Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 Ran by Małgorzta Żendzian at 2015-01-28 14:13:16 Running from C:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Aktualizacja zabezpieczeń dla systemu Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.342-070202a1-041057C - ) ATK0100 ACPI UTILITY (HKLM\...\HControl) (Version: - ) Attansic Giga Ethernet Utility (HKLM\...\{1F698102-5739-441E-96F0-74F4EA540F06}) (Version: 1.0 - ) Attansic L2 Fast Ethernet Driver (HKLM\...\AtcL2) (Version: - ) Borland Database Engine Setup (HKLM\...\Borland Database Engine Setup) (Version: - ) Firebird 2.5.0.26074 (Win32) (HKLM\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project) G DATA ANTIVIRUS (HKLM\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.2.2 - G DATA Software AG) Holter LX Analysis 5.3D (HKLM\...\{B6535709-ED54-4D4B-B228-B6D3E8790FF8}) (Version: 5.3.106 - NorthEast Monitoring Inc.) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) Java(TM) SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: - ) MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) OpenOffice.org 3.3 (HKLM\...\{0141D498-16DA-4221-A529-1D7A64BE8B05}) (Version: 3.3.9567 - OpenOffice.org) Plustek OpticSlim 2600 (HKLM\...\{C0EEB671-169B-4423-971D-B2D710FE9132}) (Version: 5.1.0 - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) Samsung SCX-4300 Series (HKLM\...\Samsung SCX-4300 Series) (Version: - Samsung Electronics CO.,LTD) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) USB2.0 1.3M WebCam (HKLM\...\USB2.0 1.3M WebCam) (Version: - ) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-01-2015 12:11:11 Punkt kontrolny systemu ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-15 13:00 - 2008-04-15 13:00 - 00000742 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2012-07-25 15:00 - 2011-04-02 15:03 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL 2012-06-26 15:28 - 2008-02-05 08:53 - 00022723 _____ () C:\WINDOWS\system32\sse1ml3.dll 2012-07-25 15:00 - 2011-04-02 15:03 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Samsung PanelMgr => C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun MSCONFIG\startupreg: SMSERIAL => C:\WINDOWS\sm56hlpr.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2025429265-1715567821-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator Gość (S-1-5-21-2025429265-1715567821-1801674531-501 - Limited - Enabled) Małgorzta Żendzian (S-1-5-21-2025429265-1715567821-1801674531-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Małgorzta Żendzian Pomocnik (S-1-5-21-2025429265-1715567821-1801674531-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-2025429265-1715567821-1801674531-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= Name: Karta sieciowa ASUS 802.11g Description: Karta sieciowa ASUS 802.11g Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: ASUS Service: BCM43XX Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Attansic L2 Fast Ethernet 10/100 Base-T Adapter Description: Attansic L2 Fast Ethernet 10/100 Base-T Adapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Attansic Service: AtcL002 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/28/2015 10:58:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd frst.exe, wersja 19.1.2015.0, moduł powodujący błąd frst.exe, wersja 19.1.2015.0, adres błędu 0x0001f09e. Przetwarzanie zdarzenia określonego nośnika dla [frst.exe!ws!] Error: (01/28/2015 10:58:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd frst.exe, wersja 19.1.2015.0, moduł powodujący błąd frst.exe, wersja 19.1.2015.0, adres błędu 0x0001f400. Przetwarzanie zdarzenia określonego nośnika dla [frst.exe!ws!] Error: (01/28/2015 10:29:21 AM) (Source: MsiInstaller) (EventID: 11704) (User: GAB-EKG) Description: Produkt: Adobe Reader XI (11.0.08) - Polish -- Błąd 1704.Instalacja dla Java(TM) SE Runtime Environment 6 Update 1 aktualnie jest zawieszona. Aby kontynuować, należy cofnąć zmiany naniesione przez tę instalację. Czy chcesz cofnąć te zmiany? Error: (01/23/2015 03:03:38 PM) (Source: MsiInstaller) (EventID: 11704) (User: GAB-EKG) Description: Product: JavaFX 2.1.1 -- Error 1704.An installation for Java(TM) SE Runtime Environment 6 Update 1 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Error: (01/23/2015 02:49:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd avguard.exe, wersja 14.0.7.462, moduł powodujący błąd msvcr120.dll, wersja 12.0.21005.1, adres błędu 0x000a7676. Przetwarzanie zdarzenia określonego nośnika dla [avguard.exe!ws!] Error: (01/23/2015 02:35:13 PM) (Source: MsiInstaller) (EventID: 11704) (User: GAB-EKG) Description: Product: JavaFX 2.1.1 -- Error 1704.An installation for Java(TM) SE Runtime Environment 6 Update 1 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes? Error: (01/20/2015 05:18:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd frst.exe, wersja 19.1.2015.0, moduł powodujący błąd frst.exe, wersja 19.1.2015.0, adres błędu 0x0001f09e. Przetwarzanie zdarzenia określonego nośnika dla [frst.exe!ws!] Error: (01/20/2015 03:52:11 PM) (Source: EventSystem) (EventID: 4614) (User: ) Description: System zdarzeń modelu COM+ wykrył niespójność w stanie wewnętrznym. Potwierdzenie "GetLastError() == 122L" zwróciło błąd w wierszu 162 z d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błąd. Error: (01/20/2015 03:52:11 PM) (Source: EventSystem) (EventID: 4614) (User: ) Description: System zdarzeń modelu COM+ wykrył niespójność w stanie wewnętrznym. Potwierdzenie "GetLastError() == 122L" zwróciło błąd w wierszu 162 z d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Skontaktuj się z Pomocą techniczną firmy Microsoft i zgłoś ten błąd. Error: (01/20/2015 02:28:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Aplikacja zawieszająca firefox.exe, wersja 18.0.1.4764, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. System errors: ============= Error: (01/28/2015 00:12:56 PM) (Source: DCOM) (EventID: 10005) (User: GAB-EKG) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi GDScan z argumentami „” w celu uruchomienia serwera: {244F96DF-80AE-45D3-968B-A53D71271177} Error: (01/28/2015 00:12:55 PM) (Source: DCOM) (EventID: 10005) (User: GAB-EKG) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi AVKProxy z argumentami „-Service” w celu uruchomienia serwera: {9CC0C66E-A7B9-4611-8792-EE9833277273} Error: (01/28/2015 00:09:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Ati HotKey Poller niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (01/28/2015 11:30:29 AM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (01/28/2015 11:30:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL Error: (01/28/2015 11:30:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa IPSEC Services zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error: (01/28/2015 11:30:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error: (01/28/2015 11:30:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error: (01/28/2015 11:30:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error: (01/28/2015 11:29:50 AM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Microsoft Office Sessions: ========================= Error: (01/28/2015 10:58:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: frst.exe19.1.2015.0frst.exe19.1.2015.00001f09e Error: (01/28/2015 10:58:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: frst.exe19.1.2015.0frst.exe19.1.2015.00001f400 Error: (01/28/2015 10:29:21 AM) (Source: MsiInstaller) (EventID: 11704) (User: GAB-EKG) Description: Produkt: Adobe Reader XI (11.0.08) - Polish -- Błąd 1704.Instalacja dla Java(TM) SE Runtime Environment 6 Update 1 aktualnie jest zawieszona. Aby kontynuować, należy cofnąć zmiany naniesione przez tę instalację. Czy chcesz cofnąć te zmiany?(NULL)(NULL)(NULL) Error: (01/23/2015 03:03:38 PM) (Source: MsiInstaller) (EventID: 11704) (User: GAB-EKG) Description: Product: JavaFX 2.1.1 -- Error 1704.An installation for Java(TM) SE Runtime Environment 6 Update 1 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL) Error: (01/23/2015 02:49:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: avguard.exe14.0.7.462msvcr120.dll12.0.21005.1000a7676 Error: (01/23/2015 02:35:13 PM) (Source: MsiInstaller) (EventID: 11704) (User: GAB-EKG) Description: Product: JavaFX 2.1.1 -- Error 1704.An installation for Java(TM) SE Runtime Environment 6 Update 1 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL) Error: (01/20/2015 05:18:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: frst.exe19.1.2015.0frst.exe19.1.2015.00001f09e Error: (01/20/2015 03:52:11 PM) (Source: EventSystem) (EventID: 4614) (User: ) Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L Error: (01/20/2015 03:52:11 PM) (Source: EventSystem) (EventID: 4614) (User: ) Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L Error: (01/20/2015 02:28:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe18.0.1.4764hungapp0.0.0.000000000 ==================== Memory info =========================== Processor: Genuine Intel(R) CPU T2130 @ 1.86GHz Percentage of memory in use: 18% Total physical RAM: 1919.17 MB Available physical RAM: 1569.13 MB Total Pagefile: 3813.16 MB Available Pagefile: 3631.23 MB Total Virtual: 2047.88 MB Available Virtual: 1956.99 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:34.18 GB) (Free:22.12 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: () (Fixed) (Total:77.6 GB) (Free:77.34 GB) NTFS Drive e: (SERWIS) (Removable) (Total:14.86 GB) (Free:4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: A8D32665) Partition 1: (Active) - (Size=34.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=77.6 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 14.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=14.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================