Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by pawelix at 2015-03-31 18:25:54 Running from C:\Users\pawelix\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-860636357-3192807667-3840191364-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.) 2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E8178AD9-8146-4752-A006-A972CB9EDB8E}) (Version: - Microsoft) 2007 Microsoft Office Suite Service Pack 2 (SP2) (Version: - Microsoft) Hidden Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2215 - AVAST Software) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd) Gabedit 2.4.2 (HKLM\...\Gabedit_is1) (Version: - Abdul-Rahman Allouche) GG (HKU\S-1-5-21-860636357-3192807667-3840191364-1000\...\GG) (Version: 12 - GG Network S.A.) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) K-Lite Mega Codec Pack 10.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.0 - ) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6416.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Mozilla Firefox 36.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 36.0.1 (x86 pl)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) NapiProjekt 1.0.6.9 (HKLM\...\NapiProjekt_is1) (Version: - ) Opera Stable 28.0.1750.48 (HKLM\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA) SopCast 3.9.3 (HKLM\...\SopCast) (Version: 3.9.3 - www.sopcast.com) System Requirements Lab CYRI (HKLM\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC) TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation) WinRAR 4.01 (32-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-860636357-3192807667-3840191364-1000_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\Users\pawelix\Desktop\BESTplayer.exe (Karol Winnicki) CustomCLSID: HKU\S-1-5-21-860636357-3192807667-3840191364-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\pawelix\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (GG Network S.A.) CustomCLSID: HKU\S-1-5-21-860636357-3192807667-3840191364-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\pawelix\Downloads\non-stop-pol-5699217.exe No File ==================== Restore Points ========================= 03-03-2015 00:56:28 Scheduled Checkpoint 11-03-2015 14:48:17 Scheduled Checkpoint 26-03-2015 21:43:20 Scheduled Checkpoint 31-03-2015 16:34:21 F-Secure malware removal 31-03-2015 16:38:13 avast! antivirus system restore point 31-03-2015 16:59:51 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2011-10-31 08:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0F10AF6F-5308-4C41-B4B8-A356D075B443} - System32\Tasks\Opera scheduled Autoupdate 1418818031 => C:\Program Files\Opera\launcher.exe [2015-03-16] (Opera Software) Task: {3C471362-014E-44D4-A856-D4BB80550E7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {63D7141F-5B87-4219-B5D1-57BDA1D45BF2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-31] (Avast Software s.r.o.) Task: {68DFD31E-5AC8-40D9-A90D-A5514A53BBC6} - System32\Tasks\{6CA1D13D-686E-4637-B49B-CA5189A6EBD0} => pcalua.exe -a "C:\Program Files\Real\RealPlayer\Update\r1puninst.exe" -c RealNetworks|RealPlayer|15.0 Task: {82140FDC-2890-4570-A7D4-EE6F5D61427E} - System32\Tasks\{B3DBDB4C-1236-4C7D-9FDB-428B5F70A9F5} => pcalua.exe -a C:\Users\pawelix\Desktop\PI\Xming-6-9-0-31-setup.exe -d C:\Users\pawelix\Desktop\PI Task: {D846CFDB-E3BC-49F4-B138-14724BF797BE} - System32\Tasks\{12632EE4-CD25-49D0-BDC6-81E253008BB7} => pcalua.exe -a C:\Windows\system32\spool\drivers\w32x86\3\LXBLUN5C.EXE -c -dLexmark Z700-P700 Series (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-31 16:40 - 2015-03-31 16:40 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-03-31 16:39 - 2015-03-31 16:39 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-03-31 10:40 - 2015-03-31 10:40 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15033100\algo.dll 2013-01-10 15:14 - 2009-10-23 12:18 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL 2015-03-18 17:17 - 2015-03-18 17:17 - 00484472 _____ () C:\Program Files\Opera\28.0.1750.48\opera_crashreporter.exe 2015-03-18 17:17 - 2015-03-18 17:17 - 01488504 _____ () C:\Program Files\Opera\28.0.1750.48\libglesv2.dll 2015-03-18 17:17 - 2015-03-18 17:17 - 00079992 _____ () C:\Program Files\Opera\28.0.1750.48\libegl.dll 2015-03-18 17:17 - 2015-03-18 17:17 - 09625720 _____ () C:\Program Files\Opera\28.0.1750.48\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-860636357-3192807667-3840191364-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pawelix\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-860636357-3192807667-3840191364-500 - Administrator - Disabled) Guest (S-1-5-21-860636357-3192807667-3840191364-501 - Limited - Disabled) pawelix (S-1-5-21-860636357-3192807667-3840191364-1000 - Administrator - Enabled) => C:\Users\pawelix ==================== Faulty Device Manager Devices ============= Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Fingerprint Sensor Description: Fingerprint Sensor Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/31/2015 05:53:25 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/31/2015 05:53:25 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/31/2015 05:53:25 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/31/2015 05:53:25 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/31/2015 05:53:25 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/31/2015 05:53:25 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (03/31/2015 05:53:25 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (03/31/2015 05:53:25 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=2418}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (03/31/2015 05:53:14 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/31/2015 05:11:05 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (03/31/2015 05:53:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (03/31/2015 05:53:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (03/31/2015 05:53:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473536. Error: (03/31/2015 05:52:46 PM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Error: (03/31/2015 05:52:46 PM) (Source: atikmdag) (EventID: 19468) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (03/31/2015 05:10:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: ccnfd_1_10_0_4 Error: (03/31/2015 05:10:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ccnfd_1_10_0_4 service failed to start due to the following error: %%2 Error: (03/31/2015 05:10:28 PM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Error: (03/31/2015 05:10:28 PM) (Source: atikmdag) (EventID: 19468) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (03/31/2015 05:08:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: ccnfd_1_10_0_4 Microsoft Office Sessions: ========================= Error: (09/10/2014 06:05:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error: (07/15/2014 00:47:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/20/2014 07:57:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 819 seconds with 660 seconds of active time. This session ended with a crash. Error: (05/15/2014 08:41:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/07/2014 00:58:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/03/2014 09:57:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/18/2014 05:51:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/05/2014 04:02:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/07/2013 04:48:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/18/2013 00:36:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6416.1000, Microsoft Office Version: 12.0.6416.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-62 Percentage of memory in use: 44% Total physical RAM: 3071.21 MB Available physical RAM: 1703.63 MB Total Pagefile: 6140.71 MB Available Pagefile: 4604.2 MB Total Virtual: 2047.88 MB Available Virtual: 1878.97 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:116.44 GB) (Free:80.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 4BEAC997) Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C) Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=106.7 GB) - (Type=OF Extended) ==================== End Of Log ============================