Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01 Ran by Szmon at 2014-11-25 22:15:26 Running from C:\Users\Szmon\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kingsoft Antivirus System Defense (Enabled - Up to date) {B6A51389-A795-5AC9-13BA-F569D73F3FE8} AS: Kingsoft Antivirus System Defense (Enabled - Up to date) {0DC4F26D-81AF-5547-290A-CE1BACB87555} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Kingsoft Antivirus 2012 (HKLM-x32\...\Kingsoft Internet Security) (Version: 2012.5.7 - Kingsoft Internet Security) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team) NVIDIA Sterownik graficzny 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.) Panel sterowania NVIDIA 344.75 (Version: 344.75 - NVIDIA Corporation) Hidden Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6039 - Realtek Semiconductor Corp.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) WinRAR 5.11 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) ==================== Loaded Modules (whitelisted) ============= 2014-11-20 14:48 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-11-16 12:26 - 2014-11-11 19:48 - 01171456 _____ () D:\Steam\libavcodec-56.dll 2014-11-16 12:26 - 2014-11-11 19:48 - 00442368 _____ () D:\Steam\libavutil-54.dll 2014-11-16 12:26 - 2014-11-11 19:48 - 00332800 _____ () D:\Steam\libavresample-2.dll 2014-11-16 12:27 - 2014-11-11 19:47 - 00774656 _____ () D:\Steam\SDL2.dll 2014-11-16 12:27 - 2014-11-18 21:23 - 02227904 _____ () D:\Steam\video.dll 2014-11-16 12:26 - 2014-11-11 19:48 - 00403968 _____ () D:\Steam\libavformat-56.dll 2014-11-16 12:26 - 2014-11-11 19:48 - 00485888 _____ () D:\Steam\libswscale-3.dll 2014-11-16 12:27 - 2014-11-18 21:23 - 00690880 _____ () D:\Steam\bin\chromehtml.DLL 2014-11-16 12:27 - 2014-11-11 19:48 - 34589888 _____ () D:\Steam\bin\libcef.dll 2014-11-16 12:26 - 2014-11-11 19:48 - 00837824 _____ () D:\Steam\bin\ffmpegsumo.dll 2014-11-20 16:27 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll 2014-11-20 16:27 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll 2014-11-20 16:27 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll 2014-11-20 16:27 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: NvNetworkService => 2 MSCONFIG\Services: NvStreamSvc => 2 MSCONFIG\Services: nvUpdatusService => 2 MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: kxesc => "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart ========================= Accounts: ========================== Administrator (S-1-5-21-2144971064-2478149561-1301381655-500 - Administrator - Disabled) Gość (S-1-5-21-2144971064-2478149561-1301381655-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2144971064-2478149561-1301381655-1002 - Limited - Enabled) Szmon (S-1-5-21-2144971064-2478149561-1301381655-1000 - Administrator - Enabled) => C:\Users\Szmon ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (11/25/2014 08:38:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Wstępne ładowanie do pamięci zakończyła działanie; wystąpił następujący błąd: %%2 Error: (11/25/2014 06:35:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Wstępne ładowanie do pamięci zakończyła działanie; wystąpił następujący błąd: %%2 Microsoft Office Sessions: =========================