Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Mateusz at 2015-04-10 10:52:51 Running from C:\Users\Mateusz\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3891459942-242824556-1304610250-1000\...\uTorrent) (Version: 3.4.2.36318 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Active WebCam (HKLM-x32\...\Active WebCam) (Version: - ) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Aktualizacje NVIDIA 2.4.1.21 (Version: 2.4.1.21 - NVIDIA Corporation) Hidden Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden C4400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation) Components Setup (x32 Version: 1.00.0000 - Vimicro Corporation) Hidden Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DMG Extractor (HKU\S-1-5-21-3891459942-242824556-1304610250-1000\...\DMG Extractor) (Version: 1.3.15.0 - Reincubate Ltd) DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Ferro CCTV (HKLM-x32\...\{B297CC4A-A142-40ED-AC9B-B9207851F124}_is1) (Version: - FERRO Software) Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{8181C5B7-2FF5-4677-BA6A-8E2C3F5A7601}) (Version: 13.0 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Knights and Merchants TPR (HKLM-x32\...\Knights and Merchants TPR) (Version: - ) Kozacy - Sztuka wojny (HKLM-x32\...\Cossacks : The Art Of War) (Version: - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: - ) Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - Sega) Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA) Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3891459942-242824556-1304610250-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{f45b48a7-f616-4211-b927-17cab6a96613}) (Version: 8.0.58298 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Mixxx 1.11.0 (64-bit) (HKLM-x32\...\Mixxx (1.11.0)) (Version: 1.11.0 - The Mixxx Development Team) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mp3 Knife 3.6 (HKLM-x32\...\Mp3 Knife_is1) (Version: - ) MP3 Remix for Windows Media Player (HKLM-x32\...\MP3 Remix for Windows Media Player) (Version: 3.811.0.0 - Power Technology) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - ) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) Nero WaveEditor (HKLM-x32\...\{EE430B59-A026-4C96-8906-E4C05B7FCC37}) (Version: 12.5.01500 - Nero AG) NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA Sterownik graficzny 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Ogniem i Mieczem - Dzikie Pola (HKLM-x32\...\{A66C1C60-A589-4210-87D7-3F758EFE51B2}) (Version: 1.133 - TaleWorlds Entertainment) Panel sterowania NVIDIA 347.52 (Version: 347.52 - NVIDIA Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Poczta usługi Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Praetorians (HKLM-x32\...\{AAC8AF92-DAEC-45D2-B77D-36699E3751A9}) (Version: - Pyro Studios) Prerequisite installer (x32 Version: 12.0.0005 - Nero AG) Hidden ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) PS_AIO_03_C4400_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.591 - Qualcomm Atheros) Qualcomm Atheros Killer Network Manager (Version: 6.1.0.591 - Qualcomm Atheros) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games) Rome - Total War (HKLM-x32\...\{E01662A1-BF0F-4DA8-A2FC-4E7F685884B8}) (Version: 1.6 - The Creative Assembly) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.13467 - Aztec Media Inc) <==== ATTENTION SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.02 - Creative Technology Limited) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Stronghold 3 Gold (HKLM-x32\...\Stronghold 3_is1) (Version: - ) The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd) Third Age - Total War 1.0 Part1 (HKU\S-1-5-21-3891459942-242824556-1304610250-1000\...\Third Age - Total War 1.0 Part1) (Version: - ) Third Age - Total War 1.0 Part2 (HKU\S-1-5-21-3891459942-242824556-1304610250-1000\...\Third Age - Total War 1.0 Part2) (Version: - ) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden Total War: ATTILA (HKLM-x32\...\Steam App 325610) (Version: - Creative Assembly) Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly) Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly) TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden Twierdza HD (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.30.0002 - Firefly Studios) UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden Wave Editor 3.3.3.0 (HKLM-x32\...\Wave Editor_is1) (Version: 3.3.3.0 - AbyssMedia.com) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WinRAR 5.01 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3891459942-242824556-1304610250-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3891459942-242824556-1304610250-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3891459942-242824556-1304610250-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3891459942-242824556-1304610250-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3891459942-242824556-1304610250-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 05-04-2015 23:26:16 Operacja przywracania 06-04-2015 18:57:48 Windows Update 07-04-2015 04:38:04 Windows Update 07-04-2015 13:18:11 Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 07-04-2015 13:19:08 Removed MSXML 4.0 SP2 (KB954430) 07-04-2015 13:20:00 Removed Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 07-04-2015 13:22:22 Removed Nero Info. 07-04-2015 13:23:36 Removed Nero WaveEditor. 07-04-2015 13:24:48 Usunięto: Microsoft Visual C++ 2005 Redistributable 09-04-2015 03:04:40 Installed Privatefirewall 7.0 09-04-2015 23:43:39 Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-11-22 01:27 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 d3oxij66pru1i3.cloudfront.net ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {49EA0260-02FD-406E-9403-4A9A758907F8} - System32\Tasks\{3273CE08-0891-4E86-B07C-B3B0C8E4EE52} => pcalua.exe -a C:\Users\Mateusz\Desktop\Downloads\mp3DC220_www.INSTALKI.pl.exe -d C:\Users\Mateusz\Desktop\Downloads Task: {4C92535E-526B-4490-B1CD-0FA694AA1DFE} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-03-07] (Oracle Corporation) Task: {A5131189-4EBE-4A11-A0CD-EECE3928ACE2} - System32\Tasks\{4C02AA98-03F8-43D7-87B4-9FDFC89761D1} => pcalua.exe -a E:\str\install.exe -d E:\str Task: {B8A9FF41-1BF7-4CAC-B6C9-2600205DE1F0} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8d7c89d17b0a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09] (Google Inc.) Task: {BF252A95-564B-49CA-9A2C-271F341F5B58} - System32\Tasks\{AB213289-6E6D-46ED-8747-B28378EF04CD} => pcalua.exe -a "F:\Support\Battlefield Bad Company 2_code.exe" -d F:\Support Task: {C571979A-7C6B-4A85-8B61-9373F6B4A5B3} - System32\Tasks\GoogleUpdateTaskMachineCore1cf2a41ccbbd9c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09] (Google Inc.) Task: {C5920D02-3BFB-448F-8024-DEBA6205F5EB} - System32\Tasks\PennyBee => C:\Users\Mateusz\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {CB0911FC-9E5D-433A-BA2D-B44309AE76FF} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG) Task: {D50CDA1E-1A9B-4BEF-A926-66D40361B0AF} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION Task: {E37417A9-E780-42EC-B067-526ED24A8F51} - System32\Tasks\{3188E444-E0FE-450C-AC33-686BDC369A24} => pcalua.exe -a D:\SETUP.EXE -d D:\ Task: {FBEB0717-7AC1-4062-AA54-7A8742ADEF0C} - System32\Tasks\AdobeAAMUpdater-1.0-Mateusz-PC-Mateusz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2a41ccbbd9c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8d7c89d17b0a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-13 20:38 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00503296 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe 2011-05-09 21:46 - 2011-05-09 21:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll 2011-05-09 21:56 - 2011-05-09 21:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll 2011-05-09 21:47 - 2011-05-09 21:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll 2011-05-10 13:32 - 2011-05-10 13:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll 2011-05-09 21:48 - 2011-05-09 21:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00554496 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe 2013-05-07 12:43 - 2013-05-07 12:43 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00240128 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00291328 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00211456 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00064000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll 2013-05-07 12:43 - 2013-05-07 12:43 - 00317440 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll 2015-03-30 21:36 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3891459942-242824556-1304610250-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: IMMON => "C:\Program Files (x86)\IM Magician\Vicamon.exe" MSCONFIG\startupreg: IMMONSUPPORT => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe MSCONFIG\startupreg: Steam => "E:\rome total war 2\steam.exe" -silent MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ==================== Accounts: ============================= Administrator (S-1-5-21-3891459942-242824556-1304610250-500 - Administrator - Disabled) Gość (S-1-5-21-3891459942-242824556-1304610250-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3891459942-242824556-1304610250-1005 - Limited - Enabled) Mateusz (S-1-5-21-3891459942-242824556-1304610250-1000 - Administrator - Enabled) => C:\Users\Mateusz ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Kontroler Uniwersalnej magistrali szeregowej (USB) Description: Kontroler Uniwersalnej magistrali szeregowej (USB) Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/10/2015 10:45:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu. Error: (04/10/2015 10:45:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (04/10/2015 10:45:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data. Error: (04/10/2015 10:45:09 AM) (Source: MsiInstaller) (EventID: 11921) (User: ZARZĄDZANIE NT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services. Error: (04/10/2015 10:40:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2015 10:38:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (04/10/2015 10:38:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (04/10/2015 10:38:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (04/09/2015 11:11:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 41.0.2272.118, sygnatura czasowa: 0x55199d5a Nazwa modułu powodującego błąd: chrome.dll, wersja: 41.0.2272.118, sygnatura czasowa: 0x55199942 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x004fe1b8 Identyfikator procesu powodującego błąd: 0x920 Godzina uruchomienia aplikacji powodującej błąd: 0xchrome.exe0 Ścieżka aplikacji powodującej błąd: chrome.exe1 Ścieżka modułu powodującego błąd: chrome.exe2 Identyfikator raportu: chrome.exe3 Error: (04/09/2015 11:11:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: chrome.exe, wersja: 41.0.2272.118, sygnatura czasowa: 0x55199d5a Nazwa modułu powodującego błąd: chrome.dll, wersja: 41.0.2272.118, sygnatura czasowa: 0x55199942 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x004fe1b8 Identyfikator procesu powodującego błąd: 0xdf8 Godzina uruchomienia aplikacji powodującej błąd: 0xchrome.exe0 Ścieżka aplikacji powodującej błąd: chrome.exe1 Ścieżka modułu powodującego błąd: chrome.exe2 Identyfikator raportu: chrome.exe3 System errors: ============= Error: (04/09/2015 11:29:44 PM) (Source: DCOM) (EventID: 10016) (User: RZYM) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}RZYMMateuszS-1-5-21-3891459942-242824556-1304610250-1000LocalHost (użycie LRPC) Error: (04/09/2015 11:29:38 PM) (Source: DCOM) (EventID: 10016) (User: RZYM) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}RZYMMateuszS-1-5-21-3891459942-242824556-1304610250-1000LocalHost (użycie LRPC) Error: (04/09/2015 10:38:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący błąd: %%5. Error: (04/09/2015 10:38:18 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: ) Description: Funkcja ochrony w czasie rzeczywistym produktu %%860 napotkała błąd i jej uruchomienie nie powiodło się. Funkcja: %%886 Kod błędu: 0x80070005 Opis błędu: Odmowa dostępu. Przyczyna: %%892 Error: (04/09/2015 10:38:02 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: ) Description: Produkt %60 napotkał błąd podczas próby załadowania podpisów i podejmie próbę powrotu do znanego zestawu dobrych podpisów. Podpisy objęte próbą: %24 Kod błędu: 0x80070002 Opis błędu: Nie można odnaleźć określonego pliku. Wersja podpisu: 0.0.0.0;0.0.0.0 Wersja aparatu: %600 Error: (04/09/2015 10:30:18 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58} Error: (04/09/2015 10:29:44 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C} Error: (04/09/2015 10:27:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Produkt %RZYM60 napotkał błąd podczas próby aktualizacji podpisów. Nowa wersja podpisu: Poprzednia wersja podpisu: 0.0.0.0 Źródło aktualizacji: %RZYM51 Etap aktualizacji: 4.7.0205.00 Ścieżka źródła: 4.7.0205.01 Typ podpisu: %RZYM602 Typ aktualizacji: %RZYM604 Użytkownik: RZYM\Mateusz Bieżąca wersja aparatu: %RZYM605 Poprzednia wersja aparatu: %RZYM606 Kod błędu: %RZYM607 Opis błędu: %RZYM608 Error: (04/09/2015 10:27:21 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Produkt %RZYM60 napotkał błąd podczas próby aktualizacji podpisów. Nowa wersja podpisu: Poprzednia wersja podpisu: 1.195.2448.0 Źródło aktualizacji: %RZYM51 Etap aktualizacji: 4.7.0205.00 Ścieżka źródła: 4.7.0205.01 Typ podpisu: %RZYM602 Typ aktualizacji: %RZYM604 Użytkownik: RZYM\Mateusz Bieżąca wersja aparatu: %RZYM605 Poprzednia wersja aparatu: %RZYM606 Kod błędu: %RZYM607 Opis błędu: %RZYM608 Error: (04/09/2015 10:27:21 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Produkt %RZYM60 napotkał błąd podczas próby aktualizacji podpisów. Nowa wersja podpisu: Poprzednia wersja podpisu: 1.195.2448.0 Źródło aktualizacji: %RZYM51 Etap aktualizacji: 4.7.0205.00 Ścieżka źródła: 4.7.0205.01 Typ podpisu: %RZYM602 Typ aktualizacji: %RZYM604 Użytkownik: RZYM\Mateusz Bieżąca wersja aparatu: %RZYM605 Poprzednia wersja aparatu: %RZYM606 Kod błędu: %RZYM607 Opis błędu: %RZYM608 Microsoft Office Sessions: ========================= Error: (04/10/2015 10:45:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (04/10/2015 10:45:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (04/10/2015 10:45:43 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT) Description: Performance1637070000000000000000000009030000 Error: (04/10/2015 10:45:09 AM) (Source: MsiInstaller) (EventID: 11921) (User: ZARZĄDZANIE NT) Description: Product: Nero Update -- Error 1921.Service Nero Update (NAUpdate) could not be stopped. Verify that you have sufficient privileges to stop system services.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/10/2015 10:40:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/10/2015 10:38:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (04/10/2015 10:38:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (04/10/2015 10:38:48 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (04/09/2015 11:11:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe41.0.2272.11855199d5achrome.dll41.0.2272.1185519994280000003004fe1b892001d07309d0f38501C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\chrome.dll0ea37af7-defd-11e4-bb48-d43d7eef1bc8 Error: (04/09/2015 11:11:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe41.0.2272.11855199d5achrome.dll41.0.2272.1185519994280000003004fe1b8df801d07309cf44bd42C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\chrome.dll0cf50159-defd-11e4-bb48-d43d7eef1bc8 CodeIntegrity Errors: =================================== Date: 2015-03-27 15:34:41.785 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Active WebCam\PCIDUMPR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-27 15:34:41.743 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Active WebCam\PCIDUMPR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-27 15:32:25.411 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Active WebCam\PCIDUMPR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-27 15:32:25.370 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Active WebCam\PCIDUMPR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-27 15:31:00.149 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Active WebCam\PCIDUMPR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-27 15:31:00.109 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Active WebCam\PCIDUMPR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-27 14:39:31.585 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Active WebCam\PCIDUMPR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-03-27 14:39:31.544 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Active WebCam\PCIDUMPR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-26 20:48:08.715 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Mateusz\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-26 20:48:08.693 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Mateusz\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz Percentage of memory in use: 18% Total physical RAM: 8120.01 MB Available physical RAM: 6614.54 MB Total Pagefile: 24358.22 MB Available Pagefile: 22641.95 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:139.9 GB) (Free:72.19 GB) NTFS Drive e: (Nowy) (Fixed) (Total:596.2 GB) (Free:397.62 GB) NTFS Drive f: (Programowy) (Fixed) (Total:195.31 GB) (Free:194.35 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 868F5863) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=139.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=195.3 GB) - (Type=OF Extended) ==================== End Of Log ============================