Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by Artur19E68 at 2015-05-30 23:30:45 Running from C:\Users\Artur19E68\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1166034103-2044418019-3407044678-500 - Administrator - Disabled) Artur19E68 (S-1-5-21-1166034103-2044418019-3407044678-1000 - Administrator - Enabled) => C:\Users\Artur19E68 Guest (S-1-5-21-1166034103-2044418019-3407044678-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ESET NOD32 Antivirus (HKLM\...\{4B14EC50-70A2-4973-BE68-50E546653134}) (Version: 8.0.312.4 - ESET, spol s r. o.) globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Malwarebytes Anti-Malware wersja 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation) NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ATTENTION VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-05-30 20:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {18351A95-C6FB-4B0E-8160-D1025803A7DB} - \ASP No Task File <==== ATTENTION Task: {2213EF14-772A-46DA-AAB6-F49EAA9D3C71} - \ShopperProJSUpd No Task File <==== ATTENTION Task: {2CC37559-56B8-4DDB-890A-309F3D4C5BD9} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION Task: {3EA784C1-33CB-4772-89C5-3ABE52B27F88} - System32\Tasks\{8AAD4043-004A-469F-B853-FF97D7CC4A10} => pcalua.exe -a C:\Users\Artur19E68\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=squadm Task: {49986001-6A32-4BF7-B710-7D37BF9E2CAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.) Task: {7660DF4F-4AEE-4A10-88E9-4C5FE482B663} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {85DACE50-A7D9-402A-BA38-F49F69C0142A} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2015-04-16] (Microsoft Corporation) Task: {8957C5E4-EF1C-4E64-8E38-28401954BA65} - System32\Tasks\YTAUpdate => C:\Program Files (x86)\YouTube Accelerator\Updater.exe [2015-05-30] (Goobzo) <==== ATTENTION Task: {97174FF8-BF0E-471A-ABF1-905D84C15DBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-30] (Google Inc.) Task: {9FA3F8BB-F8D9-4ED2-86D0-3BCB6708852F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {AEB0E017-38BA-4C4A-9CCA-E55AF6B1D11E} - System32\Tasks\YTAUpdate_logon => C:\Program Files (x86)\YouTube Accelerator\Updater.exe [2015-05-30] (Goobzo) <==== ATTENTION Task: {C633D482-2755-4A4A-AB54-AAB8C3315AD5} - \SPBIW_UpdateTask_Time_333932383431383333382d7855236c575a4a5741415034 No Task File <==== ATTENTION Task: {CD62D989-46BF-40C4-8CC1-04EBD491E823} - \SPDriver No Task File <==== ATTENTION Task: {D0AA78CD-7397-4EF6-B0E4-D2FC5D26702E} - \ShopperPro No Task File <==== ATTENTION Task: {EC4256EB-DAF7-40EB-94D2-F673B8B0D555} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-05-30 01:04 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll 2015-05-30 01:04 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll 2015-05-30 01:04 - 2015-05-22 22:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1166034103-2044418019-3407044678-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Artur19E68\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: globalUpdate => 2 MSCONFIG\Services: globalUpdatem => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: IHProtect Service => 2 MSCONFIG\Services: insvc_1.10.0.14 => 2 MSCONFIG\Services: jokydeki => 2 MSCONFIG\Services: mofysilo => 2 MSCONFIG\Services: myroqole => 2 MSCONFIG\Services: nevetuhi => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: rilydoxy => 2 MSCONFIG\Services: SPBIUpd => 2 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\Services: Update Edu App => 2 MSCONFIG\Services: Util Edu App => 2 MSCONFIG\Services: YouTubeAcceleratorService => 2 MSCONFIG\startupfolder: C:^Users^Artur19E68^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk => C:\Windows\pss\crossbrowse.lnk.Startup MSCONFIG\startupfolder: C:^Users^Artur19E68^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SmartWeb.lnk => C:\Windows\pss\SmartWeb.lnk.Startup MSCONFIG\startupreg: CoupSeek => C:\Users\Artur19E68\AppData\Roaming\CoupSeek\scpsk.exe MSCONFIG\startupreg: gmsd_pl_120 => "C:\Program Files (x86)\gmsd_pl_120\gmsd_pl_120.exe" MSCONFIG\startupreg: GoobzoYouTubeAccelerator => "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe" /startup MSCONFIG\startupreg: GoogleChromeAutoLaunch_4C96C829E7A7B17638F6F88C3FC2DD86 => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: SmartWeb => C:\Users\Artur19E68\AppData\Local\SmartWeb\SmartWebHelper.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: WinCheck => C:\Users\Artur19E68\AppData\Local\AD933280-1432947039-11DD-8A93-0023545E67A4\bnss5DCB.exe MSCONFIG\startupreg: Windesk Winsearch => C:\Program Files (x86)\WindeskWinsearch\Windesk Winsearch.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{35F0E5F4-2E85-41D3-9915-04D3FAC8720B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/30/2015 10:26:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 08:48:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 07:31:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 02:57:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 02:35:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: IEXPLORE.EXE, wersja: 11.0.9600.17728, sygnatura czasowa: 0x55024724 Nazwa modułu powodującego błąd: urlmon.dll, wersja: 11.0.9600.17728, sygnatura czasowa: 0x55024876 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00010d7c Identyfikator procesu powodującego błąd: 0x570 Godzina uruchomienia aplikacji powodującej błąd: 0xIEXPLORE.EXE0 Ścieżka aplikacji powodującej błąd: IEXPLORE.EXE1 Ścieżka modułu powodującego błąd: IEXPLORE.EXE2 Identyfikator raportu: IEXPLORE.EXE3 Error: (05/30/2015 02:25:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 02:17:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 01:45:59 AM) (Source: MsiInstaller) (EventID: 1013) (User: Artur19E68-PC) Description: Product: ESET NOD32 Antivirus -- Ten pakiet instalacyjny jest przeznaczony do 32-bitowych systemów operacyjnych. Użyj pakietu instalacyjnego do 64-bitowych systemów operacyjnych. Error: (05/30/2015 01:42:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 01:31:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (05/30/2015 08:48:51 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Wykonywanie kopii w tle woluminu C: zostało przerwane, ponieważ nie można powiększyć magazynu kopii w tle z powodu limitu wprowadzonego przez użytkownika. Error: (05/30/2015 08:45:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (05/30/2015 08:44:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (05/30/2015 08:39:21 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \??\C:\ComboFix\catchme.sys zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (05/30/2015 08:36:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Usługa PEVSystemStart jest oznaczona jako usługa interakcyjna. System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego ta usługa może nie działać właściwie. Error: (05/30/2015 07:31:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Usługa HomeGroup Listener zakończyła działanie; wystąpił specyficzny dla niej błąd %%-2147023143. Error: (05/30/2015 02:24:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Usługa HomeGroup Listener zakończyła działanie; wystąpił specyficzny dla niej błąd %%-2147023143. Error: (05/30/2015 02:24:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: innfd_1_10_0_14 Error: (05/30/2015 02:24:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą afterguard. Error: (05/30/2015 02:16:38 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Usługa HomeGroup Listener zakończyła działanie; wystąpił specyficzny dla niej błąd %%-2147023143. Microsoft Office: ========================= Error: (05/30/2015 10:26:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 08:48:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 07:31:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 02:57:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 02:35:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.1772855024724urlmon.dll11.0.9600.1772855024876c000000500010d7c57001d09a7010cde4eeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllb907aa62-0663-11e5-ba81-54e6fc846f43 Error: (05/30/2015 02:25:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 02:17:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 01:45:59 AM) (Source: MsiInstaller) (EventID: 1013) (User: Artur19E68-PC) Description: Product: ESET NOD32 Antivirus -- Ten pakiet instalacyjny jest przeznaczony do 32-bitowych systemów operacyjnych. Użyj pakietu instalacyjnego do 64-bitowych systemów operacyjnych.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (05/30/2015 01:42:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2015 01:31:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-05-30 20:39:21.085 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-30 20:39:21.054 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz Percentage of memory in use: 35% Total physical RAM: 4095.11 MB Available physical RAM: 2638.75 MB Total Pagefile: 8188.41 MB Available Pagefile: 6374.6 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:39.9 GB) (Free:13.91 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AD04AD04) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=39.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=130 GB) - (Type=06) Partition 4: (Not Active) - (Size=128 GB) - (Type=06) ==================== End of log ============================