Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01 Ran by ZolwieGalapagos at 2015-01-29 11:31:11 Running from C:\Users\ZolwieGalapagos\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-43850688-3849737671-2875471931-1000\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo) COMODO Internet Security Premium (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.) Dropbox (HKU\S-1-5-21-43850688-3849737671-2875471931-1000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.) foobar2000 v1.1.11 (HKLM\...\foobar2000) (Version: 1.1.11 - Peter Pawlowski) Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.7.39.123 - Foxit Software Inc.) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.) GeekBuddy (HKLM\...\{D456E320-F256-4FBB-B73A-B617BFC77DEA}) (Version: 4.13.120 - Comodo Security Solutions Inc) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc) Mozilla Firefox 35.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 35.0.1 (x86 pl)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla) NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Opera Stable 27.0.1689.54 (HKLM\...\Opera 27.0.1689.54) (Version: 27.0.1689.54 - Opera Software ASA) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge) PowerISO (HKLM\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.) Skype™ 6.0 (HKLM\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.) WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH) XnView 1.98.8 (HKLM\...\XnView_is1) (Version: 1.98.8 - Gougelet Pierre-e) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-43850688-3849737671-2875471931-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-43850688-3849737671-2875471931-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-43850688-3849737671-2875471931-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-43850688-3849737671-2875471931-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-43850688-3849737671-2875471931-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-43850688-3849737671-2875471931-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-43850688-3849737671-2875471931-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-43850688-3849737671-2875471931-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-43850688-3849737671-2875471931-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 27-01-2015 13:49:18 Windows Update 27-01-2015 14:05:31 Windows Update 27-01-2015 14:12:56 Windows Update 27-01-2015 14:43:30 Installed Microsoft Office Enterprise 2007 27-01-2015 15:16:31 Installing COMODO Internet Security Premium 27-01-2015 15:17:37 Device Driver Package Install: COMODO Network Service 29-01-2015 08:02:57 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1788A526-79E8-408E-905E-5508164B24F6} - System32\Tasks\AdobeAAMUpdater-1.0-ZolwieGalapago-ZolwieGalapagos => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {30FDD390-538D-420C-9948-3596C9300643} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO) Task: {3324DA05-9DFA-40EB-B84F-599468259C26} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO) Task: {4509E7B1-7E97-428D-8980-496D5E30D516} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO) Task: {6023ADD3-0E19-4495-9D0F-B227DDBC6C97} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO) Task: {61ACA87F-51F1-4A04-B389-82DFB2DEDA69} - System32\Tasks\Opera scheduled Autoupdate 1422363398 => C:\Program Files\Opera\launcher.exe [2015-01-23] (Opera Software) Task: {AD3B7FB3-2D32-4B82-9DCF-3BF732ABC44B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (whitelisted) ============= 2015-01-27 14:18 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2015-01-08 21:44 - 2015-01-08 21:44 - 00750080 _____ () C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-29 11:21 - 2015-01-29 11:21 - 00043008 _____ () c:\Users\ZolwieGalapagos\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo9a6le.dll 2015-01-08 21:44 - 2015-01-08 21:44 - 00047616 _____ () C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-01-08 21:44 - 2015-01-08 21:44 - 00863744 _____ () C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-01-08 21:44 - 2015-01-08 21:44 - 00200704 _____ () C:\Users\ZolwieGalapagos\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2013-04-15 17:39 - 2013-04-15 17:39 - 00070352 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2014-09-17 06:40 - 2014-09-17 06:40 - 00976080 _____ () C:\Program Files\Comodo\GeekBuddy\QtNetwork4.dll 2014-09-17 06:40 - 2014-09-17 06:40 - 02254544 _____ () C:\Program Files\Comodo\GeekBuddy\QtCore4.dll 2014-09-17 06:40 - 2014-09-17 06:40 - 08024784 _____ () C:\Program Files\Comodo\GeekBuddy\QtGui4.dll 2014-09-17 06:40 - 2014-09-17 06:40 - 00032976 _____ () C:\Program Files\Comodo\GeekBuddy\imageformats\qgif4.dll 2014-09-17 06:40 - 2014-09-17 06:40 - 01299664 _____ () C:\Program Files\Comodo\GeekBuddy\QtScript4.dll 2015-01-27 13:58 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sm56co85.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\BCMWL6.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\MODEMCSA.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\sffp_sd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\smserial.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\1. Krystian Zabielski CV 1.png:$CmdZnID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\2. Krystian Zabielski CV 2.png:$CmdZnID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\Annual_report_Kleven_2013.pdf:$CmdZnID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\cv AI - od Tomka Bachora, + wysoko umiejętność sprawnego zarzadzanie zespołem na placu działania.ai:$CmdZnID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\FRST.exe:$CmdTcID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\FRST.exe:$CmdZnID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\OTL.exe:$CmdTcID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\OTL.exe:$CmdZnID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\power-of-attorney-e.pdf:$CmdZnID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\Tkaniny 05.01.2014.rar:$CmdZnID AlternateDataStreams: C:\Users\ZolwieGalapagos\Desktop\Working in the Norwegian Shipyard industry 1111.pdf:$CmdZnID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-43850688-3849737671-2875471931-500 - Administrator - Disabled) Guest (S-1-5-21-43850688-3849737671-2875471931-501 - Limited - Disabled) ZolwieGalapagos (S-1-5-21-43850688-3849737671-2875471931-1000 - Administrator - Enabled) => C:\Users\ZolwieGalapagos ==================== Faulty Device Manager Devices ============= Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/27/2015 03:29:47 PM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis Error: (01/27/2015 03:29:47 PM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis Error: (01/27/2015 03:29:47 PM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis Error: (01/27/2015 03:29:47 PM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis Error: (01/27/2015 03:29:47 PM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis Error: (01/27/2015 03:29:47 PM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisAlertCisAlert//./root/cis Error: (01/27/2015 03:29:47 PM) (Source: WinMgmt) (EventID: 24) (User: ) Description: CisWmiSELECT * FROM CisEventCisEvent//./root/cis Error: (01/27/2015 03:29:47 PM) (Source: WinMgmt) (EventID: 24) (User: ) Description: SELECT * FROM CisStatusChangeCisStatusChange//./root/cis Error: (01/27/2015 03:29:47 PM) (Source: WinMgmt) (EventID: 24) (User: ) Description: SELECT * FROM CisNotificationCisNotification//./root/cis Error: (01/27/2015 03:29:47 PM) (Source: WinMgmt) (EventID: 24) (User: ) Description: SELECT * FROM FwAlertFwAlert//./root/cis System errors: ============= Error: (01/29/2015 11:20:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Modules Installer service terminated with the following error: %%16405 Error: (01/29/2015 09:05:48 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: ) Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. Error: (01/27/2015 02:37:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The Foxit Cloud Safe Update Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz Percentage of memory in use: 64% Total physical RAM: 2046.43 MB Available physical RAM: 719.8 MB Total Pagefile: 4092.86 MB Available Pagefile: 2374.93 MB Total Virtual: 2047.88 MB Available Virtual: 1873.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:129.9 GB) (Free:102.14 GB) NTFS Drive d: (Orzeł 1) (Fixed) (Total:284.32 GB) (Free:43.95 GB) NTFS Drive e: (Flawian) (Fixed) (Total:284.32 GB) (Free:146.88 GB) NTFS Drive f: (UDF Volume) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: D269EAA3) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=129.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=284.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=284.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================