Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014 Ran by rambo at 2014-12-19 01:44:39 Running from C:\FIXITPC Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kingsoft Antivirus System Defense (Enabled - Up to date) {B6A51389-A795-5AC9-13BA-F569D73F3FE8} AS: Kingsoft Antivirus System Defense (Enabled - Up to date) {0DC4F26D-81AF-5547-290A-CE1BACB87555} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) AIMP2 (HKLM\...\AIMP2) (Version: - AIMP DevTeam) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BufferZone (HKLM\...\{1DACE7E0-0711-405B-9176-D849224E6957}) (Version: 4.07.128 - Trustware) iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.) Kingsoft Antivirus 2012 (HKLM\...\Kingsoft Internet Security) (Version: 2012.5.7 - Kingsoft Internet Security) Klipfolio (remove only) (HKLM\...\Klipfolio) (Version: - ) Launchy 2.5 (HKLM\...\Launchy_21344213_is1) (Version: - Code Jelly) MEGAsync (HKLM\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 34.0.5 (x86 pl) (HKLM\...\Mozilla Firefox 34.0.5 (x86 pl)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation) NVIDIA MediaShield (HKLM\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation) NVIDIA Sterownik graficzny 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation) Obsługa programów Apple (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH) Panel sterowania NVIDIA 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Puran Defrag 7.7 (HKLM\...\Puran Defrag_is1) (Version: - Puran Software) QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) SpiderOak (HKLM\...\{521EB0CF-82AD-4A5C-90B9-F2EC160A0CCF}) (Version: 5.1.8.10105 - SpiderOak) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-437592956-270204519-1642714051-1001_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> E:\Programy\Programy portable\Video\BESTplayer.exe (Karol Winnicki) ==================== Restore Points ========================= 11-12-2014 02:32:42 Installed BufferZone 11-12-2014 03:13:42 Installed iTunes 12-12-2014 13:53:59 Installed QuickTime 7 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (whitelisted) ============= 2013-12-29 11:56 - 2013-12-29 11:56 - 00572320 _____ () C:\Program Files\Admin\BufferZone\RLHOOK32.DLL 2013-12-29 11:57 - 2013-12-29 11:57 - 03142000 _____ () C:\Program Files\Admin\BufferZone\CLNTSVC.EXE 2013-12-29 11:56 - 2013-12-29 11:56 - 00444320 _____ () C:\Windows\system32\AM.DLL 2013-12-29 11:56 - 2013-12-29 11:56 - 00235424 _____ () C:\Program Files\Admin\BufferZone\BZRPCSS.EXE 2013-12-29 11:56 - 2013-12-29 11:56 - 00239008 _____ () C:\Program Files\Admin\BufferZone\BZDCOMLAUNCH.EXE 2014-11-17 00:15 - 2013-06-21 10:52 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-29 11:57 - 2013-12-29 11:57 - 00148896 _____ () C:\Program Files\Admin\BufferZone\WINBORDER.DLL 2014-05-01 15:15 - 2014-05-01 15:15 - 00463360 _____ () C:\Users\rambo\AppData\Local\MEGAsync\ShellExtX32.dll 2010-07-04 22:32 - 2010-07-04 22:32 - 00010752 _____ () C:\Program Files\Admin\Unlocker\UnlockerCOM.dll 2013-12-29 11:56 - 2013-12-29 11:56 - 03408808 _____ () C:\Program Files\Admin\BufferZone\ClientGUI.exe 2014-11-06 12:59 - 2010-11-10 19:38 - 00380928 _____ () C:\Program Files\Admin\Launchy\Launchy.exe 2014-11-06 12:59 - 2009-12-16 22:13 - 08314880 _____ () C:\Program Files\Admin\Launchy\QtGui4.dll 2014-11-06 12:59 - 2009-12-16 21:54 - 02236416 _____ () C:\Program Files\Admin\Launchy\QtCore4.dll 2014-11-06 12:59 - 2009-12-16 21:56 - 00712704 _____ () C:\Program Files\Admin\Launchy\QtNetwork4.dll 2014-11-06 12:59 - 2009-12-17 00:18 - 00233472 _____ () C:\Program Files\Admin\Launchy\imageformats\qmng4.dll 2014-11-06 12:59 - 2010-11-10 19:39 - 00081920 _____ () C:\Program Files\Admin\Launchy\plugins\calcy.dll 2014-11-06 12:59 - 2010-11-10 19:39 - 00090112 _____ () C:\Program Files\Admin\Launchy\plugins\controly.dll 2014-11-06 12:59 - 2010-11-10 19:38 - 00024064 _____ () C:\Program Files\Admin\Launchy\plugins\gcalc.dll 2014-11-06 12:59 - 2010-11-10 19:38 - 00094208 _____ () C:\Program Files\Admin\Launchy\plugins\runner.dll 2014-11-06 12:59 - 2010-11-10 19:38 - 00057344 _____ () C:\Program Files\Admin\Launchy\plugins\verby.dll 2014-11-06 12:59 - 2010-11-10 19:38 - 00122880 _____ () C:\Program Files\Admin\Launchy\plugins\weby.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Config.msi:BZ-VIRTUAL-LINK AlternateDataStreams: C:\ProgramData:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Temp:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Windows:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Program Files\Internet:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Program Files\Internet Explorer:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Windows\Installer:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Windows\System32:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\All Users:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\rambo:BZ-VIRTUAL-LINK AlternateDataStreams: C:\ProgramData\Apple Computer:BZ-VIRTUAL-LINK AlternateDataStreams: C:\ProgramData\Application Data:BZ-VIRTUAL-LINK AlternateDataStreams: C:\ProgramData\Dane aplikacji:BZ-VIRTUAL-LINK AlternateDataStreams: C:\ProgramData\Microsoft:BZ-VIRTUAL-LINK AlternateDataStreams: C:\ProgramData\NVIDIA Corporation:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\rambo\AppData:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\rambo\Cookies:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\rambo\Dane aplikacji:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\rambo\Ustawienia lokalne:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\rambo\AppData\Local:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\rambo\AppData\LocalLow:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\rambo\AppData\Roaming:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\rambo\AppData\Roaming\Microsoft:BZ-VIRTUAL-LINK AlternateDataStreams: C:\Users\rambo\AppData\Roaming\Mozilla:BZ-VIRTUAL-LINK ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-437592956-270204519-1642714051-500 - Administrator - Disabled) Gość (S-1-5-21-437592956-270204519-1642714051-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-437592956-270204519-1642714051-1002 - Limited - Enabled) rambo (S-1-5-21-437592956-270204519-1642714051-1001 - Administrator - Enabled) => C:\Users\rambo ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: C-Media PCI Audio Device Description: C-Media PCI Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: C-Media Service: cmuda3 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/18/2014 11:21:02 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: Error: (12/18/2014 11:15:02 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: Error: (12/18/2014 11:12:50 PM) (Source: PerfNet) (EventID: 2005) (User: ) Description: Error: (12/18/2014 11:12:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/18/2014 11:11:11 PM) (Source: BufferZoneSvc) (EventID: 0) (User: ) Description: Nieprawidłowe dojście Error: (12/18/2014 09:47:12 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: Error: (12/18/2014 09:41:12 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: Error: (12/18/2014 09:38:48 PM) (Source: PerfNet) (EventID: 2005) (User: ) Description: Error: (12/18/2014 07:09:50 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: Error: (12/18/2014 07:03:50 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: System errors: ============= Error: (12/18/2014 11:12:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (12/18/2014 11:12:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (12/18/2014 11:12:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (12/18/2014 11:12:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (12/18/2014 07:01:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (12/18/2014 07:01:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (12/18/2014 07:01:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (12/18/2014 07:01:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (12/18/2014 01:33:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania funkcji, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (12/18/2014 01:32:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Microsoft Office Sessions: ========================= Error: (12/18/2014 11:21:02 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: Error: (12/18/2014 11:15:02 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: Error: (12/18/2014 11:12:50 PM) (Source: PerfNet) (EventID: 2005) (User: ) Description: Error: (12/18/2014 11:12:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/18/2014 11:11:11 PM) (Source: BufferZoneSvc) (EventID: 0) (User: ) Description: Nieprawidłowe dojście Error: (12/18/2014 09:47:12 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: Error: (12/18/2014 09:41:12 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: Error: (12/18/2014 09:38:48 PM) (Source: PerfNet) (EventID: 2005) (User: ) Description: Error: (12/18/2014 07:09:50 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: Error: (12/18/2014 07:03:50 PM) (Source: PerfNet) (EventID: 2006) (User: ) Description: CodeIntegrity Errors: =================================== Date: 2014-12-18 23:12:06.074 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Admin\BufferZone\RlHook32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-18 19:00:49.196 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Admin\BufferZone\RlHook32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-18 13:32:33.873 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Admin\BufferZone\RlHook32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-18 11:28:05.060 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Admin\BufferZone\RlHook32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-18 00:16:41.154 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Admin\BufferZone\RlHook32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-17 11:00:25.586 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Admin\BufferZone\RlHook32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-17 00:01:51.433 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Admin\BufferZone\RlHook32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-16 11:43:32.790 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Admin\BufferZone\RlHook32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-15 19:26:06.626 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Admin\BufferZone\RlHook32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-15 14:21:45.483 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Admin\BufferZone\RlHook32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ Percentage of memory in use: 61% Total physical RAM: 2046.55 MB Available physical RAM: 786.28 MB Total Pagefile: 3582.55 MB Available Pagefile: 1861.48 MB Total Virtual: 2047.88 MB Available Virtual: 1884.45 MB ==================== Drives ================================ Drive c: (Win7) (Fixed) (Total:40.06 GB) (Free:25.41 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Photos) (Fixed) (Total:120.12 GB) (Free:4.66 GB) NTFS Drive e: (Files) (Fixed) (Total:68.96 GB) (Free:13.65 GB) NTFS Drive f: (Ent) (Fixed) (Total:68.95 GB) (Free:3.62 GB) NTFS Drive g: (Lin) (Fixed) (Total:124.15 GB) (Free:119.53 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 148.9 GB) (Disk ID: 0007591E) Partition 1: (Not Active) - (Size=518 MB) - (Type=82) Partition 2: (Active) - (Size=19.5 GB) - (Type=83) Partition 3: (Not Active) - (Size=4.7 GB) - (Type=83) Partition 4: (Not Active) - (Size=124.2 GB) - (Type=05) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 24E224E1) Partition 1: (Active) - (Size=40.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=258 GB) - (Type=OF Extended) ==================== End Of Log ============================