Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015 Ran by zbi1 at 2015-07-29 09:10:12 Running from D:\DOWNLOADS Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-570336105-3435802217-2858435366-500 - Administrator - Disabled) Gość (S-1-5-21-570336105-3435802217-2858435366-501 - Limited - Disabled) zbi (S-1-5-21-570336105-3435802217-2858435366-1002 - Limited - Enabled) => C:\Users\zbi zbi1 (S-1-5-21-570336105-3435802217-2858435366-1001 - Administrator - Enabled) => C:\Users\zbi1 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: STOPzilla AntiVirus (Disabled - Out of date) {581418F3-DCB4-03A7-8970-1C2B5929FC27} AS: STOPzilla AntiVirus (Disabled - Out of date) {E375F917-FA8E-0C29-B3C0-275922AEB69A} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.36 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation) ASUS X201 Product Demo (HKLM-x32\...\{996B0F67-53E5-437B-92A9-B40B36EE6F58}) (Version: 1.0.0 - ASUS) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS) Brother MFL-Pro Suite DCP-J140W (HKLM-x32\...\{2FF959E3-FFE4-46C4-96DA-03F26BCFEFCC}) (Version: 1.1.5.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Far Manager 3 x64 (HKLM\...\{F41575FA-F946-42A9-8704-26694F01AB2A}) (Version: 3.0.4242 - Eugene Roshal & Far Group) ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - ) Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden HMG.4 (2011.11.23) (HKLM-x32\...\HMG.4 (2011.11.23)_is1) (Version: - Rathinagiti ) inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3114 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060F0}) (Version: 7.0.600 - Oracle) Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle) Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 39.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pl)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla) MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS) Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software) Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia) PC Connectivity Solution (HKLM-x32\...\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}) (Version: 8.47.7.0 - Nokia) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge) Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) Samsung PC Studio 3 (HKLM-x32\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.1.71009 - Samsung Electronics Co., Ltd.) Samsung PC Studio 3 (x32 Version: 3.0.0.71009 - Samsung Electronics Co., Ltd.) Hidden Samsung PC Studio 7 (HKLM-x32\...\Samsung PC Studio 7) (Version: 7.2.24.9 - Samsung) Samsung PC Studio 7 (x32 Version: 7.2.24.9 - Samsung) Hidden SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) STOPzilla 7 Install (HKLM-x32\...\{63D41586-5FE0-4DDF-8958-8F022C1938D7}) (Version: 7.0.2.81 - iS3, Inc.) UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba) UltraVnc (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.9.6.1 - uvnc bvba) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) Windows Driver Package - ASUS (ATP) Mouse (11/09/2012 1.0.0.153) (HKLM\...\5AB9160B769DD2E134ADCB8010377DECA2479378) (Version: 11/09/2012 1.0.0.153 - ASUS) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) Winflector wersja 3.2.0.1 (HKLM\...\Winflector_is1) (Version: 3.2.0.1 - OTC S.A.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 11-07-2015 15:28:09 Zainstalowane Samsung New PC Studio 25-07-2015 14:34:06 Removed PDF Architect 25-07-2015 15:19:26 Installed STOPzilla 7 Install. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {12C59736-278C-4C08-9370-573968483308} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-20] (AsusTek) Task: {1562F693-8EEE-41D7-806B-B8B1970AE4F4} - System32\Tasks\{EE6E6D28-8D8A-48FC-A10C-7FB684DE3569} => c:\program files (x86)\opera\launcher.exe [2015-07-10] (Opera Software) Task: {2093E06F-D53F-41E2-A060-CC5206A80A1E} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {22FA522B-AB20-4DDC-AE20-BE47384C4680} - System32\Tasks\Yahoo! Search Updater => C:\Users\zbi1\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrsetup.exe <==== ATTENTION Task: {24F17245-69B1-4149-BAC8-EDF10EC9F0A1} - System32\Tasks\Opera scheduled Autoupdate 1374854997 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software) Task: {27C8ADFA-21B2-41F8-AB9C-43911F2D3FC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd) Task: {2A15F029-5C2B-408E-BFBB-A056BCDCBDDF} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.) Task: {4E148675-F38C-4C7E-9968-4537BA4FAE37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-07] (Google Inc.) Task: {56358BE0-E7E0-4454-B7D1-E8914742B483} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {5EC660C7-FFD5-427F-AD64-35B411167BA6} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {629E821D-1DDC-40B5-BA30-266FD4D14F6D} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {70067934-A2A7-4BA0-A283-A1961DCE5B68} - System32\Tasks\Yahoo! Search => C:\Users\zbi1\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe <==== ATTENTION Task: {934A799F-B092-4A6E-8D2E-70B88B09DC3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-07] (Google Inc.) Task: {A1E958DF-D8AD-4113-9DCE-7C90489C196B} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS) Task: {AFA8AD5F-5EBA-477F-8F4D-01891134368B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation) Task: {FBBFA110-8781-4E7F-A456-430EDEB10EB2} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {FDD5847A-2AE6-4459-BA30-46526A6ACA75} - System32\Tasks\Driver Booster SkipUAC (zbi1) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-08-03 19:05 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll 2012-08-10 20:28 - 2012-08-10 20:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-08-10 20:23 - 2012-08-10 20:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\pl-PL\BtTray.pl-PL.dll 2012-12-20 11:57 - 2012-11-02 09:19 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll 2008-12-06 02:19 - 2008-12-06 02:19 - 00918016 _____ () C:\Program Files (x86)\Samsung\Samsung PC Studio 7\phonebrowser64.dll 2009-05-16 00:20 - 2009-05-16 00:20 - 01103872 _____ () C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSCM64_Samsung.dll 2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2014-10-23 21:19 - 2014-10-23 21:19 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1045.dll 2015-02-28 14:43 - 2015-01-17 16:13 - 00428820 _____ () C:\Program Files\FAR3\lua51.dll 2015-02-28 14:43 - 2015-01-17 16:13 - 00062464 _____ () C:\Program Files\FAR3\lpeg.dll 2012-09-11 16:01 - 2012-09-11 16:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2015-07-06 19:50 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2013-01-08 15:51 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-07-25 15:39 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\iS3\STOPzilla AntiVirus\Definitions\libBase64.dll 2015-07-25 15:39 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\iS3\STOPzilla AntiVirus\Definitions\libMachoUniv.dll 2015-07-28 09:41 - 2015-07-28 09:41 - 00008704 _____ () C:\Users\zbi1\AppData\Local\Temp\nsj9D2D.tmp\newadvsplash.dll 2015-07-28 09:41 - 2015-07-28 09:41 - 00011264 _____ () C:\Users\zbi1\AppData\Local\Temp\nsj9D2D.tmp\System.dll 2015-07-28 09:41 - 2015-07-28 09:41 - 00029696 _____ () C:\Users\zbi1\AppData\Local\Temp\nsj9D2D.tmp\registry.dll 2015-06-08 21:23 - 2015-06-08 21:23 - 00153712 _____ () D:\PORT\PortableApps\ThunderbirdPortable\App\thunderbird\NSLDAP32V60.dll 2015-06-08 21:23 - 2015-06-08 21:23 - 00023152 _____ () D:\PORT\PortableApps\ThunderbirdPortable\App\thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\100sexlinks.com -> 100sexlinks.com There are 4788 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-570336105-3435802217-2858435366-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zbi1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: BtTray => "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe" MSCONFIG\startupreg: BtvStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Classic Start Menu => "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: Yahoo! Search => C:\Users\zbi1\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe HKU\S-1-5-21-570336105-3435802217-2858435366-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{EE1E9DB0-229C-4E4D-AB74-642FAA08F87E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D0FA0F34-2B11-4B51-BE43-943BD88E7185}] => (Allow) LPort=2869 FirewallRules: [{43A4B368-FEBD-4F53-870A-9EB533D56567}] => (Allow) LPort=1900 FirewallRules: [{2B2C42BB-6F9D-4C2A-B81D-5FD319DFC03D}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe FirewallRules: [{20A490EF-0726-4D51-A186-6D5BA81FDF2E}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe FirewallRules: [{F457E3BB-1BEC-4526-8788-9F488AC361E4}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe FirewallRules: [{D1559EFA-753C-4C61-A7C5-38AE7E61802A}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe FirewallRules: [TCP Query User{99D82DE7-2BC1-4F95-8D19-723338CE1755}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{DA0A5F12-096A-4365-809E-43B7606B5051}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{9C022B30-FE10-4D63-82A4-F812B1602E82}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{9431DD29-4D16-4925-8625-1B46E858B3DC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{60FAA13D-FA3D-40B2-A310-5BDF816B5CB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5FF79EC4-142E-47E3-9AD9-40A18FD722AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0471FDE6-0E46-453C-B8A0-AA2D86C356C4}] => (Allow) LPort=54925 FirewallRules: [{6365B028-A79F-47F8-8BB6-BAE2B2B9E27A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe FirewallRules: [{26612E4B-80CB-4B91-A516-0371AA6BE484}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe FirewallRules: [{2AC00857-1D4E-459E-85B6-559A608CB5CF}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe FirewallRules: [{139BAE63-4693-4E65-8969-C5A1B94F3EBA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe FirewallRules: [{053C67D4-3033-4533-A260-BC353AE3632D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Intel(R) Management Engine Interface Description: Intel(R) Management Engine Interface Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: MEIx64 Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: WAN Miniport (IPv6) - GFI Software Firewall NDIS IM Filter Miniport Description: GFI Software Firewall NDIS IM Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: GFI Software Service: SBFWIMCLMP Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: WAN Miniport (IP) - GFI Software Firewall NDIS IM Filter Miniport Description: GFI Software Firewall NDIS IM Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: GFI Software Service: SBFWIMCLMP Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (07/27/2015 09:36:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: Explorer.EXE, wersja: 6.2.9200.16628, sygnatura czasowa: 0x51a94434 Nazwa modułu powodującego błąd: twinui.dll, wersja: 6.2.9200.17410, sygnatura czasowa: 0x5579e48e Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000001942b6 Identyfikator procesu powodującego błąd: 0x718 Godzina uruchomienia aplikacji powodującej błąd: 0xExplorer.EXE0 Ścieżka aplikacji powodującej błąd: Explorer.EXE1 Ścieżka modułu powodującego błąd: Explorer.EXE2 Identyfikator raportu: Explorer.EXE3 Pełna nazwa pakietu powodującego błąd: Explorer.EXE4 Identyfikator aplikacji względem pakietu powodującego błąd: Explorer.EXE5 Error: (07/25/2015 08:31:41 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (07/25/2015 02:07:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: javaw.exe, wersja: 6.0.260.3, sygnatura czasowa: 0x4dc1160c Nazwa modułu powodującego błąd: jvm.dll, wersja: 20.1.0.2, sygnatura czasowa: 0x4dc14bf1 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00002b57 Identyfikator procesu powodującego błąd: 0xb7c Godzina uruchomienia aplikacji powodującej błąd: 0xjavaw.exe0 Ścieżka aplikacji powodującej błąd: javaw.exe1 Ścieżka modułu powodującego błąd: javaw.exe2 Identyfikator raportu: javaw.exe3 Pełna nazwa pakietu powodującego błąd: javaw.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: javaw.exe5 Error: (07/24/2015 02:42:38 PM) (Source: System Restore) (EventID: 8211) (User: ) Description: Nie można utworzyć zaplanowanego punktu przywracania. Informacje dodatkowe: (0x81000101). Error: (07/24/2015 02:42:38 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Nie można utworzyć punktu przywracania (Proces = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Opis = Zaplanowany punkt kontrolny; Błąd = 0x81000101). Error: (07/24/2015 09:29:28 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (07/16/2015 09:12:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (07/16/2015 09:11:11 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. Error: (07/13/2015 12:59:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: javaw.exe, wersja: 6.0.260.3, sygnatura czasowa: 0x4dc1160c Nazwa modułu powodującego błąd: jvm.dll, wersja: 20.1.0.2, sygnatura czasowa: 0x4dc14bf1 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00002b57 Identyfikator procesu powodującego błąd: 0xa4c Godzina uruchomienia aplikacji powodującej błąd: 0xjavaw.exe0 Ścieżka aplikacji powodującej błąd: javaw.exe1 Ścieżka modułu powodującego błąd: javaw.exe2 Identyfikator raportu: javaw.exe3 Pełna nazwa pakietu powodującego błąd: javaw.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: javaw.exe5 Error: (07/12/2015 08:37:48 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Nie można odnaleźć zestawu zależnego Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę. System errors: ============= Error: (07/28/2015 07:45:06 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/28/2015 10:14:49 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/27/2015 07:41:22 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/27/2015 04:13:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/27/2015 03:45:07 PM) (Source: MEIx64) (EventID: 3) (User: ) Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware. Error: (07/27/2015 09:46:33 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/27/2015 09:41:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa STOPzilla! zakończyła działanie; wystąpił następujący błąd: %%2147500053 Error: (07/27/2015 09:39:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa STOPzilla Service zakończyła działanie; wystąpił następujący błąd: %%1359 Error: (07/27/2015 09:38:57 AM) (Source: DCOM) (EventID: 10010) (User: ZARZĄDZANIE NT) Description: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} Error: (07/25/2015 10:30:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Optimizer Pro Crash Monitor. Microsoft Office: ========================= Error: (07/27/2015 09:36:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.2.9200.1662851a94434twinui.dll6.2.9200.174105579e48ec000000500000000001942b671801d0c83ef151723bC:\Windows\Explorer.EXEC:\Windows\System32\twinui.dll3d34730b-3432-11e5-bebc-2016d8360bac Error: (07/25/2015 08:31:41 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Samsung\samsung pc studio 7\TIS_VistaPIM.dll Error: (07/25/2015 02:07:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: javaw.exe6.0.260.34dc1160cjvm.dll20.1.0.24dc14bf1c000000500002b57b7c01d0c6d269674ae3C:\Program Files (x86)\Java\jre6\bin\javaw.exeC:\Program Files (x86)\Java\jre6\bin\client\jvm.dlla7c90be2-32c5-11e5-beba-2016d8360bac Error: (07/24/2015 02:42:38 PM) (Source: System Restore) (EventID: 8211) (User: ) Description: 0x81000101 Error: (07/24/2015 02:42:38 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreationZaplanowany punkt kontrolny0x81000101 Error: (07/24/2015 09:29:28 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Samsung\samsung pc studio 7\TIS_VistaPIM.dll Error: (07/16/2015 09:12:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Samsung\samsung pc studio 7\TIS_VistaPIM.dll Error: (07/16/2015 09:11:11 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Samsung\samsung pc studio 7\TIS_VistaPIM.dll Error: (07/13/2015 12:59:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: javaw.exe6.0.260.34dc1160cjvm.dll20.1.0.24dc14bf1c000000500002b57a4c01d0bd5afbfbaad7C:\Program Files (x86)\Java\jre6\bin\javaw.exeC:\Program Files (x86)\Java\jre6\bin\client\jvm.dll3a9e6883-294e-11e5-beba-2016d8360bac Error: (07/12/2015 08:37:48 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Samsung\samsung pc studio 7\TIS_VistaPIM.dll ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU 987 @ 1.50GHz Percentage of memory in use: 47% Total physical RAM: 3979.61 MB Available physical RAM: 2080 MB Total Virtual: 6155.61 MB Available Virtual: 3882 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:119.3 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:131.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 04A53D1B) Partition: GPT Partition Type. ==================== End of log ============================