Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-12-2015 Ran by tomicher (2015-12-14 20:39:19) Running from C:\Users\tomicher\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2015-06-09 13:38:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4200013936-444429621-2781623297-500 - Administrator - Disabled) Guest (S-1-5-21-4200013936-444429621-2781623297-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4200013936-444429621-2781623297-1002 - Limited - Enabled) tomicher (S-1-5-21-4200013936-444429621-2781623297-1000 - Administrator - Enabled) => C:\Users\tomicher ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4200013936-444429621-2781623297-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) 3nity CD DVD Burner version 3.4.0.28 (HKLM-x32\...\{49310D8B-AF88-4212-B745-4A05BA4B3988}_is1) (Version: 3.4.0.28 - 3nity Softwares) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated) Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated) Alcohol 120% (HKLM-x32\...\Alcohol 120%) (Version: - Alcohol Soft Development Team) Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) CEWE Fotoswiat (HKLM-x32\...\CEWE Fotoswiat) (Version: 5.1.8 - CEWE Stiftung u Co. KGaA) DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd) DiMAGE Scan ver 1.1 (HKLM-x32\...\{AFB2133B-BCEE-49E5-AB1D-F54E7798D533}) (Version: - ) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson User's Guide EPSON Perfection V700 Photo (HKLM-x32\...\EPSON Perfection V700 Photo Useg) (Version: - ) FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse) Fliqlo Screen Saver (HKLM-x32\...\Fliqlo) (Version: - ) foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski) FotoWare FotoStation 7.0 (HKLM-x32\...\{6173880E-D797-4887-807C-3B7C95A7D937}) (Version: 7.0.438.3795 - FotoWare as) HWiNFO64 Version 5.06 (HKLM\...\HWiNFO64_is1) (Version: 5.06 - Martin Malík - REALiX) i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.6.1 - X-Rite) iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - ) Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm) Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.0 - Red Giant Software) Magic Bullet Suite 64-bit (Version: 11.4.0 - Red Giant Software) Hidden Magic Mouse Utilities version 1.1 (HKLM-x32\...\{F659CE9D-CA4B-43AA-8C32-D523CD955494}_is1) (Version: 1.1 - AnimGraph) MediaHuman Audio Converter wersja 1.9.5.1 (HKLM-x32\...\MediaHuman Audio Converter_is1) (Version: 1.9.5.1 - MediaHuman) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Camera Codec Pack (HKLM\...\{7C19409A-4C5A-49E9-B601-07383E4B6E37}) (Version: 6.3.9723.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pl)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM\...\{90150000-001F-0415-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden ph (x32 Version: 1.0.0 - Your Company Name) Hidden Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) Silver Efex Pro 2 (HKLM-x32\...\Silver Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.) SilverFast 8.0.1r16 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.0.1r16 - LaserSoft Imaging AG) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-4200013936-444429621-2781623297-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.14 - Vector Magic, Inc.) VueScan x64 (HKLM\...\VueScan x64) (Version: - ) Windows Driver Package - Apple Inc. Apple Wireless Mouse (04/12/2010 3.1.0.0) (HKLM\...\472107EF594AC9CEB5B41781BDA301442D69A0AB) (Version: 04/12/2010 3.1.0.0 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.) Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v1.9 (HKLM\...\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultima~F01B7ED7_is1) (Version: v1.9 - ) WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) X-Rite Device Services Manager (HKLM-x32\...\{36E19D34-6BA7-4BD1-B5CB-7B0DA85713C4}) (Version: 2.3.101 - X-Rite) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 13-12-2015 16:54:14 Windows Update 14-12-2015 20:19:37 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-12-14 20:22 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08DE32E4-32BD-40CE-B183-2902A7E3E364} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {0CEFE13E-052F-4CF9-BA8C-B8429A7A4DB9} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2015-03-05] (X-Rite Inc.) Task: {0ECD02C3-AC08-415F-9182-DFB9A8E6EA0F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-09] (Dropbox, Inc.) Task: {28E4D532-91B7-4B19-B5B9-9CFE34F4D51A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {38646570-B456-4BBA-ABB4-302F327151BC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-06-10] () Task: {5C48BEFB-9BF8-48EA-B4F2-35F25F06AAFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {6F67AC0E-2EED-49BD-B660-C11EDF37E8DC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-09] (Dropbox, Inc.) Task: {A6DB0C11-BF37-4DDE-996F-ADF9D3FB23CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {C354A6DB-5CB2-4698-987E-A76292436B4B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {C89E6D1A-A4AF-4C29-9A97-903DD764BDB5} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] () Task: {DAB0ACD0-76E7-43FC-BA0C-501777499459} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-09-23 15:39 - 2012-09-18 14:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll 2015-09-23 15:39 - 2012-09-18 14:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll 2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-06-23 15:06 - 2014-06-23 15:06 - 01588224 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll 2014-06-23 15:06 - 2014-06-23 15:06 - 02633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll 2015-06-09 16:45 - 2015-12-14 19:35 - 50679920 _____ () C:\Users\tomicher\AppData\Roaming\Spotify\libcef.dll 2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-12-13 16:59 - 2015-10-31 01:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2015-12-13 16:59 - 2015-10-31 01:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2015-12-13 16:59 - 2015-12-08 22:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2015-12-13 16:59 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2015-12-13 16:59 - 2015-12-08 22:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2015-06-09 22:51 - 2015-10-31 02:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-06-09 22:51 - 2015-10-31 02:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 22:10 - 2015-10-31 02:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-09 22:51 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-06-09 16:45 - 2015-12-14 19:35 - 01882224 _____ () C:\Users\tomicher\AppData\Roaming\Spotify\libglesv2.dll 2015-06-09 16:45 - 2015-12-14 19:35 - 00082544 _____ () C:\Users\tomicher\AppData\Roaming\Spotify\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\Users\tomicher\Desktop\2x3-3.jpg:com.dropbox.attributes AlternateDataStreams: C:\Users\tomicher\Desktop\itf-12.jpg:com.dropbox.attributes AlternateDataStreams: C:\Users\tomicher\AppData\Local\Temporary Internet Files:ZwIF55s4FoSaLBgyRBV62vD0 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-4200013936-444429621-2781623297-1000\...\skype.com -> hxxps://apps.skype.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4200013936-444429621-2781623297-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tomicher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{CBE0FEFE-2D1A-412F-ABA4-2120C200F3C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AFE29DC9-596D-4A68-9194-887548B90008}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E34727AF-CD92-4C90-938D-6A13D3272000}] => (Allow) C:\Users\tomicher\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5489C644-B840-4C99-86F4-34EBE7205683}] => (Allow) C:\Users\tomicher\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{76BE6A35-5EAA-4829-B0BB-9E5E7EE777F5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{11256C6E-ECBF-4EF4-A807-3F9D8212872A}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{E601FA17-8182-4B2D-94FB-4C57228C01C8}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{EC33D487-4E49-4D80-A9E8-526CC2F7E811}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{ACAB34FD-4838-46AF-B0C2-D5E7E42229A7}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [{B6A78008-24F9-4A2C-AC1D-1AF27B60A9B3}] => (Allow) C:\Windows.BackUp\asapvcm.exe FirewallRules: [{FF47373A-E6F7-4A78-8D7E-6B5DE237542B}] => (Allow) C:\Windows.BackUp\asapvcm.exe FirewallRules: [{42464C50-215A-47FE-8F71-37871C21BCA2}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{ABB9AFC6-CF9C-487A-8ED2-8BCC08DC75FD}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [TCP Query User{1847BCD5-508F-4BAE-A43E-BBB8C0D7B736}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{904DFA8A-EBBB-4653-833B-E80A0DB63182}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{D7E2BB6F-CE67-431E-B7CE-0960A3EFFDF3}] => (Allow) LPort=5454 FirewallRules: [{CF506E64-85F1-44A0-B4B7-28B1AA500658}] => (Allow) C:\Windows\system32\hasplms.exe FirewallRules: [TCP Query User{3B851B9E-4B55-43FE-8DB1-FFA6FD4EFB44}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{0F54DA7C-52EC-4924-8213-796891A6086F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{488A4883-FEB7-4B13-9D1C-795178C96912}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe FirewallRules: [UDP Query User{5E76BC27-EFDC-4503-8221-8531E9FDA042}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe FirewallRules: [{5C6D4CBB-1734-4275-BE03-8E15140016DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7FA3FF73-BE6C-4020-A30C-BE15F0593A0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7B2CFA31-8C3D-46FC-A301-9E088CFF3DD7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{57E69F92-98B6-4508-9123-1660380A8FA0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5BAFAA96-EA5F-4F77-8B42-3EF207F2797C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A8627BDE-D42F-4C73-AD8B-26122343520F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8569B66A-CBAE-4450-8179-02930CAC5C30}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{53413858-082E-4343-B159-74D7FBB6B05A}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/14/2015 08:29:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (12/14/2015 08:29:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (12/14/2015 08:29:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (12/14/2015 08:17:37 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Access is denied. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {d74fa59a-7e2c-40ef-be10-da299f713690} Error: (12/14/2015 08:09:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (12/14/2015 08:09:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (12/14/2015 08:09:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (12/14/2015 07:38:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (12/14/2015 07:38:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (12/14/2015 07:38:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. System errors: ============= Error: (12/14/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Software Protection niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (12/14/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Media Player Network Sharing Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (12/14/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (12/14/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Usługa iPod niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (12/14/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Modules Installer niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (12/14/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Installer niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (12/14/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Epson Scanner Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (12/14/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa X-Rite Device Services Manager niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 15000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. Error: (12/14/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa WdMan Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (12/14/2015 08:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa SSFK niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz Percentage of memory in use: 33% Total physical RAM: 7158.12 MB Available physical RAM: 4740.42 MB Total Virtual: 14314.44 MB Available Virtual: 11669.46 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:111.69 GB) (Free:17.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7DB60B98) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================