Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01 Ran by kolorowyguzik at 2015-02-19 14:55:52 Running from D:\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2650568852-3568152472-2104119892-1001\...\uTorrent) (Version: 3.4.2.38758 - BitTorrent Inc.) Adobe Reader XI (11.0.10) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation) K-Lite Codec Pack 10.9.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - ) KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - ) Malwarebytes Anti-Malware wersja 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NVIDIA Graphics Driver 327.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.65 - NVIDIA Corporation) Oracle VM VirtualBox 4.3.22 (HKLM\...\{F053F74A-A631-4CFA-A271-6D0747599BC9}) (Version: 4.3.22 - Oracle Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-2650568852-3568152472-2104119892-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {18473C8A-C47B-4DFB-87FA-36755435C4E6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {1EF1D309-5B85-4034-9C17-7F318828CBE7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {20EA9233-38B9-4151-BBF0-797756578104} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {3A84684C-8E03-4A70-BDAB-CB1DDDAE1F8F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated) Task: {4717129C-37B6-4CCF-9773-A631C8EF6BB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-16] (Google Inc.) Task: {C23A9123-AEC3-4FE7-921A-8C5D00FF303E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-29] (Microsoft Corporation) Task: {E8A0A66D-021C-4009-A7AC-7FBD009374C7} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] () Task: {FE2F91C5-4E40-4642-A1FE-CC86D5B4FE08} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-16] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-12-23 12:33 - 2013-12-23 12:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-11-04 19:22 - 2013-11-04 19:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-02-16 20:00 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-16 20:00 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-16 20:00 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll 2015-02-16 20:00 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2650568852-3568152472-2104119892-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2650568852-3568152472-2104119892-500 - Administrator - Disabled) Guest (S-1-5-21-2650568852-3568152472-2104119892-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2650568852-3568152472-2104119892-1004 - Limited - Enabled) kolorowyguzik (S-1-5-21-2650568852-3568152472-2104119892-1001 - Administrator - Enabled) => C:\Users\kolorowyguzik UpdatusUser (S-1-5-21-2650568852-3568152472-2104119892-1002 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/19/2015 02:41:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x00007ff8901c0565 Faulting process id: 0x758 Faulting application start time: 0xService_KMS.exe0 Faulting application path: Service_KMS.exe1 Faulting module path: Service_KMS.exe2 Report Id: Service_KMS.exe3 Faulting package full name: Service_KMS.exe4 Faulting package-relative application ID: Service_KMS.exe5 Error: (02/19/2015 00:04:08 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: angelika) Description: There was an error communicating to the Orion inference server Error: (02/19/2015 00:04:08 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY) Description: There was an error communicating to the Orion inference server Error: (02/19/2015 11:59:16 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: angelika) Description: There was an error communicating to the Orion inference server Error: (02/19/2015 11:59:16 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY) Description: There was an error communicating to the Orion inference server Error: (02/19/2015 09:44:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x00000000 Fault offset: 0x00007ffc600a1d65 Faulting process id: 0x818 Faulting application start time: 0xService_KMS.exe0 Faulting application path: Service_KMS.exe1 Faulting module path: Service_KMS.exe2 Report Id: Service_KMS.exe3 Faulting package full name: Service_KMS.exe4 Faulting package-relative application ID: Service_KMS.exe5 Error: (02/19/2015 07:03:24 AM) (Source: ESENT) (EventID: 454) (User: ) Description: services (680) Database recovery/restore failed with unexpected error -551. Error: (02/19/2015 07:03:24 AM) (Source: ESENT) (EventID: 517) (User: ) Description: services (680) Database recovery failed with error -551 because it encountered references to a database, 'C:\WINDOWS\Security\Database\secedit.sdb', which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (02/19/2015 06:18:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (02/19/2015 00:17:59 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (1284) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00006.log. System errors: ============= Error: (02/19/2015 02:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). Error: (02/19/2015 02:39:00 PM) (Source: DCOM) (EventID: 10010) (User: angelika) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (02/19/2015 02:39:00 PM) (Source: DCOM) (EventID: 10010) (User: angelika) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (02/19/2015 11:00:10 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (02/19/2015 09:44:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s). Error: (02/19/2015 09:41:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1069 Error: (02/19/2015 09:41:42 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (02/19/2015 09:41:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/19/2015 09:41:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s). Error: (02/19/2015 09:41:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (02/19/2015 02:41:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff8901c056575801d04c49977eca06C:\Program Files\KMSpico\Service_KMS.exeunknownf65a30c3-b83c-11e4-8252-48d224292358 Error: (02/19/2015 00:04:08 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: angelika) Description: -2143485936 Error: (02/19/2015 00:04:08 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY) Description: -2143485936 Error: (02/19/2015 11:59:16 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: angelika) Description: -2143485936 Error: (02/19/2015 11:59:16 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY) Description: -2143485936 Error: (02/19/2015 09:44:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffc600a1d6581801d04c201503db59C:\Program Files\KMSpico\Service_KMS.exeunknown73b645cd-b813-11e4-8251-48d224292358 Error: (02/19/2015 07:03:24 AM) (Source: ESENT) (EventID: 454) (User: ) Description: services680-551 Error: (02/19/2015 07:03:24 AM) (Source: ESENT) (EventID: 517) (User: ) Description: services680-551C:\WINDOWS\Security\Database\secedit.sdb Error: (02/19/2015 06:18:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (02/19/2015 00:17:59 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost1284SRUJet: C:\Windows\system32\SRU\SRU00006.log-1811 (0xfffff8ed) ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz Percentage of memory in use: 32% Total physical RAM: 8067.35 MB Available physical RAM: 5474.38 MB Total Pagefile: 9987.35 MB Available Pagefile: 6711.6 MB Total Virtual: 131072 MB Available Virtual: 131071.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:292.63 GB) (Free:263.64 GB) NTFS Drive d: () (Fixed) (Total:405.67 GB) (Free:314.37 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0000B59B) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=292.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=405.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================