Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01 Ran by Kamilek at 2014-12-15 11:38:56 Running from C:\Users\Kamilek\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4149911832-1280355507-2845254537-1001\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Arduino (HKLM-x32\...\Arduino) (Version: 1.0.6 - Arduino LLC) AutoCAD 2014 — Polski (Polish) (Version: 19.1.18.0 - Autodesk) Hidden AutoCAD 2014 Language Pack – Polski (Polish) (Version: 19.1.18.0 - Autodesk) Hidden Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk) Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk) Autodesk AutoCAD 2014 — Polski (Polish) (HKLM\...\AutoCAD 2014 — Polski (Polish)) (Version: 19.1.18.0 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk) Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk) Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.) Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Dodatek Autodesk Inventor Fusion dla programu AutoCAD 2013) (Version: 0.2.0.230 - Autodesk) Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB) blueconnect (HKLM-x32\...\blueconnect) (Version: 11.302.09.06.49 - Huawei Technologies Co.,Ltd) Caesar 3 (HKLM-x32\...\Caesar 3) (Version: - ) Caesar 3 Demo (HKLM-x32\...\Caesar 3 Demo) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{C0C47F85-F48F-4709-9150-3FA62FA2DEAF}) (Version: 2.6.1000.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell System Detect (HKU\S-1-5-21-4149911832-1280355507-2845254537-1001\...\73f463568823ebbe) (Version: 5.11.0.3 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.13.5 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{7E07B3E7-9A66-41F3-A91D-EC2CCE14E5B9}) (Version: 1.1.1072.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.8.3 - Bloodshed Software) Dodatek Autodesk Inventor Fusion dla programu AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden Dodatek Autodesk Inventor Fusion Language Pack dla programu AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden doPDF (Version: 8.1.920 - Softland) Hidden doPDF 8 (HKLM-x32\...\{7ced5c6b-4b09-4bd7-8707-b3cce8eead22}) (Version: 8.1.920 - Softland) DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games) Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) ipla 2.8.4 (HKLM-x32\...\ipla) (Version: 2.8.4 - Redefine Sp z o.o.) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle) MATLAB R2010a (HKLM\...\MatlabR2010a) (Version: 7.10 - The MathWorks, Inc.) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation) Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{17BD99A4-9C11-47D4-91AF-8814DD3FFCC2}) (Version: 8.1.920 - Softland) novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{B6E0BB99-B532-4EC1-9D84-ACC8CED590B3}) (Version: 8.1.920 - Softland) novaPDF 8 Printer Driver (HKLM\...\{3A1637B5-233D-47B1-B89F-EBF718C04CFD}) (Version: 8.1.920 - Softland) Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.) Pelles C for Windows (HKLM-x32\...\PellesC) (Version: 7.00 - Pelle Orinius) Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Shockwave (HKLM-x32\...\Shockwave) (Version: - ) Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - ) SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk) System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC) Unity Web Player (HKU\S-1-5-21-4149911832-1280355507-2845254537-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) WinRAR 5.01 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4149911832-1280355507-2845254537-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> K:\Autocad\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4149911832-1280355507-2845254537-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> K:\Autocad\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4149911832-1280355507-2845254537-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\WINDOWS\system32\igfxEM.exe" No File CustomCLSID: HKU\S-1-5-21-4149911832-1280355507-2845254537-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> K:\Autocad\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-4149911832-1280355507-2845254537-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> K:\Autocad\AutoCAD 2014\pl-PL\acadficn.dll (Autodesk, Inc.) ==================== Restore Points ========================= 21-10-2014 15:20:41 Windows Update 15-11-2014 14:34:19 Windows Update 19-11-2014 20:41:39 Windows Update 27-11-2014 23:23:46 doPDF 8 27-11-2014 23:24:32 doPDF 8 14-12-2014 12:40:21 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {22F0AF98-ADE8-4B73-BFAE-C088383127A3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Kamil-Kamilek Kamil => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation) Task: {2AA45E4C-9894-44BC-8D09-C9CE16814DD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.) Task: {30B175FF-73D8-47F8-B47F-A759AE348668} - System32\Tasks\RunAsStdUser Task => k:\matlab\MATLAB R2010a.lnk [2014-10-14] () Task: {3EE73E97-0960-41DE-B214-21333D9797DF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4149911832-1280355507-2845254537-1001Core => C:\Users\Kamilek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-17] (Facebook Inc.) Task: {41AB3A1A-1F25-48C8-886E-523BDB265050} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4149911832-1280355507-2845254537-1001UA => C:\Users\Kamilek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-17] (Facebook Inc.) Task: {5D172E1B-1466-42DF-97DE-FB40563FDC71} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-06-06] (PC-Doctor, Inc.) Task: {6FBF758E-8D09-4718-853C-7BA93F5B71BD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {7D469083-AAFB-4FFD-AB13-0AF30806B7A4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {82C55EE7-FCAC-414C-B307-E758B121EF39} - System32\Tasks\{8ABC4C87-250F-4808-B9DD-54DA63420032} => pcalua.exe -a C:\Users\Kamilek\AppData\Local\WebPlayer\uninstall.exe -c _?=C:\Users\Kamilek\AppData\Local\WebPlayer\FLV Player Task: {8949EC64-F0D3-4BD5-8373-B818FB4EAB8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.) Task: {9BE7AA4C-31A2-41D5-89CB-7D66A7ACBE26} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-06-06] (PC-Doctor, Inc.) Task: {A1F3952F-3BD3-41FC-975C-45CA31FB482E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {AC5DDF52-C133-4297-9BA4-7ACBD7B8E721} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {BC6DE1F2-9425-4A20-A929-4E9AA1DBFF81} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Kamilek\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION Task: {C2CF4409-B347-486A-BC03-F09175801F7F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-14] (Microsoft Corporation) Task: {CA1FEEB1-2E17-451F-8CB3-56A3850AB3F3} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-11-21] () Task: {DFEA78A1-51BA-4CD6-A9D2-083AD3A9BC02} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {EB34A6B7-2D1B-45E0-A519-2D4943EF1ABF} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.) Task: {F055D490-190C-4BEC-97CB-87C66E3A9533} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-05] (Synaptics Incorporated) Task: {FAEC7127-BB17-43AB-A922-BF41A1C461B9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4149911832-1280355507-2845254537-1001Core.job => C:\Users\Kamilek\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4149911832-1280355507-2845254537-1001UA.job => C:\Users\Kamilek\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-21 20:06 - 2014-11-21 20:06 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll 2014-11-21 20:06 - 2014-11-21 20:06 - 00032032 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll 2014-11-21 20:06 - 2014-11-21 20:06 - 00026912 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll 2014-07-04 18:18 - 2014-07-04 18:20 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2013-02-28 18:14 - 2013-02-28 18:14 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-02-28 18:11 - 2013-02-28 18:11 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2013-02-28 18:15 - 2013-02-28 18:15 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2013-10-03 00:19 - 2013-11-22 00:22 - 00484880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2014-04-17 21:13 - 2014-04-17 21:13 - 00080896 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraPlk.dll 2013-03-07 21:32 - 2013-03-07 21:32 - 00292272 _____ () C:\Users\Kamilek\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll 2013-03-07 21:32 - 2013-03-07 21:32 - 21014960 _____ () C:\Users\Kamilek\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll 2013-03-07 21:32 - 2013-03-07 21:32 - 00179632 _____ () C:\Users\Kamilek\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll 2014-10-08 23:43 - 2013-12-11 06:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2013-12-20 22:32 - 2013-11-21 22:00 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2013-10-03 00:19 - 2012-11-25 22:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2013-10-03 00:19 - 2012-11-25 22:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2014-12-12 12:58 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-12 12:58 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-12 12:58 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-12 12:58 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2014-12-12 12:58 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:A1EDB939 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Autodesk Content Service => 2 HKLM\...\StartupApproved\Run32: => "fst_pl_130" HKU\S-1-5-21-4149911832-1280355507-2845254537-1001\...\StartupApproved\StartupFolder: => "_uninst_49378322.lnk" HKU\S-1-5-21-4149911832-1280355507-2845254537-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" HKU\S-1-5-21-4149911832-1280355507-2845254537-1001\...\StartupApproved\Run: => "Autodesk Sync" HKU\S-1-5-21-4149911832-1280355507-2845254537-1001\...\StartupApproved\Run: => "Raptr" HKU\S-1-5-21-4149911832-1280355507-2845254537-1001\...\StartupApproved\Run: => "uTorrent" ========================= Accounts: ========================== Administrator (S-1-5-21-4149911832-1280355507-2845254537-500 - Administrator - Disabled) Gość (S-1-5-21-4149911832-1280355507-2845254537-501 - Limited - Disabled) Kamilek (S-1-5-21-4149911832-1280355507-2845254537-1001 - Administrator - Enabled) => C:\Users\Kamilek ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/13/2014 04:56:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (12/13/2014 04:56:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (12/13/2014 04:56:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (12/12/2014 01:09:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.3.9600.17284, sygnatura czasowa: 0x53f816dc Nazwa modułu powodującego błąd: QtCore_Ad_SyncNs_4.dll_unloaded, wersja: 4.8.2.0, sygnatura czasowa: 0x50d3fca7 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000000265fe Identyfikator procesu powodującego błąd: 0x5dc Godzina uruchomienia aplikacji powodującej błąd: 0xExplorer.EXE0 Ścieżka aplikacji powodującej błąd: Explorer.EXE1 Ścieżka modułu powodującego błąd: Explorer.EXE2 Identyfikator raportu: Explorer.EXE3 Pełna nazwa pakietu powodującego błąd: Explorer.EXE4 Identyfikator aplikacji względem pakietu powodującego błąd: Explorer.EXE5 Error: (12/12/2014 00:23:41 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program Explorer.EXE w wersji 6.3.9600.17284 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania. Identyfikator procesu: 9d4 Godzina rozpoczęcia: 01d0157c906554da Godzina zakończenia: 0 Ścieżka aplikacji: C:\WINDOWS\Explorer.EXE Identyfikator raportu: 9f824aa1-818c-11e4-80b4-74867a428c15 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error: (12/11/2014 08:47:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (12/11/2014 08:47:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (12/11/2014 08:47:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (12/10/2014 06:59:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.3.9600.17284, sygnatura czasowa: 0x53f816dc Nazwa modułu powodującego błąd: QtCore_Ad_SyncNs_4.dll_unloaded, wersja: 4.8.2.0, sygnatura czasowa: 0x50d3fca7 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000000265fe Identyfikator procesu powodującego błąd: 0x718 Godzina uruchomienia aplikacji powodującej błąd: 0xExplorer.EXE0 Ścieżka aplikacji powodującej błąd: Explorer.EXE1 Ścieżka modułu powodującego błąd: Explorer.EXE2 Identyfikator raportu: Explorer.EXE3 Pełna nazwa pakietu powodującego błąd: Explorer.EXE4 Identyfikator aplikacji względem pakietu powodującego błąd: Explorer.EXE5 Error: (12/10/2014 06:58:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: poide64.exe, wersja: 7.0.355.0, sygnatura czasowa: 0x505e6ded Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.3.9600.17278, sygnatura czasowa: 0x53eebd22 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000000231da Identyfikator procesu powodującego błąd: 0xc48 Godzina uruchomienia aplikacji powodującej błąd: 0xpoide64.exe0 Ścieżka aplikacji powodującej błąd: poide64.exe1 Ścieżka modułu powodującego błąd: poide64.exe2 Identyfikator raportu: poide64.exe3 Pełna nazwa pakietu powodującego błąd: poide64.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: poide64.exe5 System errors: ============= Error: (12/15/2014 10:15:59 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 00:17:15 na ‎2014-‎12-‎15 było nieoczekiwane. Error: (12/14/2014 04:04:46 PM) (Source: DCOM) (EventID: 10010) (User: Kamil) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (12/14/2014 11:01:24 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 23:12:08 na ‎2014-‎12-‎13 było nieoczekiwane. Error: (12/13/2014 00:32:07 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 20:07:24 na ‎2014-‎12-‎12 było nieoczekiwane. Error: (12/12/2014 00:07:23 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 00:14:27 na ‎2014-‎12-‎12 było nieoczekiwane. Error: (12/11/2014 06:21:58 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 22:43:38 na ‎2014-‎12-‎10 było nieoczekiwane. Error: (12/10/2014 10:03:37 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 22:20:22 na ‎2014-‎12-‎09 było nieoczekiwane. Error: (12/09/2014 04:20:20 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 13:27:37 na ‎2014-‎12-‎09 było nieoczekiwane. Error: (12/09/2014 10:07:37 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 00:07:36 na ‎2014-‎12-‎09 było nieoczekiwane. Error: (12/08/2014 10:45:00 PM) (Source: DCOM) (EventID: 10010) (User: Kamil) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Microsoft Office Sessions: ========================= Error: (12/13/2014 04:56:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: WmiApRplWmiApRpl8F2030000E5050000 Error: (12/13/2014 04:56:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance163707000000000000000000008F020000 Error: (12/13/2014 04:56:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance163707000000000000000000008F020000 Error: (12/12/2014 01:09:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.3.9600.1728453f816dcQtCore_Ad_SyncNs_4.dll_unloaded4.8.2.050d3fca7c000000500000000000265fe5dc01d015fe4ecdfda8C:\WINDOWS\Explorer.EXEQtCore_Ad_SyncNs_4.dllabecdad4-81f7-11e4-80b5-74867a428c15 Error: (12/12/2014 00:23:41 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.3.9600.172849d401d0157c906554da0C:\WINDOWS\Explorer.EXE9f824aa1-818c-11e4-80b4-74867a428c15 Error: (12/11/2014 08:47:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: WmiApRplWmiApRpl8F2030000E5050000 Error: (12/11/2014 08:47:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance163707000000000000000000008F020000 Error: (12/11/2014 08:47:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance163707000000000000000000008F020000 Error: (12/10/2014 06:59:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.3.9600.1728453f816dcQtCore_Ad_SyncNs_4.dll_unloaded4.8.2.050d3fca7c000000500000000000265fe71801d0145848934182C:\WINDOWS\Explorer.EXEQtCore_Ad_SyncNs_4.dll45202ec3-8096-11e4-80b3-74867a428c15 Error: (12/10/2014 06:58:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: poide64.exe7.0.355.0505e6dedntdll.dll6.3.9600.1727853eebd22c000000500000000000231dac4801d01491a2b41761K:\PellesC\Bin\poide64.exeC:\WINDOWS\SYSTEM32\ntdll.dll202e78c7-8096-11e4-80b3-74867a428c15 CodeIntegrity Errors: =================================== Date: 2014-11-15 13:11:31.448 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-15 13:11:31.054 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-15 13:11:30.655 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-15 13:11:30.137 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-15 13:11:29.694 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-15 13:11:28.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-15 13:11:27.797 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-15 13:11:27.304 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-15 13:11:26.841 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-11-11 12:18:25.987 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz Percentage of memory in use: 13% Total physical RAM: 16264.96 MB Available physical RAM: 14019.26 MB Total Pagefile: 18696.96 MB Available Pagefile: 16276.89 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (Dysk) (Fixed) (Total:317.53 GB) (Free:233.58 GB) NTFS Drive g: (SAMSUNG) (Fixed) (Total:465.75 GB) (Free:19.09 GB) NTFS Drive k: (Dysk) (Fixed) (Total:601.69 GB) (Free:522.04 GB) NTFS Drive x: () (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:10.72 GB) (Free:0.72 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 534FE6DB) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 6D60B89B) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================