Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01 Ran by Budzikowscy at 2014-11-26 08:38:02 Running from C:\Users\Budzikowscy\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.09) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {39F47ADD-F118-43BF-B1B7-450A0B4F12F5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe Task: {C73166E4-2F20-4A0B-BCB7-526EEAEF0FD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.) Task: {F309A698-D697-498E-BE57-22C8615349F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-15 07:10 - 2014-06-20 12:41 - 20452352 _____ () E:\Gry\GameforgeLive\Games\GBR_eng\TERA\libcef.dll 2014-10-15 07:09 - 2014-06-20 12:41 - 00115240 _____ () E:\Gry\GameforgeLive\Games\GBR_eng\TERA\CopyCub.dll 2014-11-25 13:55 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll 2014-11-25 13:55 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll 2014-11-25 13:55 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll 2014-11-25 13:55 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll 2014-11-25 13:55 - 2014-11-14 22:15 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll 2014-01-03 07:59 - 2014-02-10 18:04 - 00430080 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-259255893-3387589743-3849538127-500 - Administrator - Disabled) Budzikowscy (S-1-5-21-259255893-3387589743-3849538127-1001 - Administrator - Enabled) => C:\Users\Budzikowscy Gość (S-1-5-21-259255893-3387589743-3849538127-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/25/2014 01:39:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/25/2014 01:39:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/25/2014 01:19:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/25/2014 01:19:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/25/2014 01:13:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/25/2014 01:13:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/25/2014 00:52:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007007B Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/25/2014 00:48:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007267C Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2 Error: (11/25/2014 00:31:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0x8007267C Argumenty wiersza polecenia: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 System errors: ============= Error: (11/25/2014 02:22:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Service KMSELDI niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (11/25/2014 02:22:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Wirtualizacja pliku UAC z powodu następującego błędu: %%1275 Error: (11/25/2014 02:16:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Service KMSELDI niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (11/25/2014 02:16:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Wirtualizacja pliku UAC z powodu następującego błędu: %%1275 Error: (11/25/2014 02:12:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Service KMSELDI niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (11/25/2014 02:12:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Wirtualizacja pliku UAC z powodu następującego błędu: %%1275 Error: (11/25/2014 02:11:38 PM) (Source: DCOM) (EventID: 10010) (User: BudzikowscyPC) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (11/25/2014 02:11:38 PM) (Source: DCOM) (EventID: 10010) (User: BudzikowscyPC) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (11/25/2014 01:39:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Wirtualizacja pliku UAC z powodu następującego błędu: %%1275 Error: (11/25/2014 01:38:45 PM) (Source: DCOM) (EventID: 10010) (User: BudzikowscyPC) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Microsoft Office Sessions: ========================= Error: (11/25/2014 01:39:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/25/2014 01:39:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/25/2014 01:19:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/25/2014 01:19:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/25/2014 01:13:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/25/2014 01:13:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (11/25/2014 00:52:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (11/25/2014 00:48:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0x8007267CRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2 Error: (11/25/2014 00:31:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: hr=0x8007267CRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz Percentage of memory in use: 25% Total physical RAM: 4045.56 MB Available physical RAM: 3022.39 MB Total Pagefile: 5453.56 MB Available Pagefile: 4170.41 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:402.72 GB) (Free:388.29 GB) NTFS Drive e: () (Fixed) (Total:528.45 GB) (Free:334.54 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 320EA505) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=402.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=528.5 GB) - (Type=OF Extended) ==================== End Of Log ============================