Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2014 Ran by Młody at 2014-11-20 08:41:06 Running from C:\Documents and Settings\Młody\Pulpit Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat 5.0 CE (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software) Crysis® 2 (HKLM\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts) Dodatek Zapisywanie jako PDF lub XPS firmy Microsoft dla programów pakietu Microsoft Office 2007 (HKLM\...\{90120000-00B2-0415-0000-0000000FF1CE}) (Version: 12.0.4518.1020 - Microsoft Corporation) Dropbox (HKU\S-1-5-21-2052111302-1935655697-682003330-1003\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) EVEREST Corporate Edition v5.50 (HKLM\...\EVEREST Corporate Edition_is1) (Version: 5.50 - Lavalys, Inc.) F.E.A.R. 3 (HKLM\...\Steam App 21100) (Version: - Day 1 Studios) Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan) Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle) K-Lite Codec Pack 8.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.8.0 - ) Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version: - Lexmark International, Inc.) Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 8.56.7.3 - Marvell) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 pl) (HKLM\...\Mozilla Firefox 33.1 (x86 pl)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) NVIDIA nView 136.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.28 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation) NVIDIA Sterownik graficzny 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.23 - NVIDIA Corporation) Odkurzacz (HKLM\...\Odkurzacz 13.5_is1) (Version: 13.5.0.1911 - FranmoSoftware - Maciej Opaliński) Panel sterowania NVIDIA 306.23 (Version: 306.23 - NVIDIA Corporation) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.6310 - Analog Devices) Steam (HKLM\...\Steam) (Version: - Valve Corporation) UltraISO Premium V9.36 (HKLM\...\UltraISO_is1) (Version: - ) Unity Web Player (HKU\S-1-5-21-2052111302-1935655697-682003330-1003\...\UnityWebPlayer) (Version: - Unity Technologies ApS) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Młody\Dane aplikacji\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Młody\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\UnityWebPlu (the data entry has 17 more characters). CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Młody\Dane aplikacji\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Młody\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Młody\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Młody\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Młody\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Młody\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Młody\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Młody\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2052111302-1935655697-682003330-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Młody\Dane aplikacji\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2001-10-26 16:45 - 2001-10-26 16:45 - 00000742 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-05-08 12:22 - 2014-05-08 12:22 - 00300544 _____ () C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL 2014-11-10 22:26 - 2014-11-10 22:27 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2052111302-1935655697-682003330-500 - Administrator - Enabled) Gość (S-1-5-21-2052111302-1935655697-682003330-501 - Limited - Disabled) Młody (S-1-5-21-2052111302-1935655697-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Młody Pomocnik (S-1-5-21-2052111302-1935655697-682003330-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-2052111302-1935655697-682003330-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (11/19/2014 03:37:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Aplikacja powodująca błąd aswwrcieloader32.exe, wersja 10.0.0.30, moduł powodujący błąd msvcr110.dll, wersja 11.0.51106.1, adres błędu 0x000a327c. Przetwarzanie zdarzenia określonego nośnika dla [aswwrcieloader32.exe!ws!] Error: (05/05/2014 06:23:20 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error: (05/05/2014 06:15:23 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error: (05/05/2014 05:56:00 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error: (04/28/2014 02:51:10 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error: (04/27/2014 07:13:08 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error: (04/26/2014 05:57:14 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error: (04/25/2014 04:28:38 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error: (04/24/2014 06:34:56 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error: (04/23/2014 07:15:05 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. System errors: ============= Error: (11/19/2014 04:11:23 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2014 04:11:23 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2014 04:11:23 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2014 04:11:23 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2014 04:11:23 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2014 04:11:23 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2014 04:11:23 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2014 04:11:23 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2014 04:11:23 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2014 04:11:23 PM) (Source: DCOM) (EventID: 10005) (User: ZARZĄDZANIE NT) Description: Model DCOM odebrał błąd „%%1058” podczas próby uruchomienia usługi BITS z argumentami „” w celu uruchomienia serwera: {4991D34B-80A1-4291-83B6-3328366B9097} Microsoft Office Sessions: ========================= Error: (07/13/2002 11:38:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1745 seconds with 420 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz Percentage of memory in use: 21% Total physical RAM: 3070.98 MB Available physical RAM: 2416.01 MB Total Pagefile: 4451.25 MB Available Pagefile: 3988.38 MB Total Virtual: 2047.88 MB Available Virtual: 1948.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:30 GB) (Free:3.47 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: () (Fixed) (Total:44.53 GB) (Free:9.53 GB) NTFS Drive e: () (Fixed) (Total:37.26 GB) (Free:29.66 GB) NTFS Drive f: (Filmy) (Fixed) (Total:37.27 GB) (Free:17.74 GB) NTFS Drive g: (F.E.A.R. 3) (CDROM) (Total:4.32 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 74.5 GB) (Disk ID: A563412B) Partition 1: (Not Active) - (Size=37.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=37.3 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 74.5 GB) (Disk ID: D048249A) Partition 1: (Active) - (Size=30 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=44.5 GB) - (Type=OF Extended) ==================== End Of Log ============================