Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015 Ran by Mako at 2015-06-13 22:37:57 Running from C:\Users\Mako\Downloads Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2932149468-3538548085-1955584924-500 - Administrator - Disabled) Gość (S-1-5-21-2932149468-3538548085-1955584924-501 - Limited - Disabled) Mako (S-1-5-21-2932149468-3538548085-1955584924-1000 - Administrator - Enabled) => C:\Users\Mako ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security z kopią zapasową (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: STOPzilla (Disabled - Up to date) {17032AB1-6644-0721-EEB5-A39B8B646009} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: STOPzilla (Enabled - Up to date) {AC62CB55-407E-08AF-D405-98E9F0E32AB4} AS: Norton Security z kopią zapasową (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security z kopią zapasową (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.55.0.0 - Conexant) Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.) Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes) Malwarebytes Anti-Malware wersja 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Norton Security z kopią zapasową (HKLM\...\NSBU) (Version: 22.2.0.31 - Symantec Corporation) Opera Stable 30.0.1835.59 (HKLM\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software) PLAY ONLINE (HKLM\...\PLAY ONLINE) (Version: 11.002.03.08.264 - Huawei Technologies Co.,Ltd) SpyHunter 4 (HKLM\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC) STOPzilla (HKLM\...\{9242735B-A101-45B0-BC06-2AA20A114627}) (Version: 6.1.100.3 - iS3 Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 05-06-2015 21:45:06 Instalacja pakietu sterownika urządzenia: HUAWEI Incorporated Modemy 05-06-2015 21:45:15 Instalacja pakietu sterownika urządzenia: HUAWEI Incorporated Porty (COM i LPT) 05-06-2015 21:45:28 Instalacja pakietu sterownika urządzenia: Huawei Incorporated Czytniki kart inteligentnych 05-06-2015 21:45:40 Instalacja pakietu sterownika urządzenia: HUAWEI Incorporated Karty sieciowe 05-06-2015 21:45:52 Instalacja pakietu sterownika urządzenia: HUAWEI Incorporated Kontrolery dźwięku, wideo i gier 05-06-2015 21:46:04 Instalacja pakietu sterownika urządzenia: HUAWEI Incorporated Porty (COM i LPT) 07-06-2015 20:26:04 Zaplanowany punkt kontrolny 07-06-2015 23:06:39 Instalacja pakietu sterownika urządzenia: Intel Kontrolery IDE ATA/ATAPI 07-06-2015 23:07:02 Instalacja pakietu sterownika urządzenia: Intel Urządzenia systemowe 07-06-2015 23:07:38 Instalacja pakietu sterownika urządzenia: Intel Urządzenia systemowe 07-06-2015 23:07:58 Instalacja pakietu sterownika urządzenia: Intel Kontrolery uniwersalnej magistrali szeregowej 07-06-2015 23:08:46 Instalacja pakietu sterownika urządzenia: Intel Urządzenia systemowe 08-06-2015 00:37:53 Instalacja pakietu sterownika urządzenia: Intel Corporation Karty graficzne 08-06-2015 00:39:11 Instalacja pakietu sterownika urządzenia: Intel(R) Corporation Kontrolery dźwięku, wideo i gier 08-06-2015 01:06:39 Installed STOPzilla 08-06-2015 01:40:45 STOPzilla Restore Point. 08-06-2015 10:14:34 Instalacja pakietu sterownika urządzenia: Intel Kontrolery IDE ATA/ATAPI 08-06-2015 10:22:03 STOPzilla Restore Point. 08-06-2015 23:47:36 STOPzilla Restore Point. 11-06-2015 23:20:35 STOPzilla Restore Point. 13-06-2015 00:15:33 Instalacja pakietu sterownika urządzenia: Conexant Kontrolery dźwięku, wideo i gier 13-06-2015 11:20:52 STOPzilla Restore Point. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0AE8F389-91F1-4041-A8FA-9AE4A853041E} - System32\Tasks\{6DEF857C-FAD6-47EC-85CE-4A88D6197F46} => pcalua.exe -a C:\Users\Mako\Downloads\52au11ww.exe -d C:\Users\Mako\Downloads Task: {0EACFC83-B8AD-47E5-B83E-3E55A63FD0F8} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\SymErr.exe [2015-02-25] (Symantec Corporation) Task: {17E38C47-9C6A-4E43-9674-48D8FCC7A9DF} - System32\Tasks\{4B90E891-A85D-4A25-8C70-1684B941A2DC} => pcalua.exe -a C:\Users\Mako\Downloads\6get18ww.exe -d C:\Users\Mako\Downloads Task: {3D450B97-1BC6-4AF1-AF67-4534B39CC3D8} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\SymErr.exe [2015-02-25] (Symantec Corporation) Task: {584C6875-1C7A-4A4B-9F35-A7D6D98F3E21} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security with Backup\Engine\22.2.0.31\WSCStub.exe [2015-04-01] (Symantec Corporation) Task: {85C42A3A-9655-4394-9E35-49B2E0D18B24} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_160_pepper.exe [2015-06-12] (Adobe Systems Incorporated) Task: {B785BFEB-2A3A-4AAE-94F4-FCDC17E53790} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-08] (Enigma Software Group USA, LLC.) Task: {D0A0952B-451C-46E4-B183-DA1A6E9AC419} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.) Task: {D6ECFF7F-0841-4F7C-B3CB-FF84579B4562} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.) Task: {DF500A00-4048-4B5E-9D45-804908B3E2E9} - System32\Tasks\Opera scheduled Autoupdate 1433678227 => C:\Program Files\Opera\launcher.exe [2015-06-10] (Opera Software) Task: {FF7A0896-A478-43A6-B949-57EA6EA1D040} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-06-08] (Enigma Software Group USA, LLC.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_160_pepper.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{6A78A5BC-249F-4A49-82BA-ED5C9B7C8189}.job => C:\Windows\system32\msfeedssync.exe ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\Software\Classes\.exe: exefile => <===== ATTENTION! HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\Software\Classes\exefile: <===== ATTENTION! ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2932149468-3538548085-1955584924-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg DNS Servers: Media is not connected to internet. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{3374F654-8816-4171-A4FE-B5F4C5CE9CE6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Podstawowe urządzenie systemowe Description: Podstawowe urządzenie systemowe Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Podstawowe urządzenie systemowe Description: Podstawowe urządzenie systemowe Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2015 10:37:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2015 10:36:33 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\rtm\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (06/13/2015 10:34:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2015 10:19:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2015 09:51:51 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (06/13/2015 09:51:51 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\system32\bitsperf.dll4 Error: (06/13/2015 09:48:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2015 09:47:00 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\rtm\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (06/13/2015 09:25:28 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (06/13/2015 08:07:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/13/2015 10:37:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: BHDrvx86 ccSet_NSBU eeCtrl ESProtectionDriver IDSVix86 is3srv mbamchameleon spldr SRTSPX SymIRON SYMTDIv szkgfs Wanarpv6 Error: (06/13/2015 10:37:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Przeglądarka komputeraSerwer%%1068 Error: (06/13/2015 10:36:34 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (06/13/2015 10:36:34 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (06/13/2015 10:36:33 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (06/13/2015 10:36:26 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Error: (06/13/2015 10:34:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: szkgfs%%2 Error: (06/13/2015 10:34:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: is3srv szkgfs Error: (06/13/2015 10:34:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (06/13/2015 10:33:05 PM) (Source: HTTP) (EventID: 15016) (User: ) Description: \Device\Http\ReqQueueKerberos Microsoft Office: ========================= Error: (06/13/2015 10:37:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2015 10:36:33 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\rtm\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (06/13/2015 10:34:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2015 10:19:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2015 09:51:51 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Error: (06/13/2015 09:51:51 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\system32\bitsperf.dll4 Error: (06/13/2015 09:48:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/13/2015 09:47:00 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\rtm\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (06/13/2015 09:25:28 PM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (06/13/2015 08:07:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-06-13 22:37:52.890 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2015-06-13 22:37:52.890 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2015-06-13 22:37:52.875 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2015-06-13 22:37:52.875 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2015-06-13 22:37:52.532 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-06-13 22:37:52.516 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-06-13 22:37:52.516 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-06-13 22:37:52.500 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-06-13 22:37:52.360 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-06-13 22:37:52.360 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz Percentage of memory in use: 16% Total physical RAM: 2007.82 MB Available physical RAM: 1672.99 MB Total Pagefile: 4252.93 MB Available Pagefile: 4015.34 MB Total Virtual: 2047.88 MB Available Virtual: 1925.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:98.63 GB) (Free:76.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:9.77 GB) (Free:9.67 GB) NTFS Drive e: () (Fixed) (Total:9.77 GB) (Free:9.69 GB) NTFS Drive f: () (Fixed) (Total:9.77 GB) (Free:9.69 GB) NTFS Drive h: (PLAY ONLINE) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 0000905C) Partition 1: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS) Partition 4: (Active) - (Size=98.6 GB) - (Type=07 NTFS) ==================== End of log ============================