0.3.4 - Lenovo) Hidden FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.5.116.602 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) IsoBuster 3.6 (HKLM-x32\...\IsoBuster_is1) (Version: 3.6 - Smart Projects) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.0 64 bit - Luxion ApS) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.1206.1 - Vimicro Corporation) Lenovo_Wireless_Driver (HKLM-x32\...\{36CE10BD-A076-4DE3-A8A7-2F61E3FB2E6A}) (Version: 6.20.55.14 - Lenovo) Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech) Malwarebytes Anti-Malware wersja 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pl)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}) (Version: 4.11.9775 - Apache Software Foundation) Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Rhino RDK (HKLM-x32\...\Rhino RDK) (Version: - ) Rhinoceros 4.0 (HKLM-x32\...\{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}) (Version: 4.0.20118 - McNeel & Associates) Rhinoceros 4.0 SR8 (HKLM-x32\...\{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}) (Version: 4.0.50401 - Robert McNeel & Associates) Rhinoceros 5 (64-bit) (HKLM\...\{2E56CC75-611E-4278-9DFE-0912997A1E89}) (Version: 5.9.40609.20145 - Robert McNeel & Associates) RPS AccuRender nXt Libraries (HKLM-x32\...\{71DADD30-6F9F-48DA-9BA5-D7B61A9B2EE1}) (Version: 1.00.0000 - ) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited) SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk) Spotify (HKU\S-1-5-21-290575239-1943465458-3441839995-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN) V-Ray for Rhinoceros 5 x64 adv (HKLM-x32\...\V-Ray for Rhinoceros 5 x64 adv 1.50.22564) (Version: 1.50.22564 - Chaos Software, Ltd) V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd) WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG) WinRAR 5.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.3 - win.rar GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-290575239-1943465458-3441839995-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-290575239-1943465458-3441839995-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-290575239-1943465458-3441839995-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-290575239-1943465458-3441839995-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-290575239-1943465458-3441839995-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-290575239-1943465458-3441839995-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {28AF0AB7-FB63-4194-81EB-DDD535662DA5} - System32\Tasks\HDZBl3zdzGw => C:\Users\ULA\AppData\Roaming\HDZBl3zdzGw.exe <==== ATTENTION Task: {331D1191-9AFB-4D98-9439-542504AD20B8} - System32\Tasks\Ball Form2 => Rundll32.exe "C:\Users\ULA\AppData\Local\Ball Form\{19D38DAE-3F6D-21D0-F254-54920D29AC19}\igwir.dll",#1 <==== ATTENTION Task: {376B4FCF-68D8-4879-965E-530EB9C1395D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.) Task: {3AAFA437-0C80-4829-9551-5B527AFEA063} - System32\Tasks\Nyokwof => C:\PROGRA~1\GROOVE~1\Tiaulh.bat Task: {551CE9A7-F3FD-4E3A-BBEC-1726B71DAF5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-10] (Google Inc.) Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {60AF41BA-30FD-4C74-A3A6-7BF8AB35A9C6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {7D7CC5F4-D179-4138-82B6-DD41B13806C1} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe Task: {8F7C1398-EFFE-4E19-985E-88D218A4D007} - System32\Tasks\Ball Form => Rundll32.exe "C:\Users\ULA\AppData\Local\Ball Form\{19D38DAE-3F6D-21D0-F254-54920D29AC19}\BallForm.dll",#1 <==== ATTENTION Task: {ADE14EAB-33A4-423B-8EC7-5A38E163CF0C} - System32\Tasks\J7tqRVEy => C:\Users\ULA\AppData\Roaming\J7tqRVEy.exe <==== ATTENTION Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {F34645A9-EF01-4AA1-99B4-FABF6DDD0628} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {FC1C3673-0EF6-45E4-9884-8B27FAD0B6A8} - System32\Tasks\AdobeAAMUpdater-1.0-ULA-LAPTOK-ULA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HDZBl3zdzGw.job => C:\Users\ULA\AppData\Roaming\HDZBl3zdzGw.exe <==== ATTENTION Task: C:\Windows\Tasks\J7tqRVEy.job => C:\Users\ULA\AppData\Roaming\J7tqRVEy.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-07-06 14:12 - 2015-02-04 04:56 - 00010952 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-11-04 22:00 - 2015-02-04 03:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-06-06 21:06 - 2012-12-06 18:55 - 00212992 _____ () C:\ProgramData\ASGVIS\Dongle Utilities\startvrlservice.exe 2008-12-20 02:20 - 2015-07-12 11:32 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2012-03-10 15:30 - 2015-07-12 11:32 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll 2008-12-20 02:20 - 2015-07-12 11:32 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll 2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll 2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll 2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll 2015-06-06 21:06 - 2012-06-12 18:53 - 01659904 _____ () C:\ProgramData\ASGVIS\Dongle Utilities\vrlservice.exe 2016-01-10 19:09 - 2016-01-10 19:09 - 00012800 _____ () C:\Users\ULA\AppData\Local\Ball Form\{19D38DAE-3F6D-21D0-F254-54920D29AC19}\igwir.dll 2016-01-10 19:09 - 2016-01-10 19:09 - 00011264 _____ () C:\Users\ULA\AppData\Local\Ball Form\{19D38DAE-3F6D-21D0-F254-54920D29AC19}\{FD97DD04-2B85-03E7-CC29-23FB357678DE}.dat 2016-01-10 19:09 - 2016-01-10 19:09 - 00028160 _____ () C:\Users\ULA\AppData\Local\Ball Form\{19D38DAE-3F6D-21D0-F254-54920D29AC19}\BallForm.dll 2015-07-06 14:12 - 2015-02-04 04:56 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2016-01-10 19:16 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll 2016-01-10 19:16 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll 2016-01-10 19:57 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\ULA\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2016-01-10 19:07 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-290575239-1943465458-3441839995-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ULA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 217.172.224.160 - 89.231.1.206 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: FoxitCloudUpdateService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: LBTServ => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: McNeelUpdate => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: PSI_SVC_2_x64 => 2 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk => C:\Windows\pss\Network Server.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^ULA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hqghumeaylnlf.lnk => C:\Windows\pss\hqghumeaylnlf.lnk.Startup MSCONFIG\startupreg: 331BigDog => C:\Program Files (x86)\USB Camera\VM331_STI.EXE MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ALLPlayer WiFi Remote => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe MSCONFIG\startupreg: ALLUpdate => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: Bluetooth Connection Assistant => LBTWIZ.EXE -silent MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming MSCONFIG\startupreg: Google Update => "C:\Users\ULA\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\ULA\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [TCP Query User{1C4106F4-E65A-42AD-A50D-9206D0F89183}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [UDP Query User{AA2DA85D-89F8-451C-9F35-3C1DB2801C22}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [TCP Query User{EB112BBF-B0AA-4B0C-8CA6-69BF658C657A}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [UDP Query User{85BCB4D2-ECC7-4AB7-88CE-932940C85419}C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe] => (Allow) C:\program files (x86)\allplayer remote\allplayerremotecontrol.exe FirewallRules: [TCP Query User{EEFD3F26-6EFA-4506-9E6C-435860C33133}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Allow) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe FirewallRules: [UDP Query User{324171A9-82E8-40D8-B66F-AA25261418FD}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Allow) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe FirewallRules: [TCP Query User{77AF9920-7A6B-43AC-BF3C-E6EF412ADCF0}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe FirewallRules: [UDP Query User{9848BCE8-1948-40A0-BE0C-5C463935227B}C:\program files\graphisoft\archicad 18\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 18\archicad.exe FirewallRules: [TCP Query User{F51F6C66-02A6-4BF5-A8EE-6CFA295843DB}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Block) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe FirewallRules: [UDP Query User{DC1C0765-43E4-443D-82DB-489A356B1513}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe] => (Block) C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe FirewallRules: [TCP Query User{40404B58-7110-4A8B-BE4D-7E646AF87630}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [UDP Query User{D5E6F437-EC5C-4B7D-B12E-9F9A500AA137}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [TCP Query User{CFE896F2-F024-4160-89C3-D0CCC2D7BBF4}C:\program files\keyshot5\bin\keyshot5.exe] => (Allow) C:\program files\keyshot5\bin\keyshot5.exe FirewallRules: [UDP Query User{EE81D6EC-BC71-4FF4-9702-622FDAC3ADEA}C:\program files\keyshot5\bin\keyshot5.exe] => (Allow) C:\program files\keyshot5\bin\keyshot5.exe FirewallRules: [TCP Query User{7155F2B3-334E-4F1E-9644-586DE2936EC1}C:\program files\keyshot5\bin\keyshot_daemon.exe] => (Allow) C:\program files\keyshot5\bin\keyshot_daemon.exe FirewallRules: [UDP Query User{5BA44CCF-082B-4710-9768-E7B5BB79DB01}C:\program files\keyshot5\bin\keyshot_daemon.exe] => (Allow) C:\program files\keyshot5\bin\keyshot_daemon.exe FirewallRules: [TCP Query User{EECBD655-0A2F-4CA4-9FBC-ADCA73A1410D}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe FirewallRules: [UDP Query User{74EB29BB-2665-4693-BD16-AD22715A514C}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe FirewallRules: [TCP Query User{110C1373-32C9-4963-82E1-E8D3F5E98718}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe FirewallRules: [UDP Query User{203B5DD8-E2C1-4576-917C-0F5289164B77}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe FirewallRules: [TCP Query User{D68C95D1-47E4-4940-855B-E91F85F2F5A1}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [UDP Query User{987403E5-E5E6-4F11-AD24-5D19FBA2089D}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [{70DD0177-C958-4755-B908-881926C79089}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3935E4AF-2B7F-45D1-8F53-C52F5581B332}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{ECE30D61-6EEA-4FF0-AAE0-539BDFCD16B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{1E738D9D-5015-45CF-BFA6-B21D57F841A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{B07EBE23-7CCA-485B-91BE-5E4532C52142}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{843FBA3D-743F-42D5-8D8A-5C0C45D93678}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{75BEEAEA-DB54-4235-A8E3-B6F78CB05EAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EB11FAD5-493D-4B68-8DC8-F723868B41DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{8118DBDE-9A6F-4651-86F9-EB8E1F349403}C:\users\ula\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ula\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{C43BCABC-CDEE-4A19-BBC8-EFE7D6D3C46A}C:\users\ula\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ula\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{A59A260A-70C1-45FD-B1FF-11C03349B2EF}C:\users\ula\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ula\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{75B3CBC2-422A-4B56-A29E-41F994446245}C:\users\ula\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ula\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{24E2E62D-2176-4121-BBB0-315B9464806F}C:\program files\graphisoft\archicad 18\licensefilegenerator.exe] => (Allow) C:\program files\graphisoft\archicad 18\licensefilegenerator.exe FirewallRules: [UDP Query User{F16F047A-4704-465B-A58E-50CD639ECE7D}C:\program files\graphisoft\archicad 18\licensefilegenerator.exe] => (Allow) C:\program files\graphisoft\archicad 18\licensefilegenerator.exe FirewallRules: [{2806D6AA-EB67-47C3-889B-4E08C86EF0C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 06-01-2016 01:39:15 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/10/2016 07:50:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program dlmgn.exe version 3.1.50.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2098 Start Time: 01d14bd7901c6aad Termination Time: 16 Application Path: C:\Users\ULA\AppData\Local\Temp\nscFBD1.tmp\dlmgn.exe Report Id: Error: (01/10/2016 07:49:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program TUTOBUN.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2194 Start Time: 01d14bd78b1240d8 Termination Time: 0 Application Path: C:\Users\ULA\AppData\Local\Temp\is-4DAGT.tmp\TUTOBUN.tmp Report Id: Error: (01/10/2016 07:46:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program dlmgn.exe version 3.1.50.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 198c Start Time: 01d14bd702eb33fc Termination Time: 16 Application Path: C:\Users\ULA\AppData\Local\Temp\nsq5ED7.tmp\dlmgn.exe Report Id: Error: (01/10/2016 07:46:21 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program gentlemjmp_ieu.tmp version 51.52.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1f84 Start Time: 01d14bd6f7afb5b1 Termination Time: 0 Application Path: C:\Users\ULA\AppData\Local\Temp\is-P7VHA.tmp\gentlemjmp_ieu.tmp Report Id: Error: (01/10/2016 07:35:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BrowserHelper.exe, version: 1.8.1.0, time stamp: 0x5628b2eb Faulting module name: BrowserHelper.exe, version: 1.8.1.0, time stamp: 0x5628b2eb Exception code: 0xc0000005 Fault offset: 0x00027ca5 Faulting process id: 0x2aac Faulting application start time: 0xBrowserHelper.exe0 Faulting application path: BrowserHelper.exe1 Faulting module path: BrowserHelper.exe2 Report Id: BrowserHelper.exe3 Error: (01/10/2016 07:25:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BrowserHelper.exe, version: 1.8.1.0, time stamp: 0x5628b2eb Faulting module name: BrowserHelper.exe, version: 1.8.1.0, time stamp: 0x5628b2eb Exception code: 0xc0000005 Fault offset: 0x00027ca5 Faulting process id: 0x1c60 Faulting application start time: 0xBrowserHelper.exe0 Faulting application path: BrowserHelper.exe1 Faulting module path: BrowserHelper.exe2 Report Id: BrowserHelper.exe3 Error: (01/10/2016 07:15:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BrowserHelper.exe, version: 1.8.1.0, time stamp: 0x5628b2eb Faulting module name: BrowserHelper.exe, version: 1.8.1.0, time stamp: 0x5628b2eb Exception code: 0xc0000005 Fault offset: 0x00027ca5 Faulting process id: 0x2b90 Faulting application start time: 0xBrowserHelper.exe0 Faulting application path: BrowserHelper.exe1 Faulting module path: BrowserHelper.exe2 Report Id: BrowserHelper.exe3 Error: (01/08/2016 12:05:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: vlc.exe, version: 2.2.0.0, time stamp: 0x00000004 Faulting module name: libqt4_plugin.dll, version: 2.2.0.0, time stamp: 0x00020002 Exception code: 0x40000015 Fault offset: 0x007c915a Faulting process id: 0x2b0c Faulting application start time: 0xvlc.exe0 Faulting application path: vlc.exe1 Faulting module path: vlc.exe2 Report Id: vlc.exe3 Error: (01/06/2016 01:13:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: vlc.exe, version: 2.2.0.0, time stamp: 0x00000004 Faulting module name: libqt4_plugin.dll, version: 2.2.0.0, time stamp: 0x00020002 Exception code: 0x40000015 Fault offset: 0x007c915a Faulting process id: 0x196c Faulting application start time: 0xvlc.exe0 Faulting application path: vlc.exe1 Faulting module path: vlc.exe2 Report Id: vlc.exe3 Error: (12/29/2015 06:56:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program napisy.exe version 2.2.0.2399 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 15ac Start Time: 01d142617e16cd1e Termination Time: 14 Application Path: C:\Program Files (x86)\NapiProjekt\napisy.exe Report Id: 74885e1f-ae55-11e5-bbfd-b888e37323bf System errors: ============= Error: (01/10/2016 09:52:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (01/10/2016 09:52:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (01/10/2016 09:51:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (01/10/2016 09:51:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (01/10/2016 09:50:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Confirm Soften service terminated unexpectedly. It has done this 1 time(s). Error: (01/10/2016 09:50:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Usługa Google Update (gupdate) service terminated unexpectedly. It has done this 1 time(s). Error: (01/10/2016 09:50:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (01/10/2016 09:50:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Free Space Decimal Point service terminated unexpectedly. It has done this 1 time(s). Error: (01/10/2016 09:50:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Replicate Exit service terminated unexpectedly. It has done this 1 time(s). Error: (01/10/2016 09:50:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TDataSvr service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-01-10 19:42:07.841 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-10 19:42:07.841 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-10 19:11:00.764 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ShopperPro3\spbiw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-01-10 19:11:00.764 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ShopperPro3\spbiw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-01-10 19:09:47.132 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ShopperPro3\spbiw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-01-10 19:09:47.054 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ShopperPro3\spbiw.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-01-10 19:08:56.042 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10630\jsdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-01-10 19:08:56.042 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10630\jsdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 46% Total physical RAM: 3995.28 MB Available physical RAM: 2128.63 MB Total Virtual: 7988.75 MB Available Virtual: 5983.14 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:14.94 GB) NTFS Drive d: () (Fixed) (Total:831.29 GB) (Free:607.38 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 6A283CF0) Partition: GPT. ==================== End of Addition.txt ============================