Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017 Ran by arkadiusz.nawrocki (05-03-2017 22:05:49) Running from C:\Users\arkadiusz.nawrocki\Downloads Windows 7 Professional Service Pack 1 (X64) (2015-01-07 08:13:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-834129011-3814023307-2731559957-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-834129011-3814023307-2731559957-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\uTorrent) (Version: 3.4.9.43293 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated) BeyondTrust Certificate Installer (HKLM-x32\...\{61019C90-4892-4EC3-B7EB-8D4934C13E15}) (Version: 1.0.0.0 - BeyondTrust) calibre (HKLM-x32\...\{8FC4CEFE-8F15-4E22-986F-87EAF0C69A00}) (Version: 2.27.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform) Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix) Citrix Receiver 4.6 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.6.0.12010 - Citrix Systems, Inc.) ConfigMgr Client Setup Bootstrap (x32 Version: 5.00.8412.1000 - Microsoft Corporation) Hidden Configuration Manager Client (Version: 5.00.8412.1000 - Microsoft Corporation) Hidden CutePDF Professional 3.6 (HKLM-x32\...\{F10D1D8F-C20C-4F0D-B243-688C0C6873F6}) (Version: 3.6.1.0 - Acro Software Inc.) CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - ) dbNotowania 4 MAX (HKLM-x32\...\{5895A917-7D87-4777-BD4D-CDD1243B38F1}) (Version: 4.2.120.0 - Statica) Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell KACE Agent (x32 Version: 7.0.763 - Dell Inc.) Hidden Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.0.0 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.109 - ALPS ELECTRIC CO., LTD.) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd) DisplayLink Core Software (HKLM\...\{8D72293E-E663-41B9-A02E-ADA11CD6EBD9}) (Version: 8.0.778.0 - DisplayLink Corp.) DisplayLink Graphics (Version: 8.0.801.0 - DisplayLink Corp.) Hidden Encore 5 (HKLM\...\{6DDB92C2-CB37-420B-ABC5-598678457AB6}) (Version: 5.67.400 - Cluen) Google Chrome (HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GoPro (Version: 0.1.2733 - GoPro, Inc.) Hidden GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.) GoPro Studio (x32 Version: 5.9.2733 - GoPro, Inc.) Hidden GoToAssist Unattended Customer 1.6.0.545 (HKLM-x32\...\{8986461A-C5B9-4E8B-827A-FA68F3411545}) (Version: 1.6.0.545 - Citrix Online) GoToMeeting 5.5.0.1132 (HKU\.DEFAULT\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Network Connections 18.1.59.00 (HKLM\...\PROSetDX) (Version: 18.1.59.00 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.1.1306.0352 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.2.1000 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation) Intel(R) WiDi (HKLM\...\{24A36A7A-108C-4846-BE1F-2CD05497B998}) (Version: 4.2.15.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{724eb565-20e3-4d9a-ad54-d36d1da130e5}) (Version: 17.0.0 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Local Administrator Password Solution (HKLM\...\{EA8CB806-C109-4700-96B4-F1F268E5036C}) (Version: 6.2.0.0 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4903.1002 - Microsoft Corporation) Microsoft Online Services Sign-in Assistant (HKLM\...\{5D62CA9E-C68A-4BED-A1E9-7D38D9DDC2DB}) (Version: 7.250.4122.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd) Mozilla Firefox 45.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-GB)) (Version: 45.0.1 - Mozilla) Mozilla Firefox 51.0.1 (x64 pl) (HKLM\...\Mozilla Firefox 51.0.1 (x64 pl)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) MozyEnterprise (HKLM\...\{3BE64418-D433-1973-256E-EAE88E4A8EF4}) (Version: 2.26.4.395 - Mozy, Inc.) mStatica 4 (HKLM-x32\...\{DDDBC47B-C2C6-42D5-B1C7-355702AE89F6}) (Version: 4.1.142.0 - Statica) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM\...\{90150000-001F-0415-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM-x32\...\{90150000-001F-0415-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version: - ) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4903.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4903.1002 - Microsoft Corporation) Hidden Okta IE plugin 3.16.5 (HKLM\...\{951D73C6-B2B4-4319-A4E0-0E393B3D20F3}) (Version: 3.16.5 - Okta) Online Plug-in (x32 Version: 14.6.0.12010 - Citrix Systems, Inc.) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.) Pulse Secure Citrix Services Client (HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\Juniper_Citrix_Services) (Version: 8.1.7.50821 - Pulse Secure, LLC) Pulse Secure Host Checker (HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\PulseSecure_Host_Checker) (Version: 8.1.7.50821 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\Juniper_Setup_Client) (Version: 8.1.7.61533 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Terminal Services Client (HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\Juniper_Term_Services) (Version: 8.1.7.41041 - Pulse Secure, LLC) Rapport (x32 Version: 3.5.1804.81 - Trusteer) Hidden Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5975 - Realtek Semiconductor Corp.) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) Self-service Plug-in (x32 Version: 4.6.0.14932 - Citrix Systems, Inc.) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.14.201610101042 - Sony Mobile Communications Inc.) Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony) Symantec Encryption Desktop (HKLM\...\{A9464A51-5FEB-4BF3-8116-026D299F2866}) (Version: 10.3.2.15413 - Symantec Corporation) Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation) TeamViewer 12 Host (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer) TeamViewer 12 Host (MSI Wrapper) (HKLM-x32\...\{146C4A0D-592D-4D7E-A637-6BC18BA614F8}) (Version: 12.1.6829 - TeamViewer) Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.81 - Trusteer) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Xperia Companion (HKLM-x32\...\{efee6944-1231-492a-a157-93409130a098}) (Version: 1.4.7.0 - Sony) Xperia Companion (x32 Version: 1.4.7.0 - Sony) Hidden Xperia Companion Service (Version: 1.4.7.0 - Sony) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3129900288-4173637057-1646714126-22263_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3129900288-4173637057-1646714126-22263_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {078821C6-D9A6-4675-B9A1-72776DFA7F37} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {1B05DA68-13CA-432F-A62B-9B982844923C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-12] (Google Inc.) Task: {29A510DB-7892-4BC0-B7D0-9F1E33BEAAE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3129900288-4173637057-1646714126-22263Core => C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {2D5CF80A-E806-4ED8-B6B3-6659F4AAC141} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-12] (Google Inc.) Task: {4542AFB5-5986-4C88-A498-F3D971EEC382} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {472F1135-DAA5-400E-9600-BE72DEC050E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3129900288-4173637057-1646714126-22263UA => C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {5EF1802C-0141-415E-82D5-78D6FD95852F} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2016-06-20] (Microsoft Corporation) Task: {720D35A8-CC49-4414-9D4F-B26FA0D6880F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation) Task: {9034D969-01AC-4A07-9A08-DCDEAEF5E02F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd) Task: {956994A9-185E-46E6-8A30-50F0AA9D0C76} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation) Task: {BA83CB03-E907-4D2E-A575-B39F247F1028} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation) Task: {C1E2B6DF-BE1B-4948-B68E-93C887C377DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation) Task: {CB118930-6E3E-4F04-A2B3-5172EB677AD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-25] (Adobe Systems Incorporated) Task: {DC005099-992D-4E4A-947C-65CD7E434B0A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation) Task: {E26779DC-B3C0-4B95-8AB7-C1F067D35082} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-01-17] (Microsoft Corporation) Task: {F9A87D02-2025-438D-A2F3-1739B5E43D02} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-11-01] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) WMI_ActiveScriptEventConsumer_DellPowerManagerPowerStateChangeEventConsumer: WMI_ActiveScriptEventConsumer_DellPowerManagerUserLoginEventConsumer: WMI_ActiveScriptEventConsumer_DellPowerManagerPolicyChangeEventConsumer: WMI_ActiveScriptEventConsumer_DellPowerManagerAlertEventConsumer: WMI_ActiveScriptEventConsumer_DellPowerManagerPowerPlanSettingChangeEventConsumer: WMI_ActiveScriptEventConsumer_DellPowerManagerPowerPlanChangeEventConsumer: ShortcutWithArgument: C:\Users\arkadiusz.nawrocki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vysor.lnk -> C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gidgenkbbabolejbgbpnhbimgjbffefm ==================== Loaded Modules (Whitelisted) ============== 2013-11-19 16:17 - 2007-07-13 04:37 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll 2015-09-23 22:05 - 2017-01-17 03:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-10-21 23:17 - 2016-10-21 23:17 - 09149952 _____ () C:\Program Files (x86)\Dell\KACE\konea.exe 2016-03-10 14:23 - 2012-03-12 10:05 - 00232288 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2016-08-23 10:07 - 2016-08-23 10:07 - 01797352 _____ () C:\Program Files\DisplayLink Core Software\8.0.778.0\AddOnApi64.dll 2015-09-25 04:43 - 2016-05-24 17:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:273 [0] AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204 [0] AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3258 [0] AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3359 [0] AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:95 [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\amazon.com -> amazon.com IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com IE trusted site: HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\amazon.com -> hxxps://amazon.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\Control Panel\Desktop\\Wallpaper -> C:\Users\arkadiusz.nawrocki\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Amazon 1Button App Service => 2 MSCONFIG\Services: GoProDeviceDetectionService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: swprv => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PGPtray.exe.lnk => C:\Windows\pss\PGPtray.exe.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^arkadiusz.nawrocki^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bluejeans-helper.vbs => C:\Windows\pss\bluejeans-helper.vbs.Startup MSCONFIG\startupreg: Google Update => C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart MSCONFIG\startupreg: GoPro Tray App => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe MSCONFIG\startupreg: GoToMeeting => "C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe" "/Trigger RunAtLogon" MSCONFIG\startupreg: GoToMeetingInstall1009 => "C:\Program Files (x86)\Citrix\GoToMeeting\1009\G2MInstaller.exe" "/Action InstallAtLogon" "/DeploymentId 1009:528aba82" MSCONFIG\startupreg: GoToMeetingInstall1082 => "C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MInstaller.exe" "/Action InstallAtLogon" "/DeploymentId 1082:528aba70" MSCONFIG\startupreg: GoToMeetingInstall1132 => "C:\Program Files (x86)\Citrix\GoToMeeting\1132\G2MInstaller.exe" "/Action InstallAtLogon" "/DeploymentId 1132:528aba7f" MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office 15\Root\Office15\lync.exe" /fromrunkey MSCONFIG\startupreg: Obics => C:\Users\arkadiusz.nawrocki\AppData\Local\Obics\tmp622B.exe MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: uTorrent => "C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{C5142833-B7DC-4712-9B1D-336312962E26}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{F1E80717-E0E9-42D1-B3E4-3C758B384AD3}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{48079264-9E6E-4EB3-9DC1-6261D802DFE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D9191D99-C90D-4EB1-B424-B9B68322B8E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{211CBB2C-940B-43A9-BBB7-68D508A0BC47}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe FirewallRules: [{5A02F2DD-FA4F-4291-982B-FD49B02E7003}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe FirewallRules: [{ED677F1E-4E1C-4B4F-89D1-EFB3FB18AF99}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe FirewallRules: [{4BB85560-E4D2-400F-BF52-99E06B9C6EAE}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe FirewallRules: [{52DCAC11-E739-459D-990A-ABDDD5C3EB8C}] => (Allow) LPort=4481 FirewallRules: [{EBCE0D7C-66F9-4D46-AA0C-F498FFCA36E6}] => (Allow) LPort=4481 FirewallRules: [{9EFAA25C-8050-43D6-9FAA-17332D65BA36}] => (Allow) LPort=4482 FirewallRules: [{618AE407-F1C6-43EC-8B65-5A6037816C03}] => (Allow) LPort=4482 FirewallRules: [{B41B1B8F-A8FF-412E-BABB-E9638B4CB83F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{A53D3128-D9D3-4AF7-9422-9E34602FDD3C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{6B98FD03-1632-489F-B11D-39D020DE104D}] => (Allow) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{567CB041-A603-4815-948F-BA23FF1F58D8}] => (Allow) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D8DA3DA6-9A91-4652-A15B-55FFF661CBAD}] => (Allow) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{08EBCC62-7BD7-486C-988B-342745AFF7C3}] => (Allow) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3021ADDB-D51D-404A-89DE-06EE1E7DD99F}] => (Allow) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{797DB1BB-45B4-437A-B06E-22AE368DA579}] => (Allow) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{08558761-A85D-48DB-B727-92AFD72C799C}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{DBC9B277-FE53-4AE1-B6E5-4FBB681EBE1B}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{3EC76630-D2D1-4AF1-BFE6-876F81EC6AA5}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{CC9AEFA9-786F-4049-9D25-E81867993ED9}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{6D74E061-AC4C-497D-85A7-41F17D5F3E9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FB8C5E00-6861-422F-B4CD-89B81D2F1E26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0C684557-3EC6-4C54-9F64-42B0C69CBE87}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{3F8EB2E6-C93B-4A66-85C3-430DA03CEA8D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{92BC7096-EA25-4D7F-8F25-24A7D97B4535}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{66B5BBDE-A9A1-47A3-A086-EC75C38B0709}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{6FEB1660-71DE-4DD0-90C9-2564B1F0966A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{F2349CD2-5B91-4C95-9CF5-6E8CCB0CC1DE}] => (Allow) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.6_42042.exe FirewallRules: [{F6FAC924-CE44-4394-96A9-D185688E2917}] => (Allow) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.6_42042.exe FirewallRules: [{91506B11-2914-40AC-9C99-08A266FB107E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{61469891-FE48-409F-B7EA-56B6119F31D0}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe FirewallRules: [{DF1DAEB7-FDB1-4917-BA12-24CF94F3FAAA}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe FirewallRules: [{B034D8A8-8634-4A8D-9959-A4BCC9E03B3A}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe FirewallRules: [{9EE5AEBB-87A9-49F4-B8FB-3BA366633968}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe FirewallRules: [{7505CCAD-AC0A-4C76-BC13-DB3925E1FED4}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe FirewallRules: [{4ACCDB8E-B50A-4A55-AAD5-9D72CE1C5511}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{FF4A12F0-0F3A-44C2-80B4-1F03ED08E3EA}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{167DD6E4-CC29-4D43-818C-8564CB4588F7}] => (Allow) C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{5D2D42FB-16A5-48C1-A5A4-D631CD819FD1}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe FirewallRules: [{C8ABF86B-CB17-46E8-AEE0-F5BED9CEE0D5}] => (Allow) C:\Windows\explorer.exe FirewallRules: [{7474649A-0CB3-4DF2-97FD-A6CE57471D19}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{5C50525B-A524-4E92-B5DC-ABE246B4A6AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{94A7B0D2-F7DE-42DC-B539-A27D666D375B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D99C4398-EEF1-40BB-A885-9A2E5E78444F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{DC6222A1-81B5-43DE-94A7-F1CF0B941751}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Broadcom USH w/swipe sensor Description: Broadcom USH w/swipe sensor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Broadcom USH Description: Broadcom USH Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/05/2017 10:06:31 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (03/05/2017 10:06:31 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (03/05/2017 10:00:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.23537, time stamp: 0x57c44efe Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0651 Exception code: 0xc0000374 Fault offset: 0x00000000000bf3e2 Faulting process id: 0x1780 Faulting application start time: 0x01d295f1e2b6a2e4 Faulting application path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: c5d7c647-01e6-11e7-adc8-a0a8cdc052b9 Error: (03/05/2017 09:51:20 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (03/05/2017 09:51:20 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (03/05/2017 09:48:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.23537, time stamp: 0x57c44efe Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0651 Exception code: 0xc0000374 Fault offset: 0x00000000000bf3e2 Faulting process id: 0x1cac Faulting application start time: 0x01d295f0eef964cd Faulting application path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 1c470d8b-01e5-11e7-adc8-a0a8cdc052b9 Error: (03/05/2017 09:41:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0651 Exception code: 0xc0000374 Fault offset: 0x00000000000bf3e2 Faulting process id: 0x1f18 Faulting application start time: 0x01d295f0e1fa1e07 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 201b4c55-01e4-11e7-adc8-a0a8cdc052b9 Error: (03/05/2017 09:41:35 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ]. Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (03/05/2017 09:41:35 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Obtain a callable interface for this provider List interfaces for all providers supporting this context Query Shadow Copies Context: Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5} Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Snapshot Context: 13 Snapshot Context: 13 Execution Context: Coordinator Error: (03/05/2017 09:41:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0651 Exception code: 0xc0000374 Fault offset: 0x00000000000bf3e2 Faulting process id: 0xb6c Faulting application start time: 0x01d295f0d6dcc639 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 1a0dac82-01e4-11e7-adc8-a0a8cdc052b9 System errors: ============= Error: (03/05/2017 09:58:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (03/05/2017 09:58:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (03/05/2017 09:58:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (03/05/2017 09:58:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (03/05/2017 09:58:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (03/05/2017 09:58:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (03/05/2017 09:56:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (03/05/2017 09:56:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (03/05/2017 09:56:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (03/05/2017 09:56:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz Percentage of memory in use: 41% Total physical RAM: 8097.48 MB Available physical RAM: 4743.15 MB Total Virtual: 16193.14 MB Available Virtual: 12746.54 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:224.33 GB) (Free:105.64 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 9027B24E) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=14.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=224.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================