Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015 Ran by user at 2015-01-07 13:59:14 Running from C:\Users\user\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.39.0 - Alcor Micro Corp.) Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.39.0 - Alcor Micro Corp.) Hidden AutoCAD LT 2005 - Polski (HKLM-x32\...\{5783F2D7-0309-0415-0002-0060B0CE6BBA}) (Version: 16.1.63.10 - Autodesk) Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 4.1 - Autodesk, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation) Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.223.232 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: - Broadcom Corporation) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3317 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2321 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.5101 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.) Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company) DraftSight x64 (HKLM\...\{27CADF1B-2626-46F9-ACA8-B94FB3B506DA}) (Version: 12.2.1065 - Dassault Systemes) Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company) Embedded Security for HP ProtectTools (HKLM\...\{43BE25B8-E69F-42CF-9414-7DDCF891629B}) (Version: 7.0.000.2882 - Hewlett-Packard Company) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company) Face Recognition for HP ProtectTools (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company) FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - Solvusoft Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hold Page (HKLM\...\Hold Page) (Version: 2014.12.02.062353 - Hold Page) <==== ATTENTION! HP 3D DriveGuard (HKLM\...\{C0C9A493-51CB-4F3F-A296-5B5E410C338E}) (Version: 5.0.9.0 - Hewlett-Packard Company) HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{C65D5947-5FAF-499E-859F-75C3852D84B0}) (Version: 1.1.1.0 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company) HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT) HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company) HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company) HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company) HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company) IAC Inspector (HKLM-x32\...\{47D56F67-14DA-4D93-A0E3-9D2219941008}_is1) (Version: 1.1.1.0 - SCHRACK SECONET AG) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT) Integral Software V6.2 (HKLM-x32\...\{3ED91DCC-BF04-4720-ABEB-8E2E4E208386}_is1) (Version: 6.2 - SCHRACK Seconet AG) IntegralAnalysis V1.1.0 (HKLM-x32\...\{5D732ABF-E46A-47EC-9C63-BD4CD2992126}_is1) (Version: - ) IntegralIP Software V7.2 (HKLM-x32\...\{C692B9E2-A52B-48A5-9B93-49AC2613F2ED}_is1) (Version: 7.2 - SCHRACK Seconet AG) IntegralIP Software V7.3 (HKLM-x32\...\{25D7B449-B10D-4FDF-A576-8AFFD9712E1A}_is1) (Version: 7.3 - SCHRACK Seconet AG) IntegralIP Software V8.0 (HKLM-x32\...\{C115DBB3-81C1-4E8C-A0C1-DBAF5063EA6B}_is1) (Version: 8.0 - SCHRACK Seconet AG) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation) Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle) Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle) JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2013 dla Użytkowników Domowych i Małych Firm - pl-pl (HKLM\...\HomeBusinessRetail - pl-pl) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-33010299-566735224-18553354-1003\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.2.0 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 pl)) (Version: 31.3.0 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden OpenOffice 4.1.1 (HKLM-x32\...\{B5373BA3-BAD7-4EAC-A9D2-B66B41B82C57}) (Version: 4.11.9775 - Apache Software Foundation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA) PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH) PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH) PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) PITy2013 IPS 1.5.6.0 kompilacja:1.5.6.3 (HKLM-x32\...\PITy2013IPS_is1) (Version: - IPS Przedsiębiorstwo Informatyczne) Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company) SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SWUpdater V2.3.7 (HKLM-x32\...\{B2031B15-3E87-43EC-8B77-EA2DCFE43298}_is1) (Version: V2.3.7 - SCHRACK Seconet AG) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated) Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company) Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.) Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.) WebSecClient (HKLM-x32\...\{76275110-67AA-4EDA-BCF7-5D6CA740C5EF}) (Version: 5.13.0612 - MARX Software Security) WinRAR 5.11 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. ) Yahoo! Search (HKU\S-1-5-21-33010299-566735224-18553354-1003\...\Yahoo! Search) (Version: - Pay-By-Ads) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-33010299-566735224-18553354-1003_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-33010299-566735224-18553354-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-33010299-566735224-18553354-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-33010299-566735224-18553354-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-33010299-566735224-18553354-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 18-12-2014 08:39:01 Usuwanie pakietu językowego 18-12-2014 15:19:21 Windows Update 22-12-2014 07:12:13 Windows Update 22-12-2014 08:39:33 Usuwanie pakietu językowego 23-12-2014 07:10:27 HPSF Restore Point 23-12-2014 08:05:45 Usuwanie pakietu językowego 29-12-2014 07:07:49 Windows Update 30-12-2014 09:22:30 Installed WebSecClient 30-12-2014 09:31:49 Installed WebSecClient 30-12-2014 09:36:13 Instalacja pakietu sterownika urządzenia: Schrack Seconet Kontrolery uniwersalnej magistrali szeregowej 31-12-2014 09:17:55 Usuwanie pakietu językowego 02-01-2015 06:53:09 Windows Update 02-01-2015 09:23:59 Usuwanie pakietu językowego 07-01-2015 06:46:01 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01B6A41B-B6D2-4F7C-BAF0-E99F0F3E6389} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {184B4C47-FF24-4F7C-8F92-F91488BD1FF4} - System32\Tasks\Yahoo! Search => C:\Users\user\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.6\dsrlte.exe [2015-01-07] (Pay By Ads LTD) <==== ATTENTION Task: {2E613ECA-8CFD-431A-A7D2-A0CAB520E4B7} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] () Task: {3D5E087F-2F2D-4D42-9C1C-2D5477797188} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HPPAP-user HPPAP => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation) Task: {4351D2E2-B783-40CB-962D-877C23883FB8} - System32\Tasks\Yahoo! Search Updater => C:\Users\user\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.6\dsrsetup.exe [2015-01-07] (Pay By Ads LTD) <==== ATTENTION Task: {4C8A14AA-9C71-4923-8E8E-11F44A9802B0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {5A6267DD-E2E3-4969-B9F4-E051E9777B41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {60658C0F-2765-4A35-884E-AF6631687195} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {7511A61D-44D3-4250-BA62-066C812F87FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {A2485FB5-CABD-486F-8370-215B0EE7BACF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {B6E2B55B-C60E-4259-B67D-87A665ABA7F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-12] (Adobe Systems Incorporated) Task: {BADB7CE5-A15D-465C-A5FA-EA5057668C7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.) Task: {C2D6972E-B266-4809-8DC0-36EDC22BA0BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-10] (Google Inc.) Task: {CA0230C8-6A6B-4479-AD81-19A92EE03F00} - System32\Tasks\Opera scheduled Autoupdate 1416317014 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software) Task: {D9E6CCD3-0C7E-487B-9115-B4EC3D8F34DB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {FAE9F51C-0C52-4B96-9BCF-4EDEEC288104} - System32\Tasks\HPCeeScheduleForuser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-01-18 01:57 - 2012-01-18 01:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2012-03-22 01:14 - 2012-03-22 01:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll 2011-10-12 11:03 - 2011-10-12 11:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll 2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll 2014-12-01 06:55 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-09-05 10:25 - 2013-09-05 10:25 - 01319936 _____ () C:\Program Files\Dassault Systemes\DraftSight\bin\QtNetwork4.dll 2013-09-05 10:25 - 2013-09-05 10:25 - 03405312 _____ () C:\Program Files\Dassault Systemes\DraftSight\bin\QtCore4.dll 2013-12-04 09:25 - 2013-12-04 09:25 - 00566784 _____ () C:\Program Files\Dassault Systemes\DraftSight\bin\QtXml4.dll 2014-11-18 13:23 - 2014-11-18 13:23 - 00514560 _____ () C:\windows\SysWOW64\IRCPAcousticDriver.exe 2012-03-22 00:36 - 2012-03-22 00:36 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe 2014-12-02 12:32 - 2015-01-07 13:28 - 00529136 _____ () C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe 2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll 2014-01-18 20:50 - 2012-03-28 18:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2014-12-02 07:28 - 2015-01-07 13:33 - 00529136 _____ () C:\Program Files (x86)\Hold Page\updateHoldPage.exe 2014-12-02 12:33 - 2015-01-07 04:41 - 00098544 _____ () C:\Program Files (x86)\Hold Page\bin\HoldPage.BrowserAdapter.exe 2014-12-02 12:33 - 2015-01-07 04:41 - 00114928 _____ () C:\Program Files (x86)\Hold Page\bin\HoldPage.BrowserAdapter64.exe 2014-12-02 12:33 - 2015-01-06 22:24 - 00353008 _____ () C:\Program Files (x86)\Hold Page\bin\HoldPage.PurBrowse64.exe 2014-12-02 12:33 - 2015-01-07 01:38 - 00101616 _____ () C:\Program Files (x86)\Hold Page\bin\HoldPage.expext.exe 2014-12-18 07:07 - 2014-12-18 07:07 - 00535160 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe 2014-12-04 06:55 - 2015-01-07 03:38 - 01649904 _____ () C:\Program Files (x86)\Hold Page\bin\HoldPage.BOASHelper.exe 2014-12-04 06:55 - 2015-01-07 03:38 - 01786608 _____ () C:\Program Files (x86)\Hold Page\bin\HoldPage.BOASPRT.exe 2014-12-04 06:55 - 2015-01-07 03:38 - 01791216 _____ () C:\Program Files (x86)\Hold Page\bin\HoldPage.BOAS.exe 2012-03-22 01:00 - 2012-03-22 01:00 - 02846720 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll 2012-03-22 00:34 - 2012-03-22 00:34 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll 2012-03-22 00:59 - 2012-03-22 00:59 - 03002368 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll 2012-03-22 01:04 - 2012-03-22 01:04 - 02850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll 2012-03-22 01:02 - 2012-03-22 01:02 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll 2012-03-22 00:38 - 2012-03-22 00:38 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll 2012-03-22 00:39 - 2012-03-22 00:39 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll 2014-01-18 21:17 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 20:34 - 2012-06-08 20:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-12-30 09:31 - 2013-01-07 14:55 - 00623104 _____ () C:\Program Files (x86)\SWUpdater\mrxpu.dll 2014-11-14 10:29 - 2014-11-14 10:29 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d8090ffb538a2803336e702091cd0bdd\IsdiInterop.ni.dll 2013-04-12 23:33 - 2014-11-14 10:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-01-18 20:49 - 2012-03-28 18:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-03-19 08:00 - 2014-03-19 08:00 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll 2014-12-02 12:33 - 2015-01-07 01:38 - 00082160 _____ () C:\Program Files (x86)\Hold Page\bin\HoldPage.expextdll.dll 2015-01-07 06:39 - 2015-01-07 06:39 - 00306176 _____ () C:\Users\user\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.6\Elhec4am.dll 2014-12-18 07:07 - 2014-12-18 07:07 - 01358456 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libglesv2.dll 2014-12-18 07:07 - 2014-12-18 07:07 - 00219256 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libegl.dll 2014-12-18 07:07 - 2014-12-18 07:07 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll 2014-12-18 07:07 - 2014-12-18 07:07 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll 2015-01-05 15:05 - 2015-01-07 04:41 - 00197360 _____ () C:\Program Files (x86)\Hold Page\bin\91975f83f39c43cfaad4.dll 2014-12-17 07:37 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-17 07:37 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-17 07:37 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2014-12-17 07:37 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll 2014-12-17 07:37 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-10-08 18:11 - 2014-12-02 10:55 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2014-10-08 18:12 - 2014-11-18 15:26 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll 2014-10-08 18:11 - 2014-12-02 10:55 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-33010299-566735224-18553354-500 - Administrator - Disabled) Gość (S-1-5-21-33010299-566735224-18553354-501 - Limited - Disabled) user (S-1-5-21-33010299-566735224-18553354-1003 - Administrator - Enabled) => C:\Users\user USER_ (S-1-5-21-33010299-566735224-18553354-1002 - Administrator - Enabled) => C:\Users\USER_ ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/07/2015 01:29:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 01:28:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 06:35:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2015 03:03:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2015 06:38:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/02/2015 06:42:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/31/2014 07:01:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/30/2014 09:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 275575 Error: (12/30/2014 09:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 275575 Error: (12/30/2014 09:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (01/07/2015 01:37:20 PM) (Source: DCOM) (EventID: 10016) (User: HPPAP) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}HPPAPuserS-1-5-21-33010299-566735224-18553354-1003LocalHost (użycie LRPC) Error: (01/07/2015 01:29:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi gwiopm z powodu następującego błędu: %%2 Error: (01/07/2015 01:29:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi CBN z powodu następującego błędu: %%1275 Error: (01/07/2015 01:29:17 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \??\C:\windows\SysWow64\Drivers\CBN.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (01/07/2015 01:28:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi gwiopm z powodu następującego błędu: %%2 Error: (01/07/2015 01:27:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi CBN z powodu następującego błędu: %%1275 Error: (01/07/2015 01:27:56 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Ładowanie sterownika \??\C:\windows\SysWow64\Drivers\CBN.SYS zostało zablokowane z powodu niezgodności z tym systemem. Skontaktuj się z dostawcą oprogramowania w celu uzyskania zgodnej wersji sterownika. Error: (01/07/2015 01:15:18 PM) (Source: DCOM) (EventID: 10016) (User: HPPAP) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}HPPAPuserS-1-5-21-33010299-566735224-18553354-1003LocalHost (użycie LRPC) Error: (01/07/2015 00:19:06 PM) (Source: DCOM) (EventID: 10016) (User: HPPAP) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}HPPAPuserS-1-5-21-33010299-566735224-18553354-1003LocalHost (użycie LRPC) Error: (01/07/2015 11:28:51 AM) (Source: DCOM) (EventID: 10016) (User: HPPAP) Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}HPPAPuserS-1-5-21-33010299-566735224-18553354-1003LocalHost (użycie LRPC) Microsoft Office Sessions: ========================= Error: (01/07/2015 01:29:21 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 01:28:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/07/2015 06:35:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2015 03:03:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/05/2015 06:38:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/02/2015 06:42:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/31/2014 07:01:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/30/2014 09:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 275575 Error: (12/30/2014 09:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 275575 Error: (12/30/2014 09:57:31 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentage of memory in use: 50% Total physical RAM: 8071.55 MB Available physical RAM: 3975.01 MB Total Pagefile: 16141.28 MB Available Pagefile: 11298.75 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:198.39 GB) (Free:110.04 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_RECOVERY) (Fixed) (Total:22.79 GB) (Free:2.94 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: C33AA44F) Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=198.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=22.8 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ==================== End Of Log ============================