Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01 Ran by pljarda (2016-05-25 10:11:56) Running from C:\Users\pljarda\Downloads Windows 7 Enterprise Service Pack 1 (X64) (2016-02-15 10:01:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Adm0 (S-1-5-21-4169276342-1981560946-2079290168-500 - Administrator - Enabled) SophosSAUPLCLW700400 (S-1-5-21-4169276342-1981560946-2079290168-1000 - Limited - Enabled) TempUser (S-1-5-21-4169276342-1981560946-2079290168-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29} AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden Adobe Flash Player 17 ActiveX (HKLM-x32\...\{8C901387-B304-404D-93C0-E2E0C2D53D90}) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\{F22C3C05-B1D9-47FF-AA17-4F9DCBFE850F}) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Reader XI (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Adobe Reader XI) (Version: 1.0 - Delivered by Citrix) Adobe Shockwave Player 12.1 (HKLM-x32\...\{3CE0C7DC-ED5B-450E-9C5F-49702C263544}) (Version: 12.1.7.157 - Adobe Systems, Inc) Attachmate Reflection (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Attachmate Reflection) (Version: 1.0 - Delivered by Citrix) Attachmate Reflection FTP Client (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Attachmate Reflection FTP Client) (Version: 1.0 - Delivered by Citrix) Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{53C12E1E-AB56-4BF6-91F9-BB332DE0B547}) (Version: 8.23.2500 - Cisco WebEx LLC) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.) Configuration Manager Client (Version: 5.00.8325.1000 - Microsoft Corporation) Hidden CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) Desktop (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Desktop) (Version: 1.0 - Delivered by Citrix) DisplayFusion 7.3.4 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.3.4.0 - Binary Fortress Software) DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.) e-Safekey (HKLM-x32\...\{5A6FD890-5146-4AAA-A9D9-DC16F8F09E2E}) (Version: 04.02.0001 - Danske Bank Group) Exact Synergy Office Integration (HKLM-x32\...\{183B99EC-EF7E-46AC-ACA0-28D06BEE1604}) (Version: 5.0.480.0 - Exact Software B. V.) Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation) Internet Explorer (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Internet Explorer 9) (Version: 1.0 - Delivered by Citrix) Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Korrekturredskaber til Microsoft Office 2013 – Dansk (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Korrekturverktøy for Microsoft Office 2013 – Norsk (nynorsk) (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo) Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo) M2 (HKLM-x32\...\{9B9B04F8-8EDA-4246-9FE1-591A4A00B5B2}) (Version: 1.1.19 - Consafe Logistics) Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Access 2013 (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Microsoft Access 2013) (Version: 1.0 - Delivered by Citrix) Microsoft Excel 2013 (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Microsoft Excel 2013) (Version: 1.0 - Delivered by Citrix) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneNote 2013 (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Microsoft OneNote 2013) (Version: 1.0 - Delivered by Citrix) Microsoft PowerPoint 2013 (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Microsoft PowerPoint 2013) (Version: 1.0 - Delivered by Citrix) Microsoft Project 2013 (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Microsoft Project 2013) (Version: 1.0 - Delivered by Citrix) Microsoft Publisher 2013 (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Microsoft Publisher 2013) (Version: 1.0 - Delivered by Citrix) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visio 2013 (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Microsoft Visio 2013) (Version: 1.0 - Delivered by Citrix) Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Word 2013 (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Microsoft Word 2013) (Version: 1.0 - Delivered by Citrix) Napisy24 (HKLM-x32\...\{D1985DBC-F09E-4317-91B8-932AD0FD4A27}_is1) (Version: 1.3 - Napisy24.pl) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Nilex (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Nilex) (Version: 1.0 - Delivered by Citrix) Nilex Enterprise 8.88 (HKLM-x32\...\Nilex Enterprise 8.88) (Version: - ) O2 (HKLM-x32\...\{A80EE852-DDE0-4546-965A-940E070DEFF0}) (Version: 1.1.19 - Consafe Logistics) On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.51.01 - ) Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Polar FlowSync wersja 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy) Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.64.2 - Lenovo Group Limited) PuTTY release 0.64 (HKLM-x32\...\PuTTY_is1) (Version: 0.64 - Simon Tatham) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6647 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Remote Desktop Connection (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Remote Desktop Connection) (Version: 1.0 - Delivered by Citrix) RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd) Self-service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden Sophos Anti-Virus (HKLM-x32\...\{09863DA9-7A9B-4430-9561-E04D178D7017}) (Version: 10.6.3.537 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{BCF53039-A7FC-4C79-A3E3-437AE28FD918}) (Version: 5.2.0.276 - Sophos Limited) Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited) Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 4.0.6 - Sophos Limited) Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.0 - Sophos Limited) ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - ) ThinkPad UltraNav Driver (HKLM\...\Elantech) (Version: 10.4.8.3 - ELAN Microelectronic Corp.) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.1.0 - ) ThinkPad USB 3.0 Dock (HKLM-x32\...\{69109A9C-1D00-4A84-9ABF-AAE9CADD20DD}) (Version: 1.07.15 - Lenovo) Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0406-0000-0000000FF1CE}_Office15.PROPLUS_{3A1826AC-0372-4AAB-9BC5-87C0724A13DD}) (Version: - Microsoft) Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft) Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0413-0000-0000000FF1CE}_Office15.PROPLUS_{D1933056-DC4F-437D-97DC-4A795BEF6A49}) (Version: - Microsoft) Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0414-0000-0000000FF1CE}_Office15.PROPLUS_{9DC16892-BE7F-4712-B5E1-E13DB75EAFB1}) (Version: - Microsoft) Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0415-0000-0000000FF1CE}_Office15.PROPLUS_{61D76467-9532-4D27-AE19-31DF7BD2C973}) (Version: - Microsoft) Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041D-0000-0000000FF1CE}_Office15.PROPLUS_{84F8AA83-B7DE-43B7-8376-71E50DF9EBEA}) (Version: - Microsoft) Visma Business (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Visma Business) (Version: 1.0 - Delivered by Citrix) Visma Document Center (HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\citrix-5e6fbf72@@XenApp.Visma Document Center) (Version: 1.0 - Delivered by Citrix) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN) VMware Client Integration Plug-in 5.5.0 (HKLM-x32\...\{837E9923-05EA-4091-A4EE-6FB10CEEE099}) (Version: 5.5.0.1280541 - VMware, Inc.) VMware Remote Console (HKLM\...\{0522E1FF-6290-467F-AF84-D9B4EB3EEB09}) (Version: 7.0.0 - VMware, Inc.) VMware Remote Console Plug-in (HKLM-x32\...\{D2F28E39-9813-41D3-8EC9-BAADA38C426D}) (Version: 2.5.0.122581 - VMware, Inc.) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {074BF189-7916-4CF6-ABB5-801843AF6D2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-15] (Adobe Systems Incorporated) Task: {1DAAB754-00C8-4F91-94C4-48FCE8436D7D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {362C4DEB-0529-4E3B-85C6-8789E7ECB01D} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {3794DC5D-1A3B-4522-BBF6-3A0D78F0E0F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd) Task: {3F371F86-D151-423E-9745-68551CFF3C1D} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2013-12-09] (Lenovo Group Limited) Task: {435DFD3C-01A4-4936-8561-882C6937CC77} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2015-10-27] (Microsoft Corporation) Task: {647A39F0-723A-4882-94BC-66D6DB76D689} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo) Task: {725C2CB1-3616-483B-B697-FEC0A4967AFF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation) Task: {7A33DF18-7BE3-4E44-A461-D2A18BC37B8E} - System32\Tasks\pljardaTreatiesButtressedV2 => Rundll32.exe MetatarsalSlows.dll,main 7 1 <==== ATTENTION Task: {7AFE716C-9065-4B82-B76E-3BE6583C8B84} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {8c11f6e6-0ac7-47f6-8d5a-16cc3da30dcb} PLCLW70040.consafe1.org => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation) Task: {7C6F6C99-A051-4006-92FF-FE9232BAAA19} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] () Task: {7E005BC7-BC78-4C65-95E8-0D8AA0AD06F7} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo) Task: {B740861F-DF60-41A2-9A17-7D437C062A87} - System32\Tasks\Daily scheduled scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2016-04-15] (Sophos Limited) Task: {BA64BB0A-BC3E-4BA3-861E-18E8B956AC9C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation) Task: {C5C323D1-6895-4BD1-8414-1F73501E2516} - System32\Tasks\{12E43934-F32F-21E8-D449-11CCFD7A970F} => C:\Users\pljarda\AppData\Roaming\{12E43~1\Updater.exe Task: {CA824C74-1ED6-4B61-95D4-14318FD48BE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-16] (Google Inc.) Task: {D03A2BDB-F596-4492-B269-8E4DBA942A0A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CONSAFE1-pljarda PLCLW70040.consafe1.org => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation) Task: {F5AAFC7E-B929-42AC-AED2-C6FD2803ACAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-16] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Daily scheduled scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\{12E43934-F32F-21E8-D449-11CCFD7A970F}.job => C:\Users\pljarda\AppData\Roaming\{12E43~1\Updater.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-02-15 12:21 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll 2015-11-05 02:11 - 2015-11-05 02:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2016-04-18 09:24 - 2016-04-18 09:24 - 00233608 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg 2016-04-18 09:24 - 2016-04-18 09:24 - 00140696 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg 2016-04-18 09:24 - 2016-04-18 09:24 - 00119344 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg 2016-04-18 09:24 - 2016-04-18 09:24 - 00076704 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg 2016-04-18 09:24 - 2016-04-18 09:24 - 00165000 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg 2016-04-18 09:24 - 2016-04-18 09:24 - 00148440 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg 2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-02-15 12:05 - 2013-12-09 07:04 - 00104448 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL 2012-03-19 15:09 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-05-25 09:09 - 2016-05-25 09:08 - 00947712 _____ () C:\ProgramData\Quotenamron\Quotenamron.exe 2016-05-25 09:09 - 2016-05-15 18:04 - 02089472 _____ () C:\ProgramData\Logic Handler\set.exe 2015-03-31 10:23 - 2015-03-31 10:23 - 06734504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe 2013-10-10 18:48 - 2013-10-10 18:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2016-04-15 12:37 - 2016-04-15 12:37 - 01276680 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll 2016-04-15 12:39 - 2016-04-15 12:39 - 01094408 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll 2016-04-15 12:40 - 2016-04-15 12:40 - 00347400 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll 2016-04-15 12:38 - 2016-04-15 12:38 - 00465160 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_AnyTypeCode.dll 2016-04-15 12:39 - 2016-04-15 12:39 - 00087816 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll 2016-04-15 12:39 - 2016-04-15 12:39 - 00254216 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll 2016-04-15 12:39 - 2016-04-15 12:39 - 00511752 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll 2016-04-15 12:38 - 2016-04-15 12:38 - 00059144 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_CodecFactory.dll 2016-04-15 12:39 - 2016-04-15 12:39 - 00149768 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI.dll 2016-04-15 12:37 - 2016-04-15 12:37 - 00832264 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll 2016-04-15 12:40 - 2016-04-15 12:40 - 00044808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Svc_Utils.dll 2016-04-15 12:40 - 2016-04-15 12:40 - 00075016 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll 2016-04-15 12:39 - 2016-04-15 12:39 - 00069384 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI_Server.dll 2016-04-15 12:39 - 2016-04-15 12:39 - 00052488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Codeset.dll 2016-05-24 13:47 - 2015-11-19 15:56 - 01759232 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll 2015-06-16 17:47 - 2015-06-16 17:47 - 00100688 _____ () C:\PROGRAM FILES (X86)\CITRIX\AUTHMANAGER\AppReceiverSDKWrapper.dll 2015-02-10 14:13 - 2015-02-10 14:13 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Office15\tmpod.dll 2014-01-23 07:55 - 2014-01-23 07:55 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll 2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-05-13 13:20 - 2016-05-11 13:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll 2016-05-13 13:20 - 2016-05-11 13:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll 2016-05-13 13:20 - 2016-05-11 13:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\pljarda\Desktop\Praca Consafe:com.dropbox.attributes [168] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-321930979-3402162066-1190322147-8181\Control Panel\Desktop\\Wallpaper -> C:\Users\pljarda\AppData\Local\DisplayFusion\Wallpaper_1 DNS Servers: 10.211.72.19 - 10.0.72.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ALLUpdate => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup MSCONFIG\startupreg: Lync => "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey MSCONFIG\startupreg: Napisy24Update => "C:\Program Files (x86)\Napisy24\Napisy24Update.exe" "sleep" MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{FE18CFEC-4BB5-442F-96D4-284EE63D9CB6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{1BB6DAFF-E990-4494-B8C5-6341C8EB13BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{9DE8BF13-A8C9-4AE5-A3F3-04CEF43C9D5B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{A658856E-99CA-47BE-88BD-F9353D33DF7F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{6F2D724E-915E-417F-9332-2ACDAB39B4E0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{D1CE4A32-290B-40FB-9EFC-6E858A9A2720}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [TCP Query User{126A96A1-3C33-4D31-A6F5-DB69F33A57FF}C:\program files (x86)\microsoft office\office15\lync.exe] => (Block) C:\program files (x86)\microsoft office\office15\lync.exe FirewallRules: [UDP Query User{33BB049D-5208-43E2-9108-92C9C578A4E3}C:\program files (x86)\microsoft office\office15\lync.exe] => (Block) C:\program files (x86)\microsoft office\office15\lync.exe FirewallRules: [{DFC68242-09F9-47CD-8D04-4A23BB6FD3A5}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe FirewallRules: [{52333FC2-F56F-48C1-B87B-265F22C7DA9F}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe FirewallRules: [{EEADA721-346F-4171-8565-670D2A6667E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D20E0B5C-1112-4EE1-A0E7-6936E49F0DDE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3F52866D-A17E-46B2-85D6-D41C34CF8D39}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{10C61761-DA19-42AA-89A9-4D760299EEA4}] => (Allow) LPort=5354 FirewallRules: [{C9310E4D-540D-49B6-B03D-6370F6DE6C9C}] => (Allow) LPort=5354 FirewallRules: [{F244DBA2-7CB8-41B5-B2DD-76E64128F95C}] => (Allow) LPort=5354 FirewallRules: [{6247DC86-9547-4968-8616-DF6D84707D37}] => (Allow) LPort=5354 FirewallRules: [{03487F76-B37B-4FE6-B46D-A589F2131B8C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{620A6E89-A2AE-4F18-973D-9EA3B02BB756}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe ==================== Restore Points ========================= 25-05-2016 09:11:06 Removed Apple Mobile Device Support ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2016 10:07:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: 0u16fl0h.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca Faulting module name: 0u16fl0h.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca Exception code: 0xc0000005 Fault offset: 0x00089096 Faulting process id: 0x1420 Faulting application start time: 0x0u16fl0h.exe0 Faulting application path: 0u16fl0h.exe1 Faulting module path: 0u16fl0h.exe2 Report Id: 0u16fl0h.exe3 Error: (05/25/2016 09:37:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Failed to schedule Software Protection service for re-start at 2016-06-01T07:31:59Z. Error Code: 0x80041321. Error: (05/25/2016 09:19:33 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (05/25/2016 09:19:33 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (05/25/2016 09:05:46 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (05/25/2016 09:05:44 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (05/25/2016 09:00:46 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2016 08:06:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2016 07:56:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/25/2016 07:53:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/25/2016 09:00:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: %%1053 Error: (05/25/2016 09:00:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect. Error: (05/25/2016 08:06:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: %%1053 Error: (05/25/2016 08:06:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect. Error: (05/25/2016 07:55:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: %%1053 Error: (05/25/2016 07:55:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect. Error: (05/25/2016 07:53:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: %%1053 Error: (05/25/2016 07:53:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect. Error: (05/25/2016 07:53:08 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (05/25/2016 07:53:08 AM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain CONSAFE1 due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. CodeIntegrity: =================================== Date: 2016-05-25 09:05:54.187 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-25 08:07:09.406 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-25 07:56:25.345 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-25 07:53:58.693 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-25 07:47:56.169 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-25 07:45:30.746 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-25 06:51:30.497 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-24 11:16:32.271 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-23 08:33:53.419 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-20 13:42:54.813 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz Percentage of memory in use: 54% Total physical RAM: 7888.8 MB Available physical RAM: 3606.03 MB Total Virtual: 9934.98 MB Available Virtual: 5582.93 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:119.24 GB) (Free:70.18 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 57453427) Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================