Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016 Ran by tomicher (2016-02-01 16:26:40) Running from C:\Users\tomicher\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2015-06-09 13:38:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4200013936-444429621-2781623297-500 - Administrator - Disabled) Guest (S-1-5-21-4200013936-444429621-2781623297-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4200013936-444429621-2781623297-1002 - Limited - Enabled) tomicher (S-1-5-21-4200013936-444429621-2781623297-1000 - Administrator - Enabled) => C:\Users\tomicher ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4200013936-444429621-2781623297-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) 3nity CD DVD Burner version 3.4.0.28 (HKLM-x32\...\{49310D8B-AF88-4212-B745-4A05BA4B3988}_is1) (Version: 3.4.0.28 - 3nity Softwares) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated) Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated) Alcohol 120% (HKLM-x32\...\Alcohol 120%) (Version: - Alcohol Soft Development Team) Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.5.1.1 - Canon Inc.) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) CEWE Fotoswiat (HKLM-x32\...\CEWE Fotoswiat) (Version: 5.1.8 - CEWE Stiftung u Co. KGaA) DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd) DiMAGE Scan ver 1.1 (HKLM-x32\...\{AFB2133B-BCEE-49E5-AB1D-F54E7798D533}) (Version: - ) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson User's Guide EPSON Perfection V700 Photo (HKLM-x32\...\EPSON Perfection V700 Photo Useg) (Version: - ) FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse) Fliqlo Screen Saver (HKLM-x32\...\Fliqlo) (Version: - ) foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski) Foto E-Net 3.67 (HKLM-x32\...\{8DFB54CE-49AA-4812-B4BF-866445F752D9}) (Version: - ) FotoWare FotoStation 7.0 (HKLM-x32\...\{6173880E-D797-4887-807C-3B7C95A7D937}) (Version: 7.0.438.3795 - FotoWare as) HWiNFO64 Version 5.06 (HKLM\...\HWiNFO64_is1) (Version: 5.06 - Martin Malík - REALiX) i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.6.1 - X-Rite) iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation) KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version: - ) Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm) Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.0 - Red Giant Software) Magic Bullet Suite 64-bit (Version: 11.4.0 - Red Giant Software) Hidden Magic Mouse Utilities version 1.1 (HKLM-x32\...\{F659CE9D-CA4B-43AA-8C32-D523CD955494}_is1) (Version: 1.1 - AnimGraph) MediaHuman Audio Converter wersja 1.9.5.1 (HKLM-x32\...\MediaHuman Audio Converter_is1) (Version: 1.9.5.1 - MediaHuman) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Camera Codec Pack (HKLM\...\{7C19409A-4C5A-49E9-B601-07383E4B6E37}) (Version: 6.3.9723.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 43.0.4 (x86 pl) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 pl)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM\...\{90150000-001F-0415-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Neat Video for Premiere (HKLM\...\Neat Video for Premiere_is1) (Version: 3.5 - ABSoft) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden ph (x32 Version: 1.0.0 - Your Company Name) Hidden Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Kakao Corp.) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) Silver Efex Pro 2 (HKLM-x32\...\Silver Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.) SilverFast 8.0.1r16 (64bit) (HKLM-x32\...\SilverFast 8 x64) (Version: 8.0.1r16 - LaserSoft Imaging AG) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-4200013936-444429621-2781623297-1000\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.14 - Vector Magic, Inc.) VueScan x64 (HKLM\...\VueScan x64) (Version: - ) Windows Driver Package - Apple Inc. Apple Wireless Mouse (04/12/2010 3.1.0.0) (HKLM\...\472107EF594AC9CEB5B41781BDA301442D69A0AB) (Version: 04/12/2010 3.1.0.0 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.) Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v1.9 (HKLM\...\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultima~F01B7ED7_is1) (Version: v1.9 - ) WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) X-Rite Device Services Manager (HKLM-x32\...\{36E19D34-6BA7-4BD1-B5CB-7B0DA85713C4}) (Version: 2.3.101 - X-Rite) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08DE32E4-32BD-40CE-B183-2902A7E3E364} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {0CEFE13E-052F-4CF9-BA8C-B8429A7A4DB9} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2015-03-05] (X-Rite Inc.) Task: {0ECD02C3-AC08-415F-9182-DFB9A8E6EA0F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-09] (Dropbox, Inc.) Task: {168F41DB-32D8-43CE-BC48-C8C22CA904D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {28E4D532-91B7-4B19-B5B9-9CFE34F4D51A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {38646570-B456-4BBA-ABB4-302F327151BC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-06-10] () Task: {4761ACDE-6CCF-4138-8170-E7A85E54B195} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {5C48BEFB-9BF8-48EA-B4F2-35F25F06AAFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21] (Adobe Systems Incorporated) Task: {6F67AC0E-2EED-49BD-B660-C11EDF37E8DC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-09] (Dropbox, Inc.) Task: {A6DB0C11-BF37-4DDE-996F-ADF9D3FB23CC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {C89E6D1A-A4AF-4C29-9A97-903DD764BDB5} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2012-06-25] () Task: {DAB0ACD0-76E7-43FC-BA0C-501777499459} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc Task: {EA76AE21-965F-496B-9C63-6E3850EA9A65} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-09-23 15:39 - 2012-09-18 14:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll 2015-09-23 15:39 - 2012-09-18 14:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll 2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-16 11:02 - 2015-10-16 11:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2015-06-09 16:45 - 2016-01-31 10:59 - 50679920 _____ () C:\Users\tomicher\AppData\Roaming\Spotify\libcef.dll 2015-12-13 16:59 - 2015-10-31 01:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2015-12-13 16:59 - 2015-10-31 01:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2015-12-13 16:59 - 2015-12-08 22:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2015-12-13 16:59 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2015-12-13 16:59 - 2015-10-31 01:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2015-12-13 16:59 - 2015-12-08 22:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2015-12-13 16:59 - 2015-10-31 02:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2015-12-13 16:59 - 2015-12-08 22:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2015-06-09 22:51 - 2015-10-31 02:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-06-09 22:51 - 2015-10-31 02:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 22:10 - 2015-10-31 02:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-09 22:51 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-06-09 16:45 - 2016-01-31 10:59 - 01882224 _____ () C:\Users\tomicher\AppData\Roaming\Spotify\libglesv2.dll 2015-06-09 16:45 - 2016-01-31 10:59 - 00082544 _____ () C:\Users\tomicher\AppData\Roaming\Spotify\libegl.dll 2014-06-23 15:06 - 2014-06-23 15:06 - 01588224 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll 2014-06-23 15:06 - 2014-06-23 15:06 - 02633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll 2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-01-21 21:16 - 2016-01-21 21:16 - 17882304 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\Users\tomicher\Desktop\lualmi1.mpg:com.dropbox.attributes AlternateDataStreams: C:\Users\tomicher\AppData\Local\Temporary Internet Files:ZwIF55s4FoSaLBgyRBV62vD0 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-4200013936-444429621-2781623297-1000\...\skype.com -> hxxps://apps.skype.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-12-14 20:22 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4200013936-444429621-2781623297-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tomicher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{CBE0FEFE-2D1A-412F-ABA4-2120C200F3C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AFE29DC9-596D-4A68-9194-887548B90008}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E34727AF-CD92-4C90-938D-6A13D3272000}] => (Allow) C:\Users\tomicher\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5489C644-B840-4C99-86F4-34EBE7205683}] => (Allow) C:\Users\tomicher\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{76BE6A35-5EAA-4829-B0BB-9E5E7EE777F5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{11256C6E-ECBF-4EF4-A807-3F9D8212872A}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{E601FA17-8182-4B2D-94FB-4C57228C01C8}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{EC33D487-4E49-4D80-A9E8-526CC2F7E811}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{ACAB34FD-4838-46AF-B0C2-D5E7E42229A7}C:\users\tomicher\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tomicher\appdata\roaming\spotify\spotify.exe FirewallRules: [{B6A78008-24F9-4A2C-AC1D-1AF27B60A9B3}] => (Allow) C:\Windows.BackUp\asapvcm.exe FirewallRules: [{FF47373A-E6F7-4A78-8D7E-6B5DE237542B}] => (Allow) C:\Windows.BackUp\asapvcm.exe FirewallRules: [TCP Query User{1847BCD5-508F-4BAE-A43E-BBB8C0D7B736}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{904DFA8A-EBBB-4653-833B-E80A0DB63182}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{D7E2BB6F-CE67-431E-B7CE-0960A3EFFDF3}] => (Allow) LPort=5454 FirewallRules: [{CF506E64-85F1-44A0-B4B7-28B1AA500658}] => (Allow) C:\Windows\system32\hasplms.exe FirewallRules: [TCP Query User{3B851B9E-4B55-43FE-8DB1-FFA6FD4EFB44}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{0F54DA7C-52EC-4924-8213-796891A6086F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{488A4883-FEB7-4B13-9D1C-795178C96912}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe FirewallRules: [UDP Query User{5E76BC27-EFDC-4503-8221-8531E9FDA042}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe FirewallRules: [{5C6D4CBB-1734-4275-BE03-8E15140016DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7FA3FF73-BE6C-4020-A30C-BE15F0593A0C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7B2CFA31-8C3D-46FC-A301-9E088CFF3DD7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{57E69F92-98B6-4508-9123-1660380A8FA0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5BAFAA96-EA5F-4F77-8B42-3EF207F2797C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A8627BDE-D42F-4C73-AD8B-26122343520F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8569B66A-CBAE-4450-8179-02930CAC5C30}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{53413858-082E-4343-B159-74D7FBB6B05A}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{42464C50-215A-47FE-8F71-37871C21BCA2}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{ABB9AFC6-CF9C-487A-8ED2-8BCC08DC75FD}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/01/2016 03:03:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (02/01/2016 03:03:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (02/01/2016 03:03:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (01/31/2016 11:04:10 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (01/31/2016 11:04:10 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (01/31/2016 11:04:10 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (01/29/2016 03:11:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (01/29/2016 03:11:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (01/29/2016 03:11:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (01/28/2016 06:32:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. System errors: ============= Error: (02/01/2016 02:52:19 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (02/01/2016 02:52:13 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (01/31/2016 07:34:46 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (01/31/2016 04:57:43 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: W lokalnym adapterze Bluetooth wystąpił nieokreślony błąd. Adapter nie będzie używany. Sterownik został usunięty z pamięci. Error: (01/31/2016 10:59:01 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 1:25:13 AM na ‎1/‎31/‎2016 było nieoczekiwane. Error: (01/30/2016 04:31:37 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (01/29/2016 03:35:08 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (01/29/2016 03:35:05 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (01/29/2016 01:00:56 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (01/28/2016 09:58:57 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz Percentage of memory in use: 44% Total physical RAM: 7158.12 MB Available physical RAM: 3998.43 MB Total Virtual: 14314.44 MB Available Virtual: 10906.36 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:111.69 GB) (Free:2.83 GB) NTFS Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:9.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7DB60B98) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 65B06DB3) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================