Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016 Ran by Bonzo (2016-05-12 21:45:20) Running from C:\Users\Bonzo\Desktop Windows 10 Pro N Version 1511 (X64) (2016-01-28 23:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3085355610-792927284-2140272177-500 - Administrator - Disabled) Bonzo (S-1-5-21-3085355610-792927284-2140272177-1000 - Administrator - Enabled) => C:\Users\Bonzo DefaultAccount (S-1-5-21-3085355610-792927284-2140272177-503 - Limited - Disabled) Guest (S-1-5-21-3085355610-792927284-2140272177-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.2 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) BitTorrent (HKU\S-1-5-21-3085355610-792927284-2140272177-1000\...\BitTorrent) (Version: 7.9.6.42095 - BitTorrent Inc.) Business Card Designer Trial (HKLM-x32\...\{CDE39D65-080A-48F5-A891-44E845EFB058}) (Version: 1.00.0000 - AMF Software) BusinessCards MX (HKLM-x32\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 5.0 - MOJOSOFT) Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0415-0000-0000000FF1CE}) (Version: 12.0.4518.1020 - Microsoft Corporation) Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.39.1 - Dropbox, Inc.) Hidden e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 8.0.7 - Ministerstwo Finansow) e-Deklaracje Desktop (x32 Version: 8.0.7 - Ministerstwo Finansow) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Kodi (HKU\S-1-5-21-3085355610-792927284-2140272177-1000\...\Kodi) (Version: - XBMC-Foundation) Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 45.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 pl)) (Version: 45.0.1 - Mozilla) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team) NVIDIA 3D Vision Driver 267.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.76 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 267.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.76 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation) OpenOffice 4.1.2 (HKLM-x32\...\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}) (Version: 4.12.9782 - Apache Software Foundation) Oplaty (HKLM-x32\...\Oplaty) (Version: 2015 - Ministerstwo Srodowiska) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.5.0 - Popcorn Time) <==== ATTENTION Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WTW 1.16.0.4737 IM (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 1.16.0.4737 - K2T.eu) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3085355610-792927284-2140272177-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Bonzo\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2FB7ADFC-C9B7-4654-952C-F3698C2387D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-26] (Google Inc.) Task: {81E064DD-53EE-4BFF-AA55-1D480625F2D9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-10] (Microsoft Corporation) Task: {82A86377-00EE-438B-AD9F-AFD97B7C3784} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-26] (AVAST Software) Task: {8FE96B71-1B3E-4C9E-962C-9627DD7F64F3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {9EF59DD8-B379-4062-8EB7-531A4F60902B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-27] (Dropbox, Inc.) Task: {DC92BBE5-46DF-4F8B-9F0A-B85D7F8F72C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-26] (Google Inc.) Task: {E42A4004-919C-4F15-A495-16726721DBD3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-27] (Dropbox, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 09:16 - 2015-10-30 09:16 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-04-13 22:20 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-13 22:20 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-01-29 18:29 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-10 21:00 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-10 21:02 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-10 21:01 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-10 21:02 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-10 21:02 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-01-26 01:47 - 2016-01-26 01:47 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-01-26 01:47 - 2016-01-26 01:47 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-05-11 12:21 - 2016-05-11 12:21 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\16051100\algo.dll 2016-04-14 19:47 - 2016-04-14 19:47 - 00510368 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-05-12 15:12 - 2016-05-12 15:12 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\16051200\algo.dll 2016-05-12 19:36 - 2016-05-12 19:36 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\16051201\algo.dll 2016-05-04 18:57 - 2016-04-28 01:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll 2016-05-04 18:57 - 2016-04-28 01:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll 2016-01-26 01:47 - 2016-01-26 01:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-04-27 22:52 - 2016-04-19 21:47 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-05-12 20:46 - 2016-04-19 21:48 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-05-12 20:46 - 2016-04-19 21:47 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-04-27 22:52 - 2016-04-19 21:47 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-04-27 22:52 - 2016-04-19 21:47 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-05-12 20:46 - 2016-04-19 21:47 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-04-27 22:52 - 2016-05-07 00:35 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-04-27 22:52 - 2016-04-19 21:47 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-04-27 22:52 - 2016-04-19 21:48 - 00121296 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-05-12 20:46 - 2016-04-19 21:49 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-04-27 22:52 - 2016-04-19 21:47 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-05-12 20:46 - 2016-04-19 21:47 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-05-12 20:46 - 2016-04-19 21:48 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-05-12 20:46 - 2016-04-19 21:50 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-05-12 20:46 - 2016-05-07 00:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2016-05-12 20:46 - 2016-03-12 02:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2016-05-12 20:46 - 2016-05-07 00:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-05-12 20:46 - 2016-05-07 00:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-04-27 22:52 - 2016-04-19 21:48 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-05-12 20:46 - 2016-05-07 00:35 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-05-12 20:46 - 2016-05-07 00:35 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-05-12 20:46 - 2016-05-07 00:35 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-05-12 20:46 - 2016-05-07 00:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-04-27 22:52 - 2016-04-19 21:49 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2016-04-27 22:52 - 2016-05-07 00:35 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-05-12 20:46 - 2016-05-07 00:35 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-05-12 20:46 - 2016-05-07 00:35 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3085355610-792927284-2140272177-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 62.179.1.63 - 62.179.1.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3085355610-792927284-2140272177-1000\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{0D0B9A91-7CD5-40ED-BC34-1F46BE196FE2}] => (Allow) C:\Program Files\WTW\wtw.exe FirewallRules: [{5772C8C8-4288-449D-BCAA-88CA0CC5F9D7}] => (Allow) C:\Program Files\WTW\wtw.exe FirewallRules: [{905CF9FA-06CB-4FAE-95BA-A7A27B851485}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{901EA6FD-A9B2-4C1F-A13E-5EB873BC49DE}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{30530468-2969-4B67-AEDA-15F1E2FE8FE4}] => (Allow) C:\Users\Bonzo\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{1D6C615D-9ABF-43EA-A1EE-12C62F94C737}] => (Allow) C:\Users\Bonzo\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{C571EAED-82C6-42A1-8001-DD55CAA33A66}] => (Allow) C:\Users\Bonzo\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{ED1D9E2A-F057-43AE-B6CB-C130C293F27B}] => (Allow) C:\Users\Bonzo\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{4DF73FF9-7F87-48B9-BD23-8AE59A661165}] => (Allow) C:\Users\Bonzo\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{80E0D36E-685E-4683-B673-83636D351CE4}] => (Allow) C:\Users\Bonzo\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{481ACBBA-0661-49F1-ABE8-B742E3756F18}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{7A1E79B1-5F50-4602-BF22-B6940A4503DA}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{A206E0B5-BBCF-477C-9C1E-7371AE9307BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{0578D678-52A8-45A1-B0EC-A9C607B54904}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{7050829E-C36A-45DE-87CB-98D42323F539}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{1A3F514F-5066-4EE8-A64A-572ABBCD889E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{9CC0C624-DF73-4B76-B611-9AE9751F363C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{0DA5C99C-AA95-4438-9BF0-D25342808DD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [TCP Query User{793DF924-6FCB-4CAE-B297-2E6114262EC2}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{AC79E66F-9D61-4EA8-A447-04DBE1E64562}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [{B113AFF9-C961-413B-923D-4D2B9B5C6DCB}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{5B77A9CF-3C36-464F-AD85-78185E87832B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{91AB6F98-9B2A-4734-930A-8C56997D227B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{BEF9DB46-7F0B-4C2A-BDD1-AD071E8A5BE9}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{92501B82-1CF8-420E-8D42-DD5F1B452E70}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{5DF8DAFB-AB73-4099-8F1C-382FEE46716D}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{614C3C84-13B7-45BE-9D46-B600214B6A9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{406084BD-3661-40A4-86D6-6EAA32B111FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A988BE6F-0CCE-4D38-B40D-4C30DBD01355}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0FE99B25-7F60-4816-BDDA-C31106D368A5}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 21-04-2016 21:03:16 Scheduled Checkpoint 02-05-2016 19:29:06 Scheduled Checkpoint 10-05-2016 21:16:01 Windows Update 10-05-2016 21:16:26 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/12/2016 12:03:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686 Exception code: 0xc0000602 Fault offset: 0x000000000022885f Faulting process id: 0x7fc Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Faulting package full name: svchost.exe4 Faulting package-relative application ID: svchost.exe5 Error: (05/12/2016 12:03:28 AM) (Source: ESENT) (EventID: 908) (User: ) Description: svchost (2044) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1054(tm.cxx:1630): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS) Error: (05/10/2016 09:31:43 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (05/10/2016 09:16:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/10/2016 09:16:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/10/2016 08:43:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: lightroom.exe, version: 6.2.0.10, time stamp: 0x5606db6a Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff Exception code: 0xc0000409 Fault offset: 0x0000000000074a30 Faulting process id: 0xac0 Faulting application start time: 0xlightroom.exe0 Faulting application path: lightroom.exe1 Faulting module path: lightroom.exe2 Report Id: lightroom.exe3 Faulting package full name: lightroom.exe4 Faulting package-relative application ID: lightroom.exe5 Error: (05/09/2016 03:37:28 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (05/08/2016 01:48:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: taskhostw.exe, version: 10.0.10586.0, time stamp: 0x5632d756 Faulting module name: ntdll.dll, version: 10.0.10586.122, time stamp: 0x56cbf9dd Exception code: 0xc0000005 Fault offset: 0x00000000000231f7 Faulting process id: 0x12dc Faulting application start time: 0xtaskhostw.exe0 Faulting application path: taskhostw.exe1 Faulting module path: taskhostw.exe2 Report Id: taskhostw.exe3 Faulting package full name: taskhostw.exe4 Faulting package-relative application ID: taskhostw.exe5 Error: (05/07/2016 07:50:58 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (05/05/2016 04:08:09 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to launch stream service as user [87] System errors: ============= Error: (05/12/2016 09:37:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_c9aef4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (05/12/2016 05:49:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_22d45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (05/12/2016 03:12:37 PM) (Source: DCOM) (EventID: 10016) (User: BONZO) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}BONZOBonzoS-1-5-21-3085355610-792927284-2140272177-1000LocalHost (Using LRPC)UnavailableUnavailable Error: (05/12/2016 03:12:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: %%1058 Error: (05/12/2016 12:03:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The State Repository Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (05/12/2016 12:03:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_8fc57b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (05/11/2016 07:50:22 PM) (Source: DCOM) (EventID: 10016) (User: BONZO) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}BONZOBonzoS-1-5-21-3085355610-792927284-2140272177-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (05/11/2016 07:50:22 PM) (Source: DCOM) (EventID: 10016) (User: BONZO) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}BONZOBonzoS-1-5-21-3085355610-792927284-2140272177-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (05/11/2016 07:35:44 PM) (Source: DCOM) (EventID: 10016) (User: BONZO) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}BONZOBonzoS-1-5-21-3085355610-792927284-2140272177-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (05/11/2016 07:35:44 PM) (Source: DCOM) (EventID: 10016) (User: BONZO) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}BONZOBonzoS-1-5-21-3085355610-792927284-2140272177-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 CodeIntegrity: =================================== Date: 2016-05-11 12:56:42.167 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-11 12:56:42.107 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-11 12:56:42.029 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-11 12:56:41.913 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-11 12:56:41.868 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-11 12:56:41.824 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-11 12:56:40.412 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-11 12:56:40.179 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-11 12:49:19.993 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-11 12:49:19.922 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz Percentage of memory in use: 58% Total physical RAM: 4090.6 MB Available physical RAM: 1716.83 MB Total Virtual: 8186.6 MB Available Virtual: 5287.45 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.33 GB) (Free:170.88 GB) NTFS Drive e: (BONZO) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: EF25ED11) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=470 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================