﻿Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
Ran by xxx (2015-10-18 18:16:47)
Running from C:\Users\xxx\Desktop
Microsoft Windows 8 (X86) (2015-05-24 08:44:58)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4029872173-2247020367-3164084679-500 - Administrator - Disabled)
Guest (S-1-5-21-4029872173-2247020367-3164084679-501 - Limited - Disabled)
xxx (S-1-5-21-4029872173-2247020367-3164084679-1001 - Administrator - Enabled) => C:\Users\xxx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-041B-0000-0000000FF1CE}_ENTERPRISE_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version:  - Microsoft)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Counter-Strike 1.6 Standalone (HKLM\...\Counter-Strike 1.6 Standalone) (Version: 1.00 - www.cservers.cz)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Google Update Helper (Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.250 - SurfRight B.V.)
Malwarebytes Anti-Malware verzia 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metric Collection SDK 35 (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 23.015.11.01.85 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 40.0.3 (x86 sk) (HKLM\...\Mozilla Firefox 40.0.3 (x86 sk)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.18.0 - Synaptics)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.0 beta 20 - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-4029872173-2247020367-3164084679-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-10-2015 01:21:32 Removed Steam

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-08 17:33 - 2015-10-17 15:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02272354-B54C-45C3-9651-5FAF8645C0EA} - System32\Tasks\461A9904-F6F2-4549-B67B-AAA44BD21C2 => C:\Users\xxx\AppData\Local\461A9904-F6F2-4549-B67B-AAA44BD21C2\461A9904-F6F2-4549-B67B-AAA44BD21C2.exe <==== ATTENTION
Task: {052E5B19-831A-45BE-BA6C-5CA2A4578987} - System32\Tasks\psv_nvxol2o4 => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\vzwjmu0s.wbu.reg" &amp; del "C:\ProgramData\ExtTag\vzwjmu0s.wbu.reg" &amp; SCHTASKS /Delete /TN "psv_nvxol2o4" /F
Task: {1E65A62E-8090-475A-B615-D33A4C671378} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {284E4D0F-08BD-4427-8FA1-2F08ABE8736C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-18] (AVAST Software)
Task: {36B1B1B9-86DD-41E4-9AAC-72C9FE4B07E8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-23] (Adobe Systems Incorporated)
Task: {4B7B8CA4-694A-4842-B4F5-FCDBCB9B5C52} - System32\Tasks\psv_my0faj4c => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\xtffqtum.cew.reg" &amp; del "C:\ProgramData\ExtTag\xtffqtum.cew.reg" &amp; SCHTASKS /Delete /TN "psv_my0faj4c" /F
Task: {5B3D469D-F51C-441F-9016-62BE312065C6} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-4029872173-2247020367-3164084679-1001
Task: {9A1AA76F-4EA8-4910-B3B9-0F12D59AC6EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {AE55813E-1B97-48D5-AA80-A5AA505C8427} - System32\Tasks\Opera scheduled Autoupdate 1442654989 => C:\Program Files\Opera\launcher.exe
Task: {B8CE3653-CD89-4136-8CDF-95C14505C67E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {E6E33488-6870-40C7-91A4-F02810A31BD7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {F822FB23-4506-4E2E-BD7B-CDC61036C47B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-23 17:14 - 2015-09-23 17:14 - 17592008 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4029872173-2247020367-3164084679-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4029872173-2247020367-3164084679-1001\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4029872173-2247020367-3164084679-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\xxx\Desktop\images.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4029872173-2247020367-3164084679-1001\...\StartupApproved\StartupFolder: => "Orezávač obrazovky a spúšťač programu OneNote 2007.lnk"
HKU\S-1-5-21-4029872173-2247020367-3164084679-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4029872173-2247020367-3164084679-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4029872173-2247020367-3164084679-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1093558766699AC3050935CD68D045DF"
HKU\S-1-5-21-4029872173-2247020367-3164084679-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E76285F8-A9E4-48BE-8D4F-C2FF709AC60E}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{2285F64A-BE6B-425A-B2C3-55636B1441A7}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{EFBE43D8-BD3D-4D44-8C0A-72B0E12032BA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B1D091D8-8B97-4B16-BE96-18F2CF199022}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5B4FA798-7B29-4DCF-AF72-5B067CE6EF67}C:\games\return to castle wolfenstein\wolfmp.exe] => (Allow) C:\games\return to castle wolfenstein\wolfmp.exe
FirewallRules: [UDP Query User{29FAA9CF-8914-45A7-8647-FE149877FF4F}C:\games\return to castle wolfenstein\wolfmp.exe] => (Allow) C:\games\return to castle wolfenstein\wolfmp.exe
FirewallRules: [{1C273867-1ECE-4322-A633-FE5F505D27DD}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{D0C7C822-F500-4177-AE7D-DEDB42B3D926}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{ED24FBAA-EE78-4908-9EFD-79533790975A}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{BF474D7F-5360-4511-82D3-7EFAB1AE218F}] => (Allow) C:\Program Files\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{8CAD938B-CDC3-4E53-8D85-C348764378F7}] => (Allow) C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe
FirewallRules: [{4E0318A3-94BA-4960-B7EA-E4AF5712BD5B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Memory Controller
Description: PCI Memory Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2015 01:23:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Konfigurácia databázy Registry je poškodená.

Error: (10/18/2015 01:23:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 DETAIL - Konfigurácia databázy Registry je poškodená.
 for C:\Users\xxx\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (10/18/2015 01:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Konfigurácia databázy Registry je poškodená.

Error: (10/18/2015 01:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 DETAIL - Konfigurácia databázy Registry je poškodená.
 for C:\Users\xxx\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (10/18/2015 01:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Konfigurácia databázy Registry je poškodená.

Error: (10/18/2015 01:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 DETAIL - Konfigurácia databázy Registry je poškodená.
 for C:\Users\xxx\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (10/18/2015 01:20:37 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Konfigurácia databázy Registry je poškodená.

Error: (10/18/2015 01:20:37 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 DETAIL - Konfigurácia databázy Registry je poškodená.
 for C:\Users\xxx\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (10/18/2015 01:20:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Konfigurácia databázy Registry je poškodená.

Error: (10/18/2015 01:20:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 

 DETAIL - Konfigurácia databázy Registry je poškodená.
 for C:\Users\xxx\AppData\Local\Microsoft\Windows\\UsrClass.dat


System errors:
=============
Error: (10/18/2015 06:16:48 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/18/2015 06:15:44 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/18/2015 06:14:41 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/18/2015 06:14:02 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/18/2015 06:14:02 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/18/2015 06:13:57 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/18/2015 06:13:30 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/18/2015 06:13:09 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/18/2015 06:13:05 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/18/2015 06:13:03 PM) (Source: DCOM) (EventID: 10005) (User: PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================
  Date: 2015-10-18 13:22:28.149
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-10-18 13:18:41.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-10-18 12:59:13.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-10-18 12:00:18.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-10-18 11:49:41.708
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-10-18 11:45:38.977
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-10-18 11:40:26.015
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-10-18 11:15:29.254
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-10-18 01:58:23.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.

  Date: 2015-10-18 01:55:59.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 39%
Total physical RAM: 2046.41 MB
Available physical RAM: 1245.62 MB
Total Virtual: 3774.41 MB
Available Virtual: 3020.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:185.97 GB) (Free:161.86 GB) NTFS
Drive d: (My Passport) (Fixed) (Total:298.06 GB) (Free:150.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: FFEF27C1)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=186 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00028ACA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================