Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015 Ran by Zuzana at 2015-01-28 13:04:47 Running from C:\Users\Zuzana\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Endpoint Antivirus 5.0 (Disabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1} AS: ESET Endpoint Antivirus 5.0 (Disabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2625221743-1896352500-3224387153-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.4) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-041B-0000-0000000FF1CE}_ENTERPRISE_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft) Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-041B-0000-0000000FF1CE}_ENTERPRISE_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft) Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-041B-0000-0000000FF1CE}_ENTERPRISE_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft) AMR to MP3 Converter 1.4 (HKLM-x32\...\{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1) (Version: - www.amrtomp3converter.com) AnyMeeting (HKLM-x32\...\{CC322A28-34BF-47F3-B2F0-69DBFC46A9F3}) (Version: 2.1.0 - AnyMeeting, Inc.) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{7A8A100D-3ECB-311C-E7A1-4A9FEB8BB209}) (Version: 3.0.765.0 - ATI Technologies, Inc.) AVI&WMV (HKLM-x32\...\{ABC86EE3-425F-43B9-9A4F-4AA765B5A4FB}_is1) (Version: - www.aviwmv.com) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Boxoft free AVI to WMV Converter (HKLM-x32\...\Boxoft free AVI to WMV Converter_is1) (Version: - Boxoft Solution) BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.61.1065 - AB Team, d.o.o.) Bullzip PDF Printer 9.2.0.1499 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.2.0.1499 - Bullzip) Canon MF Toolbox 4.9.1.1.mf12 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf12 - CANON INC.) Canon MF8000C Series (HKLM\...\{A7581B61-C9F9-4fea-B845-E7733C17EC19}) (Version: 3.9.0.0 - CANON INC.) ccc-core-static (x32 Version: 2010.0302.2233.40412 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix) Convert AVI to MP4 (HKLM-x32\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version: - convertavitomp4.com) Counter-Strike 1.6 (HKLM-x32\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd) Dream AMR to MP3 Converter 3.0.1.0 (HKLM-x32\...\{66712EEE-ECBC-4CA4-A474-dream-amr-to-mp3-converter}_is1) (Version: - DreamVideSoft,Inc.) DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.) EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - ) ESET Endpoint Antivirus (HKLM\...\{4DE2F12A-08BB-4DB7-A1CA-9661BE2172DF}) (Version: 5.0.2126.4 - ESET, spol s r. o.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Fotogaléria (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.3.920 - Foxit Corporation) Fraps (HKLM-x32\...\Fraps) (Version: - ) Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.) Google Chrome (HKU\S-1-5-21-2625221743-1896352500-3224387153-1000\...\Google Chrome) (Version: 40.0.2214.93 - Spoločnosť Google Inc.) Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-2625221743-1896352500-3224387153-1000\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6269.0 - IDT) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan) iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.) Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.131 - PandoraTV) Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - ) LibreOffice 3.5 (HKLM-x32\...\{B1F9C834-0594-4563-B344-4ED9599A5945}) (Version: 3.5.5.3 - The Document Foundation) Mail List Validator 2.0 (HKLM-x32\...\Mail List Validator_is1) (Version: 2.0 - Business Software Products) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.015.05.01.85 - Huawei Technologies Co.,Ltd) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 35.0 (x86 sk) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 sk)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 sk) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 sk)) (Version: 31.4.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden Nitro Pro 8 (HKLM\...\{47B42E7A-57E9-407B-8DBB-017B86D7B13F}) (Version: 8.5.2.10 - Nitro) PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - ) PDF Printer for Windows 7 (HKLM\...\PDF Printer for Windows 7_is1) (Version: - Vivid Document Imaging Technologies) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PeaZip 4.6.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time) PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden Questionmark Secure Browser (HKLM-x32\...\{E429EE2E-B76C-4553-8B04-B45587F00FD1}) (Version: 5.3.0.4 - Questionmark Computing Ltd) Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.00035 - Realtek Semiconductor Corp.) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - ) Synology Data Replicator 3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH) TouchCopy 12 (HKLM-x32\...\{EB775F20-F363-4A01-8A89-3C89AE1E373D}) (Version: 12.53 - Wide Angle Software) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.36 - NCH Software) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2625221743-1896352500-3224387153-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Zuzana\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-2625221743-1896352500-3224387153-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Zuzana\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2625221743-1896352500-3224387153-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-2625221743-1896352500-3224387153-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Zuzana\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2625221743-1896352500-3224387153-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Zuzana\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2625221743-1896352500-3224387153-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Zuzana\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2625221743-1896352500-3224387153-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Zuzana\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 27-01-2015 14:36:10 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-10-02 13:54 - 00000130 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 23.23.201.236 appinstalled.anymeeting.com #removing this line will break the AnyMeeting Application ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {018B2E4B-C822-49AF-B9E0-9E53E99C7336} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000UA => C:\Users\Zuzana\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-04] (Facebook Inc.) Task: {2847EEEA-18C8-44E2-9169-D52A1B11B23A} - System32\Tasks\AdobeAAMUpdater-1.0-PETERSULEK-Zuzana => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe Task: {2C45E93D-02D4-496A-A2C1-6E1F849A8401} - System32\Tasks\G2MUpdateTask-S-1-5-21-2625221743-1896352500-3224387153-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-27] (Citrix Online, a division of Citrix Systems, Inc.) Task: {4389E058-27DD-4F27-8350-89BB575FF4DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31] (Google Inc.) Task: {58C13799-278E-4993-84AE-CA79ED71447A} - System32\Tasks\{8040BBFA-0A51-4F47-8934-BEB1D9D22181} => pcalua.exe -a C:\Users\Zuzana\Desktop\Apps\PhotoshopPortable.exe -d C:\Users\Zuzana\Desktop\Apps Task: {652AC782-1CBE-47BE-95ED-A61F1373A41A} - System32\Tasks\{2DE29C43-DCD8-4441-942D-462F380FAC8E} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar Task: {653331A2-44A3-4802-AB13-054FC535C2E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000UA => C:\Users\Zuzana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19] (Google Inc.) Task: {728CFFEC-8E34-4242-9CD0-30EE02487984} - System32\Tasks\{D1033A77-AC6A-460E-83E4-9A07B43824A9} => pcalua.exe -a "C:\!Peter Sulek\Programs\Photoshop Portable\Photoshop CS4\PhotoshopPortable.exe" -d "C:\!Peter Sulek\Programs\Photoshop Portable\Photoshop CS4" Task: {7694EF55-232E-44B7-8FDC-D9A085F8EB96} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000Core => C:\Users\Zuzana\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19] (Google Inc.) Task: {A3616C4F-A416-4388-90F2-3EB647F43C13} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000Core => C:\Users\Zuzana\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-11-04] (Facebook Inc.) Task: {A586AA25-6DCD-46FB-809C-9F8F94D04358} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-27] (Adobe Systems Incorporated) Task: {A82F5D2A-A3C9-48B5-AD7F-23F2E6B55E03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {AE4BB421-2979-4709-8E0B-8B409C0F402C} - System32\Tasks\Synology Data Replicator 3-PC107-Zuzana => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe [2012-06-28] (Synology Inc.) Task: {D081AAAE-4582-4697-8A8E-1D9FBBCD0852} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D6E88392-B4FC-4027-8873-F433450EC025} - System32\Tasks\{5D76580F-E3F3-4FEB-BCB9-DE97C6426614} => Chrome.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: {F196601A-5E68-4464-BA78-D4647DDABA52} - System32\Tasks\{EDBED1D7-B7EF-4613-ADEA-99698C33B9D9} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar Task: {F30554D9-6BA4-433B-97AD-621C2D898811} - System32\Tasks\{898602FE-0581-4073-AB42-57ACAE82DB10} => pcalua.exe -a "C:\!Peter Sulek\Games\CS 1.6\upg non steam.exe" -d "C:\!Peter Sulek\Games\CS 1.6" Task: {FE45A3BE-3269-4787-876D-7888CD22F1F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-31] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000Core.job => C:\Users\Zuzana\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000UA.job => C:\Users\Zuzana\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2625221743-1896352500-3224387153-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000Core.job => C:\Users\Zuzana\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625221743-1896352500-3224387153-1000UA.job => C:\Users\Zuzana\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Synology Data Replicator 3-PC107-Zuzana.job => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-23 10:43 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL 2014-01-23 10:05 - 2011-04-02 16:04 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2014-01-15 04:42 - 2014-01-15 04:42 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2015-01-13 21:42 - 2013-10-26 10:45 - 00651856 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe 2012-06-28 03:10 - 2012-06-28 03:10 - 00381312 _____ () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe 2012-09-18 04:10 - 2012-09-18 04:10 - 00248704 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe 2010-03-08 10:02 - 2010-03-08 10:02 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-07-19 10:42 - 2012-07-19 10:42 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-01-13 21:42 - 2013-08-31 06:44 - 02417152 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll 2015-01-13 21:42 - 2009-01-10 19:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll 2015-01-13 21:42 - 2009-06-23 03:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll 2015-01-13 21:42 - 2013-08-31 06:46 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll 2015-01-27 09:54 - 2015-01-25 07:08 - 01117512 _____ () C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\40.0.2214.93\libglesv2.dll 2015-01-27 09:54 - 2015-01-25 07:08 - 00211272 _____ () C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\40.0.2214.93\libegl.dll 2015-01-27 09:54 - 2015-01-25 07:08 - 09170760 _____ () C:\Users\Zuzana\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2625221743-1896352500-3224387153-500 - Administrator - Disabled) Guest (S-1-5-21-2625221743-1896352500-3224387153-501 - Limited - Disabled) Zuzana (S-1-5-21-2625221743-1896352500-3224387153-1000 - Administrator - Enabled) => C:\Users\Zuzana ==================== Faulty Device Manager Devices ============= Name: HP Color LaserJet CP1518ni Description: HP Color LaserJet CP1518ni Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet Professional P1102w Description: HP LaserJet Professional P1102w Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1102w Description: HP LaserJet Professional P1102w Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart C4700 series Description: Photosmart C4700 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1102w Description: HP LaserJet Professional P1102w Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Photosmart C4700 series Description: Photosmart C4700 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= Error: (02/15/2014 02:43:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 440224 seconds with 10200 seconds of active time. This session ended with a crash. Error: (01/22/2014 11:20:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 434 seconds with 420 seconds of active time. This session ended with a crash. Error: (01/22/2014 11:04:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3628 seconds with 2220 seconds of active time. This session ended with a crash. Error: (11/18/2013 08:43:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 68 seconds with 60 seconds of active time. This session ended with a crash. Error: (11/18/2013 08:41:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 116 seconds with 60 seconds of active time. This session ended with a crash. Error: (10/14/2013 07:27:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5917 seconds with 3540 seconds of active time. This session ended with a crash. Error: (10/14/2013 05:48:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1471328 seconds with 31380 seconds of active time. This session ended with a crash. Error: (08/23/2013 01:16:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 176097 seconds with 8160 seconds of active time. This session ended with a crash. Error: (08/12/2013 05:54:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 282818 seconds with 9240 seconds of active time. This session ended with a crash. Error: (07/17/2013 11:27:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-09-08 09:45:47.299 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-08 09:45:47.026 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon(tm) II Neo K325 Dual-Core Processor Percentage of memory in use: 41% Total physical RAM: 3838.11 MB Available physical RAM: 2240.4 MB Total Pagefile: 7674.4 MB Available Pagefile: 5553.63 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Local Disk) (Fixed) (Total:465.66 GB) (Free:52.52 GB) NTFS Drive d: (MO2007Enterprise) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B7362935) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================