Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 01 Ran by Agata at 2015-02-12 00:28:04 Running from C:\Users\Agata\Desktop\GMER Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: Zapora osobista ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.) Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated) Advanced Disk Recovery 2011 (HKLM-x32\...\{2AA44AF4-C116-4219-B800-4573E7E6D421}_is1) (Version: - Systweak, Inc.) Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft) Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft) Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) blueconnect (HKLM-x32\...\blueconnect) (Version: 11.002.03.07.49 - Huawei Technologies Co.,Ltd) Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 1.0.2.0 - Brother Industries, Ltd.) Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden CEWE Fotoswiat (HKLM-x32\...\CEWE Fotoswiat) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1002 - CyberLink Corp.) Digital Image Recovery 1.47 (HKLM-x32\...\Digital Image Recovery_is1) (Version: - Alexander Grau) DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.) DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.) DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.) DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Plus Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.) DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.) DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.0928 - CyberLink Corp.) ESET Smart Security (HKLM\...\{A9550052-52AD-414B-AB58-74F0D7DC8188}) (Version: 8.0.304.2 - ESET, spol s r. o.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Earth (HKLM-x32\...\{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}) (Version: 4.3.7204.836 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.) Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.25149 - Hauppauge Computer Works, Inc.) Hewlett-Packard Active Check (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.62.5 - HP) Hidden HP Active Support Library (HKLM-x32\...\{11BB336F-0E58-4977-B866-F24FA334616B}) (Version: 2.3.0.2 - Hewlett-Packard) HP Customer Experience Enhancements (HKLM-x32\...\{BD0E2B92-3814-46F0-893B-4612EA010C7E}) (Version: 5.4.0.2430 - Hewlett-Packard) HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.02.0001 - Hewlett-Packard) HP Easy Setup - Frontend (HKLM-x32\...\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}) (Version: 5.4.0.2430 - Hewlett-Packard) HP Help and Support (HKLM\...\{A348C751-0EFF-4B9D-8065-B5339BEFBE27}) (Version: 1.5.0 - Hewlett-Packard) HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP) HP Quick Launch Buttons 6.30 E1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.30 E1 - Hewlett-Packard) HP QuickPlay 3.6 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - ) HP QuickTouch 1.00 C3 (HKLM\...\{11192F89-510C-4E23-A62A-D3BEA9139596}) (Version: 1.0.5 - Hewlett-Packard) HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 3.0.17.0 - Hewlett-Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HP User Guides 0088 (HKLM-x32\...\{8347A7A5-4AB8-433F-82AA-496B0D189A9B}) (Version: 1.02.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}) (Version: 3.00 H2 - Hewlett-Packard) HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_Tattoo (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookHolidayPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookModernPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookPlayfulPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookScrapbookPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - ) Internet Mobilny (HKLM-x32\...\Internet Mobilny) (Version: 16.002.03.07.755 - Huawei Technologies Co.,Ltd) LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2128 - CyberLink Corp.) Messaging API and Collaboration Data Objects 1.2.1 (HKLM-x32\...\{5A8751A2-684E-4D42-846C-3A58CE36C1F9}) (Version: 6.5.8244.0 - Microsoft) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.) Motorola SM56 Data Fax Modem (HKLM\...\SMSERIAL) (Version: - ) Mozilla Thunderbird 9.0.1 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 9.0.1 (x86 pl)) (Version: 9.0.1 - Mozilla) MSXML 4.0 SP2 (KB936181) (HKLM-x32\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) muvee autoProducer 6.1 (HKLM-x32\...\{250E9609-E830-43EB-B379-DAB7546A2422}) (Version: 6.10.050 - muvee Technologies) My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation) PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.) PhotoNow! (HKLM-x32\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.0.4518 - CyberLink Corp.) PIT Format 2011 (HKLM-x32\...\PIT Format 2011_is1) (Version: - Biuro Informatyki Stosowanej FORMAT) Podatnik.info PIT pro 2013 wersja 2.0.19.29343 (HKLM-x32\...\{B239B43B-3E99-40B0-80BF-1B1BCA868D4E}_is1) (Version: 2.0.19.29343 - Podatnik.info Sp. z o.o.) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3327 - CyberLink Corp.) PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2129 - CyberLink Corp.) PowerDirector (x32 Version: 6.5.2129 - CyberLink Corp.) Hidden PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickPlay SlingPlayer 0.4.6 (HKLM-x32\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia) QuickTime (HKLM-x32\...\QuickTime) (Version: - ) Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5494 - Realtek Semiconductor Corp.) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - ) ScanSoft PaperPort 11 (HKLM-x32\...\{5C4ED859-875F-4299-AA2C-E0E393BDCD21}) (Version: 11.2.0000 - Nuance Communications, Inc.) ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) Slingbox Flash Tour (HKLM-x32\...\{38EAC694-0D90-445F-8C17-8B50ADFE3162}) (Version: 1.0.0 - Sling Media) SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media) SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden Winamp Toolbar for Firefox (HKLM-x32\...\Winamp Toolbar for Firefox) (Version: 5.1.3.1 - AOL LLC) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 11-02-2015 23:40:00 Restore Point Created by FRST 12-02-2015 00:15:32 Removed Ask Toolbar. 12-02-2015 00:16:38 Removed Ask Toolbar. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 13:34 - 2006-09-18 22:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00FACD50-69AD-419D-A35C-512BD146AC18} - System32\Tasks\{CB2A84E5-9C1E-4EB0-9EDA-4D9CBED5B0C9} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.) Task: {6B386BD7-1164-4023-8E62-652C33CB78D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {87BC1991-0AAE-43C1-8A2C-FDDC03C6DC83} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {B640C582-D9CC-4940-94D5-D2B47D751512} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Agata => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation) Task: {CACF08D1-FA26-4979-984D-D750CB5D3BE4} - System32\Tasks\Microsoft\Windows\RestartManager\{567308CC-5512-4266-82E4-9F3B57B4FB93} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation) Task: {DDEA9F69-F49C-4792-A645-D34545B53B60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {EE04BF78-3D88-417D-B7A2-FE16D0140550} - System32\Tasks\HPCeeScheduleForAgata => C:\Program Files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-09-28] (Hewlett-Packard) Task: {FC89B10A-1231-4604-AD01-3F5B53FC7208} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\SDP\RemEngine.exe [2007-09-28] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForAgata.job => C:\Program Files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2010-05-08 12:48 - 2010-05-08 12:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe 2008-04-11 19:59 - 2007-12-20 03:28 - 00271760 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 2008-02-18 07:55 - 2007-01-09 11:25 - 00272024 _____ () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe 2008-04-11 19:59 - 2007-12-20 03:28 - 00112016 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe 2007-05-16 19:43 - 2007-05-16 19:43 - 00677432 ____R () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe 2008-04-11 19:59 - 2007-12-20 03:27 - 00074536 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\Common\MCEMediaStatus64.dll 2008-04-11 19:59 - 2007-12-20 03:28 - 00251288 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll 2008-04-11 19:59 - 2007-12-20 03:28 - 00038184 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll 2008-04-11 19:59 - 2007-12-20 03:28 - 00120208 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll 2008-04-11 19:59 - 2007-12-20 03:28 - 00345384 _____ () C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll 2012-01-14 20:35 - 2009-01-09 17:10 - 00139264 ____N () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3558287341-2231117270-3972338399-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HPRadiance.jpg DNS Servers: 194.204.152.34 - 194.204.159.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3558287341-2231117270-3972338399-500 - Administrator - Disabled) Agata (S-1-5-21-3558287341-2231117270-3972338399-1000 - Administrator - Enabled) => C:\Users\Agata Guest (S-1-5-21-3558287341-2231117270-3972338399-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/12/2015 00:17:49 AM) (Source: MsiInstaller) (EventID: 11316) (User: Agata-PC) Description: Product: Ask Toolbar -- Error 1316.The specified account already exists. Error: (02/12/2015 00:16:20 AM) (Source: MsiInstaller) (EventID: 11316) (User: Agata-PC) Description: Product: Ask Toolbar -- Error 1316.The specified account already exists. Error: (02/11/2015 11:48:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 11:48:21 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1033) (User: NT AUTHORITY) Description: 0x80070006 Error: (02/11/2015 11:46:55 PM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{60042969-6CCA-46CD-81D4-22A056C989F3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (02/11/2015 11:41:10 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1033) (User: NT AUTHORITY) Description: 0x80070006 Error: (02/11/2015 11:40:00 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {07b038ce-9de0-49d1-a454-3252e6cef0ec} Error: (02/11/2015 11:20:06 PM) (Source: MsiInstaller) (EventID: 11316) (User: Agata-PC) Description: Product: Ask Toolbar -- Error 1316.The specified account already exists. Error: (02/11/2015 11:02:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 11:02:18 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1033) (User: NT AUTHORITY) Description: 0x80070006 System errors: ============= Error: (02/12/2015 00:25:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%1062 Error: (02/12/2015 00:25:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2 Error: (02/12/2015 00:25:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Secure Socket Tunneling Protocol Service%%2 Error: (02/12/2015 00:25:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2 Error: (02/12/2015 00:25:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Secure Socket Tunneling Protocol Service%%2 Error: (02/12/2015 00:25:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%1062 Error: (02/12/2015 00:25:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Secure Socket Tunneling Protocol Service%%2 Error: (02/12/2015 00:25:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2 Error: (02/12/2015 00:25:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2 Error: (02/12/2015 00:25:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Secure Socket Tunneling Protocol Service%%2 Microsoft Office Sessions: ========================= Error: (08/29/2012 10:37:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2905 seconds with 2580 seconds of active time. This session ended with a crash. Error: (10/15/2009 01:41:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 9381 seconds with 9180 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-02-06 00:04:11.172 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-06 00:04:10.807 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-06 00:04:10.442 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-06 00:04:10.077 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-06 00:04:08.512 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-06 00:04:08.192 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-06 00:04:07.862 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-06 00:04:07.542 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-06 00:03:59.460 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-02-06 00:03:59.140 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz Percentage of memory in use: 41% Total physical RAM: 4093.5 MB Available physical RAM: 2401.63 MB Total Pagefile: 8400.27 MB Available Pagefile: 6600.61 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:285.04 GB) (Free:7.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (HP_RECOVERY) (Fixed) (Total:13.05 GB) (Free:2.4 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: C5FCBD5F) Partition 1: (Active) - (Size=285 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=13 GB) - (Type=07 NTFS) ==================== End Of Log ============================