Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-03-2019 Ran by admin (10-04-2019 07:35:19) Running from C:\Users\admin\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2018-01-07 11:03:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-3450171141-3961884624-1861536451-1000 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-3450171141-3961884624-1861536451-500 - Administrator - Disabled) Guest (S-1-5-21-3450171141-3961884624-1861536451-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3450171141-3961884624-1861536451-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: COMODO Advanced Protection (Enabled - Up to date) {255FE707-DEDA-33CA-1986-80AAD408CE05} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {A60587C6-B28F-3D1C-0869-12ED515CC3C3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated) Brother MFL-Pro Suite MFC-L2720DW series (HKLM\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.3.0 - Brother Industries, Ltd.) Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 73.0.3683.75 - Comodo) COMODO Firewall (HKLM\...\{F5884F6C-490D-4979-8D37-E6020E93190C}) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.) Hidden COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.7.0.0333 - Disc Soft Ltd) EaseUS Partition Master 13.0 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS) EaseUS Todo Backup Home 11.5 Trial (HKLM\...\EaseUS Todo Backup_is1) (Version: 11.5 - CHENGDU YIWO Tech Development Co., Ltd) EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.) GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team) inSSIDer 4 (HKLM\...\{23A7D3D7-D312-4549-B349-2226AF6C6A83}) (Version: 4.1.0.60 - MetaGeek, LLC) Internet Security Essentials (HKLM\...\ComodoIse) (Version: 1.3.447691.139 - Comodo) IrfanView 4.51 (32-bit) (HKLM\...\IrfanView) (Version: 4.51 - Irfan Skiljan) Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation) Microsoft .NET Framework 4.7.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.7.02558 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11425.20202 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3450171141-3961884624-1861536451-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 66.0.2 (x86 pl) (HKLM\...\Mozilla Firefox 66.0.2 (x86 pl)) (Version: 66.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.2.7024 - Mozilla) MPC-HC 1.7.13 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.13 - MPC-HC Team) NapiProjekt (2.2.0.2399) (HKLM\...\NapiProjekt_is1) (Version: - ) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden OpenOffice 4.1.5 (HKLM\...\{7076105B-6FE8-464A-AC28-FFBB2686B68F}) (Version: 4.15.9789 - Apache Software Foundation) PotPlayer (HKLM\...\PotPlayer) (Version: 1.7.16291 - Kakao Corp.) Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink) Subtitle Edit 3.5.7 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.7.1 - Nikse) Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM\...\{13061CAA-0284-4F9A-B460-3D4699575B35}) (Version: 1.5.81.13070 - Synaptics Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated) Tank-o-box wersja CD (HKLM\...\{2DBA8C48-57A2-48F9-8CB5-CB794EACE9CC}) (Version: - Nice-Games) TP-LINK TL-WN727N Driver (HKLM\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK) VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN) WinRAR 5.50 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files\EaseUS\Todo Backup\bin\ImageSh.dll [2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-09-13] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl32.dll [2017-12-15] (Disc Soft Ltd -> Disc Soft Ltd) ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files\EaseUS\Todo Backup\bin\ImageSh.dll [2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl32.dll [2017-12-15] (Disc Soft Ltd -> Disc Soft Ltd) ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files\EaseUS\Todo Backup\bin\ImageSh.dll [2018-10-22] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-12-11] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-09-13] (win.rar GmbH -> Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08F1C460-71B3-4EF0-AB77-6FBC48A2BC41} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {25A29636-B384-4C8E-A1A7-C2CBF1CE8FB2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) Task: {2C29EAA2-F472-4D68-85DD-F81EB07386C6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {2FD95C02-8E8F-4E28-9780-B6DB68320A3B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {46598A6E-B339-4A5A-A650-06FF58DF39CD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation) Task: {60320BF6-3C10-4125-B9F4-E00484D51EA1} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {733FF10F-1C45-46F7-9510-675518D8BB2F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {7908FAD2-0314-4732-A50B-78055A396605} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {82AEC7A3-1F81-478E-84AB-BA7CA9DDC45B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe () [File not signed] Task: {9D36056C-81DE-43AC-A9BC-7C402D5D010B} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {BE6CAFC1-21E2-4CA8-B51F-AB6EFE46111D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation) Task: {D082772D-631C-4ECB-AB6E-6D21821D1697} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation) Task: {E0F00E67-D3CF-4242-8C7D-F9989FD6FDF5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation) Task: {EFC3C232-96C7-4A2F-9BBC-0BC28929CA52} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation) Task: {FF379A60-B797-4C53-9361-714E85C479D7} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Comodo Security Solutions, Inc. -> COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============== 2018-12-19 13:43 - 2008-11-25 18:18 - 000892928 _____ () C:\Program Files\EaseUS\Todo Backup\bin\iconv.dll 2018-12-19 13:43 - 2016-03-07 19:08 - 001291264 _____ () C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll 2018-12-19 13:43 - 2004-10-05 04:08 - 000055808 _____ () C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll 2011-01-14 09:56 - 2011-01-14 09:56 - 001294848 _____ () C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe 2018-06-18 16:34 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2018-06-18 16:35 - 2013-03-08 08:43 - 000077824 _____ () C:\Windows\system32\BrNetSti.dll 2018-06-18 16:35 - 2009-10-13 09:59 - 000180224 _____ () C:\Windows\system32\BrMuSNMP.dll 2018-06-18 16:35 - 2014-05-22 13:50 - 004513792 ____N () C:\Program Files\Browny02\Brother\BrStMonW.exe 2018-06-18 16:35 - 2013-10-10 21:55 - 002040320 ____N () C:\Program Files\Browny02\Brother\BrStMonWRes.dll 2018-06-18 16:35 - 2011-02-28 11:32 - 000208896 ____N () C:\Program Files\Browny02\Brother\BrFirmUpdateCheck.dll 2018-06-18 16:35 - 2014-06-16 16:02 - 000579584 ____N () C:\Program Files\ControlCenter4\BrCtrlCntr.exe 2018-06-18 16:35 - 2014-06-16 15:45 - 000137728 ____N () C:\Program Files\ControlCenter4\BrCcAssoc.dll 2018-06-18 16:35 - 2013-09-25 15:35 - 000282112 ____N () C:\Program Files\Browny02\BrYNSvc.exe 2018-06-18 16:35 - 2013-06-12 19:06 - 000385024 ____R () C:\Program Files\Browny02\BrMonitor.dll 2018-06-18 16:35 - 2010-09-29 17:07 - 000180224 ____N () C:\Program Files\Browny02\BroSNMP.dll 2018-07-11 21:34 - 2018-07-11 21:34 - 003623424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\DiscSoft.NET.Common\5628e89d1508c55a922ed3dc2192691e\DiscSoft.NET.Common.ni.dll 2018-06-18 16:35 - 2014-06-16 15:59 - 001537536 ____N () C:\Program Files\ControlCenter4\BrCcUxSys.exe 2018-06-18 16:35 - 2014-06-16 16:03 - 000083968 ____N () C:\Program Files\ControlCenter4\BrCcLPol.dll 2018-06-18 16:35 - 2014-06-16 16:03 - 000083968 ____N () C:\Program Files\ControlCenter4\BrCcDlgRc.dll 2018-06-18 16:35 - 2014-06-16 16:03 - 017955328 ____N () C:\Program Files\ControlCenter4\BrCcGrImg.dll 2011-01-14 09:56 - 2011-01-14 09:56 - 000117760 _____ () C:\Program Files\Synaptics\Scrybe\ScrybeLogInfo.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-06-22 10:49 - 2018-06-22 10:49 - 000000355 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3450171141-3961884624-1861536451-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 94.232.216.45 - 208.67.222.220 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D6F519A6-7DA0-4430-89C7-5AF6F78831E1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{39F2AB74-0F42-4721-BFD2-3C94DA2A5161}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{A3D743C1-7090-437E-8244-804358B55504}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2D79D128-06E6-444D-A448-C67D4A34509D}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Disc Soft Ltd -> Disc Soft Ltd) FirewallRules: [{28F4B314-DAE0-4A95-B31D-D126DB5A344D}] => (Allow) C:\Program Files\Brother\Brmfl14d\FAXRX.EXE (Brother Industries, Ltd.) [File not signed] FirewallRules: [{8E16FD48-D066-4315-B3D0-5F2B522F392A}] => (Allow) LPort=54925 FirewallRules: [{2E08E2AA-960F-4C8F-8819-DE0841BFA184}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{3F089B5A-99C8-453B-815A-DCE384E40995}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{509B1BE6-E72F-484D-BA41-908E36132D07}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{A285CC6C-6926-4DAD-A55C-BFE606EB01E8}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) FirewallRules: [{1A687092-F5A2-497F-9B49-F98DD45AF032}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) FirewallRules: [{CE720271-18AD-4E47-9594-680AE3D774AB}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) FirewallRules: [{3D2B9E2C-4454-4A08-9559-08CD91A4B0C6}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) FirewallRules: [{CC2F0109-4815-43AB-948B-B32E014ED1F6}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) FirewallRules: [{CF34BBA6-51AC-4042-92D1-A1768DAE133B}] => (Allow) C:\Program Files\NapiProjekt\napisy.exe () [File not signed] FirewallRules: [{BB106B10-498A-4275-BCD1-2BAC6E203091}] => (Allow) C:\Program Files\NapiProjekt\napisy.exe () [File not signed] FirewallRules: [{AA283AFC-7E82-47A5-A809-214ABC522F45}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F63B8DA7-B53D-4C73-813C-8BB6034494DB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1E79CEAD-128B-4F0D-8B6A-BCEBC2A85869}] => (Allow) C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CF1DD4DE-784C-4435-9652-4910E52CF06E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{19D08130-02AD-4268-8DA6-944F78986D1F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{08C67E31-C74D-4A7D-B04A-F9F9BA81F50D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 19-03-2019 09:07:29 Scheduled Checkpoint 27-03-2019 22:22:26 Scheduled Checkpoint 29-03-2019 16:59:11 Configured Microsoft Office Professional Plus 2016 29-03-2019 16:59:21 PROPLUS 29-03-2019 20:12:48 Removed Microsoft Office Professional Plus 2016 29-03-2019 20:12:57 PROPLUS 02-04-2019 15:06:35 Removed SlimDrivers ==================== Faulty Device Manager Devices ============= Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/10/2019 06:47:24 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/09/2019 12:47:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/09/2019 06:29:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/07/2019 07:41:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/06/2019 06:30:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/05/2019 08:21:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (04/05/2019 08:21:05 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY) Description: Product: Office 16 Click-to-Run Localization Component -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: c:\Windows\Installer\1180e1.ipi, -2147287035, Error: (04/05/2019 08:03:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (04/10/2019 06:45:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/09/2019 07:17:22 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{5489A24F-D5CF-4E8C-868E-B26FA8431F96}. Przeglądarka zapasowa jest zatrzymywana. Error: (04/09/2019 12:45:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/09/2019 12:45:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Server zakończyła działanie; wystąpił następujący błąd: W magazynie brak miejsca dla wykonania tej operacji. Error: (04/09/2019 06:27:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/07/2019 07:40:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/06/2019 06:28:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Error: (04/05/2019 08:02:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: cdrom Windows Defender: =================================== Date: 2018-07-04 13:02:56.071 Description: Produkt Windows Defender napotkał błąd podczas próby aktualizacji podpisów. Nowa wersja podpisu:1.271.442.0 Poprzednia wersja podpisu:1.269.1075.0 Źródło aktualizacji:Użytkownik Typ podpisu:Oprogramowanie antyszpiegowskie Typ aktualizacji:Różnica Użytkownik:NT AUTHORITY\SYSTEM Bieżąca wersja aparatu:1.1.15000.2 Poprzednia wersja aparatu:1.1.14901.4 Kod błędu:0x80070666 Opis błędu:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. Date: 2018-07-04 13:02:56.071 Description: Produkt Windows Defender napotkał błąd podczas próby aktualizacji aparatu. Nowa wersja aparatu:1.1.15000.2 Poprzednia wersja aparatu:1.1.14901.4 Źródło aktualizacji:Użytkownik Użytkownik:NT AUTHORITY\SYSTEM Kod błędu:0x80070666 Opis błędu:Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz Percentage of memory in use: 58% Total physical RAM: 3000.27 MB Available physical RAM: 1257.42 MB Total Virtual: 5998.89 MB Available Virtual: 4075.69 MB ==================== Drives ================================ Drive c: (Windows 7 Ultimate 32 bit) (Fixed) (Total:119.24 GB) (Free:62.63 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:181.59 GB) (Free:12.08 GB) NTFS Drive e: () (Fixed) (Total:134.73 GB) (Free:67.62 GB) NTFS Drive f: () (Fixed) (Total:118.78 GB) (Free:43.73 GB) NTFS Drive g: () (Fixed) (Total:30.66 GB) (Free:30.57 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 5C1A3601) Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: E476C620) Partition 1: (Not Active) - (Size=181.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149.4 GB) - (Type=0F Extended) Partition 3: (Not Active) - (Size=134.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================