Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-09-2014 Ran by Adrian at 2014-09-30 18:36:48 Running from C:\Users\Adrian\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.) Google Chrome (HKCU\...\Google Chrome) (Version: 21.0.1180.89 - Google Inc.) KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 30-09-2014 13:25:37 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0A8C45E2-C4AA-413A-9F60-950EE5C8841E} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0DFADE1A-713E-4673-9E8B-9938AF031D4D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {71317277-126B-4C52-9F88-D96CBE8C765C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A08CAA66-1D00-479E-86EE-B42E4D42C208} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {A2E6AF92-A27E-48C6-9213-2231E259B7DF} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance No Task File <==== ATTENTION Task: {C5511CAF-1880-42F4-A0FC-ADC8F1633642} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {CC7E9366-CF26-4DC9-A66C-3EAB252649E1} - \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan No Task File <==== ATTENTION Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E288921A-4336-4DEA-A1A6-6F3E6A856E5C} - \Microsoft\Windows\Windows Defender\Windows Defender Verification No Task File <==== ATTENTION Task: {E2B05288-10C3-479E-B735-891FDA6FD888} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] () Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F67C3C3C-2EE9-498E-A0D8-AA09F8787FB1} - \Microsoft\Windows\Windows Defender\Windows Defender Cleanup No Task File <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-09-29 22:23 - 2014-09-29 22:23 - 76678656 __RSH () C:\Users\Adrian\AppData\Roaming\nvxasync\nvxasync.exe 2014-03-18 11:50 - 2014-03-18 11:50 - 00012728 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbwe\Microsoft.PerfTrack.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00054784 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Globalization.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00020480 _____ () C:\WINDOWS\system32\WinMetadata\Windows.System.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00096256 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Storage.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00134144 _____ () C:\WINDOWS\system32\WinMetadata\Windows.ApplicationModel.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd 2014-03-18 11:50 - 2014-03-18 11:50 - 00280064 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbwe\Microsoft.Bing.AppEx.Telemetry.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00066560 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Security.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00112640 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Networking.winmd 2014-03-18 11:50 - 2014-03-18 11:50 - 00016912 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbwe\SqliteWrapper.winmd 2014-03-18 11:50 - 2014-03-18 11:50 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbwe\SqliteWrapper.dll 2014-03-18 11:50 - 2014-03-18 11:50 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbwe\Sqlite3.dll 2013-08-22 09:19 - 2013-08-22 08:54 - 00093696 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Web.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00049664 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Graphics.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd 2013-08-22 09:19 - 2013-08-22 08:54 - 00169472 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Devices.winmd 2014-03-18 11:51 - 2014-03-18 11:51 - 00012728 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.234_x64__8wekyb3d8bbwe\Microsoft.PerfTrack.winmd 2014-03-18 11:51 - 2014-03-18 11:51 - 00280064 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.234_x64__8wekyb3d8bbwe\Microsoft.Bing.AppEx.Telemetry.winmd 2014-03-18 11:51 - 2014-03-18 11:51 - 00016912 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.234_x64__8wekyb3d8bbwe\SqliteWrapper.winmd 2014-03-18 11:51 - 2014-03-18 11:51 - 00551440 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.234_x64__8wekyb3d8bbwe\SqliteWrapper.dll 2014-03-18 11:51 - 2014-03-18 11:51 - 00660920 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.234_x64__8wekyb3d8bbwe\Sqlite3.dll 2014-03-18 11:51 - 2014-03-18 11:51 - 00043008 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.234_x64__8wekyb3d8bbwe\FinanceApp.winmd ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Adrian\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-721118335-2541393669-1043028165-500 - Administrator - Disabled) Adrian (S-1-5-21-721118335-2541393669-1043028165-1001 - Administrator - Enabled) => C:\Users\Adrian Guest (S-1-5-21-721118335-2541393669-1043028165-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-721118335-2541393669-1043028165-1005 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/30/2014 05:28:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: Aktywacja aplikacji windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel nie powiodła się. Błąd: -2147023170. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (09/30/2014 05:13:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: Aktywacja aplikacji windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel nie powiodła się. Błąd: -2147023170. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (09/30/2014 05:00:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: Aktywacja aplikacji windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel nie powiodła się. Błąd: -2147023170. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (09/30/2014 05:00:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: Aktywacja aplikacji windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel nie powiodła się. Błąd: -2147023170. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (09/30/2014 05:00:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: Aktywacja aplikacji windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel nie powiodła się. Błąd: -2147023170. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (09/30/2014 03:28:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Program wwahost.exe w wersji 6.3.9600.17031 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania. Identyfikator procesu: 63c Godzina rozpoczęcia: 01cfdcb212ea896f Godzina zakończenia: 4294967295 Ścieżka aplikacji: C:\WINDOWS\system32\wwahost.exe Identyfikator raportu: 73f9ca1c-48a5-11e4-8251-88ae1dd7a0a4 Pełna nazwa pakietu powodującego błąd: Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbwe Identyfikator aplikacji względem pakietu powodującego błąd: App Error: (09/30/2014 03:27:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: Aktywacja aplikacji Microsoft.BingWeather_8wekyb3d8bbwe!App nie powiodła się. Błąd: -2144927142. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (09/30/2014 03:26:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TESLA) Description: Aplikacja Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbwe+App nie została uruchomiona w wyznaczonym czasie. Error: (09/30/2014 02:03:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004C003 Argumenty wiersza polecenia: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=TimerEvent Error: (09/30/2014 02:03:12 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: ) Description: Pozyskanie licencji użytkowania nie powiodło się. hr=0xC004C003 Identyfikator SKU=8da2dfae-e4f5-4e6a-9272-96f8470e033e System errors: ============= Error: (09/30/2014 05:13:45 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (09/30/2014 04:36:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (09/30/2014 02:37:44 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (09/30/2014 01:50:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Usługa BranchCache zakończyła działanie; wystąpił następujący specyficzny dla niej błąd: %%1260 Error: (09/30/2014 01:49:59 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: Ten komputer jest skonfigurowany jako członek grupy roboczej, a nie domeny. W tej konfiguracji usługa Netlogon nie musi być uruchamiana. Error: (09/30/2014 01:49:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Computer Browser zależy od usługi Workstation, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (09/30/2014 01:49:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Computer Browser zależy od usługi Workstation, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (09/30/2014 01:49:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Computer Browser zależy od usługi Workstation, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (09/30/2014 01:49:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Computer Browser zależy od usługi Workstation, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (09/30/2014 01:49:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Computer Browser zależy od usługi Workstation, której nie można uruchomić z powodu następującego błędu: %%1058 Microsoft Office Sessions: ========================= Error: (09/30/2014 05:28:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2147023170 Error: (09/30/2014 05:13:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2147023170 Error: (09/30/2014 05:00:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2147023170 Error: (09/30/2014 05:00:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2147023170 Error: (09/30/2014 05:00:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2147023170 Error: (09/30/2014 03:28:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703163c01cfdcb212ea896f4294967295C:\WINDOWS\system32\wwahost.exe73f9ca1c-48a5-11e4-8251-88ae1dd7a0a4Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbweApp Error: (09/30/2014 03:27:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TESLA) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927142 Error: (09/30/2014 03:26:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TESLA) Description: Microsoft.BingWeather_3.0.2.233_x64__8wekyb3d8bbwe+App Error: (09/30/2014 02:03:17 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0xC004C003RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8da2dfae-e4f5-4e6a-9272-96f8470e033e;NotificationInterval=1440;Trigger=TimerEvent Error: (09/30/2014 02:03:12 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: ) Description: hr=0xC004C0038da2dfae-e4f5-4e6a-9272-96f8470e033e ==================== Memory info =========================== Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz Percentage of memory in use: 63% Total physical RAM: 2008.6 MB Available physical RAM: 732.48 MB Total Pagefile: 3160.6 MB Available Pagefile: 678.84 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive b: (MAGAZYN) (Fixed) (Total:182.54 GB) (Free:180.33 GB) NTFS Drive c: (SYSTEM) (Fixed) (Total:50 GB) (Free:34.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 7BA2F1AB) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=182.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================