Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-12-2014 Ran by Erhu at 2014-12-13 22:48:27 Running from C:\Users\Erhu\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2688596455-2242333191-3207443447-1000\...\uTorrent) (Version: 3.4.2.36615 - BitTorrent Inc.) Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated) Adobe Flash Player 15 Pepper (HKLM\...\Adobe Flash Player Pepper) (Version: 15.0.0.215 - Adobe Systems Incorporated) Express Scribe Transcription Software (HKLM\...\Scribe) (Version: 5.69 - NCH Software) f.lux (HKU\S-1-5-21-2688596455-2242333191-3207443447-1000\...\Flux) (Version: - ) foobar2000 v1.3.6 (HKLM\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski) Free Alarm Clock 3.1.0 (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group) K-Lite Codec Pack 10.8.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.8.5 - ) Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) NapiProjekt (2.2.0.2399) (HKLM\...\NapiProjekt_is1) (Version: - ) OpenOffice 4.1.1 (HKLM\...\{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}) (Version: 4.11.9775 - Apache Software Foundation) Opera Stable 26.0.1656.32 (HKLM\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA) Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.) WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2688596455-2242333191-3207443447-1000_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\Users\Erhu\Desktop\Programy\BESTplayer.exe (Karol Winnicki) ==================== Restore Points ========================= 30-11-2014 17:03:31 Windows Update 30-11-2014 18:05:46 Windows Update 30-11-2014 18:26:04 Windows Update 02-12-2014 01:51:29 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 02-12-2014 01:52:45 Zainstalowano: OpenOffice 4.1.1 03-12-2014 23:10:58 Windows Update 07-12-2014 04:44:21 Windows Update 10-12-2014 14:05:34 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {6A9AED25-7317-465D-AB06-B6DE50237BBB} - System32\Tasks\Opera scheduled Autoupdate 1417367065 => C:\Program Files\Opera\launcher.exe [2014-11-25] (Opera Software) Task: {71073A4B-DF0D-4DBD-8FE7-7352341CB729} - System32\Tasks\{F0B161FE-361B-4888-898F-5C2C3AD3ACD8} => c:\program files\opera\launcher.exe [2014-11-25] (Opera Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (whitelisted) ============= 2014-12-04 00:02 - 2014-12-04 00:02 - 00535160 _____ () C:\Program Files\Opera\26.0.1656.32\opera_crashreporter.exe 2014-12-04 00:02 - 2014-12-04 00:02 - 09312888 _____ () C:\Program Files\Opera\26.0.1656.32\pdf.dll 2014-12-04 00:02 - 2014-12-04 00:02 - 00991352 _____ () C:\Program Files\Opera\26.0.1656.32\ffmpegsumo.dll 2014-12-01 13:54 - 2014-12-01 13:54 - 14910128 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer32_15_0_0_215.dll 2014-12-04 00:02 - 2014-12-04 00:02 - 01358456 _____ () C:\Program Files\Opera\26.0.1656.32\libglesv2.dll 2014-12-04 00:02 - 2014-12-04 00:02 - 00219256 _____ () C:\Program Files\Opera\26.0.1656.32\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2688596455-2242333191-3207443447-500 - Administrator - Disabled) Erhu (S-1-5-21-2688596455-2242333191-3207443447-1000 - Administrator - Enabled) => C:\Users\Erhu Guest (S-1-5-21-2688596455-2242333191-3207443447-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/13/2014 10:10:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/13/2014 09:39:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/10/2014 00:54:55 AM) (Source: MsiInstaller) (EventID: 11309) (User: Erhu-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it. Error: (12/03/2014 11:57:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/02/2014 03:50:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/02/2014 01:55:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/01/2014 01:03:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/30/2014 05:49:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/30/2014 05:42:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (12/13/2014 09:36:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (12/13/2014 09:36:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (12/13/2014 08:42:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (12/08/2014 09:32:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 113.38.0.0 Update Source: %NT AUTHORITY51 Update Stage: 4.6.0305.00 Source Path: 4.6.0305.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/08/2014 09:32:13 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.189.1549.0 Update Source: %NT AUTHORITY51 Update Stage: 4.6.0305.00 Source Path: 4.6.0305.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/08/2014 09:32:13 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.189.1549.0 Update Source: %NT AUTHORITY51 Update Stage: 4.6.0305.00 Source Path: 4.6.0305.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/08/2014 09:31:29 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.189.1549.0 Update Source: %NT AUTHORITY59 Update Stage: 4.6.0305.00 Source Path: 4.6.0305.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/03/2014 11:56:00 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 21:04:44 on ‎2014-‎12-‎02 was unexpected. Error: (12/02/2014 03:49:03 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 15:45:46 on ‎2014-‎12-‎02 was unexpected. Error: (12/02/2014 01:54:28 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 13:52:59 on ‎2014-‎12-‎02 was unexpected. Microsoft Office Sessions: ========================= Error: (12/13/2014 10:10:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/13/2014 09:39:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/10/2014 00:54:55 AM) (Source: MsiInstaller) (EventID: 11309) (User: Erhu-PC) Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (12/03/2014 11:57:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/02/2014 03:50:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/02/2014 01:55:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/01/2014 01:03:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/30/2014 05:49:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/30/2014 05:42:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz Percentage of memory in use: 70% Total physical RAM: 2008.36 MB Available physical RAM: 587.7 MB Total Pagefile: 4016.73 MB Available Pagefile: 2288.33 MB Total Virtual: 2047.88 MB Available Virtual: 1900.27 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:168.35 GB) NTFS Drive d: () (Fixed) (Total:270.45 GB) (Free:61.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 39D5FD5C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================