Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by Morko (17-09-2016 08:55:05)
Running from C:\Users\Morko\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-22 17:02:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2317950726-4075255425-951869584-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2317950726-4075255425-951869584-503 - Limited - Disabled)
Guest (S-1-5-21-2317950726-4075255425-951869584-501 - Limited - Disabled)
Morko (S-1-5-21-2317950726-4075255425-951869584-1001 - Administrator - Enabled) => C:\Users\Morko

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Endpoint Security 10 for Windows (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Endpoint Security 10 for Windows (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Endpoint Security 10 for Windows (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
AES Encryption Module (256 bit) (HKLM-x32\...\{090EAE5F-F428-49D5-9CAF-BEED98A702CA}) (Version: 1.1.0.73 - Kaspersky Lab UK Ltd)
AIDA64 Extreme v5.75 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.75 - FinalWire Ltd.)
Aktualizace NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Anti-Vibrate Oscar Editor (HKLM-x32\...\InstallShield_{5600BE52-805C-4847-93F2-7921116ED0B3}) (Version: 12.08.0005 - A4TECH)
Any Video Converter 5.9.1 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ASUS Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.5000 - ASUS)
ASUS Xonar U3 Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006302}) (Version:   - ASUSTeK Computer Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.4 - BlueJ Team)
Boid (HKLM\...\Steam App 314010) (Version:  - Mokus)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D-Fend Reloaded 1.4.4 (Odinstalovat) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.4 - Alexander Herzog)
Discord (HKU\S-1-5-21-2317950726-4075255425-951869584-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Discord PTB (HKU\S-1-5-21-2317950726-4075255425-951869584-1001\...\DiscordPTB) (Version: 0.0.5 - Hammer & Chisel, Inc.)
EasyUEFI version 2.6 (HKLM\...\EasyUEFI_is1) (Version: 2.6 - The EasyUEFI Development Team.)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grip (HKLM-x32\...\Steam App 396900) (Version:  - Caged Element Inc.)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.0 - HexChat)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Java 8 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
Kaspersky Endpoint Security 10 for Windows (HKLM-x32\...\{7A4192A1-84C4-4E90-A31B-B4847CA8E23A}) (Version: 10.2.4.674 - Kaspersky Lab)
LibreOffice 5.0.4.2 (HKLM-x32\...\{14B5DDCF-61C4-4F1E-A621-844685D60B5A}) (Version: 5.0.4.2 - The Document Foundation)
Logitech Gaming Software 8.87 (HKLM\...\Logitech Gaming Software) (Version: 8.87.116 - Logitech Inc.)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 CSY (HKLM\...\{0A8A841B-29C4-4947-BF59-241216B4D904}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 44.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 44.0.1 (x86 cs)) (Version: 44.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.3.0 - Mozilla)
Mozilla Thunderbird 45.3.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 45.3.0 (x86 cs)) (Version: 45.3.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA GeForce Experience 3.0.5.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.5.22 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.5.22 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.13.2 - OBS Project)
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
OpenVPN 2.3.10-I603  (HKLM\...\OpenVPN) (Version: 2.3.10-I603 - )
Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation)
OSCAR Editor (x32 Version: 12.08.0005 - A4TECH) Hidden
osu! (HKLM-x32\...\{0254a82d-bf16-4afd-8ea5-cb7ca936e1ae}) (Version: latest - ppy Pty Ltd)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.97.306.0 - Overwolf Ltd.)
Ovládací panel NVIDIA 372.70 (Version: 372.70 - NVIDIA Corporation) Hidden
Q-Dir (HKLM\...\Q-Dir) (Version:  - )
Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version:  - Ubisoft)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Reflex (HKLM-x32\...\Steam App 328070) (Version:  - Turbo Pixel Studios)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
SHIELD Streaming (Version: 7.1.0310 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.5.22 - NVIDIA Corporation) Hidden
Soldat 1.7.0 (HKLM-x32\...\Soldat_SBS_2_is1) (Version: 1.7.0 - Michal Marcinkowski)
Soldat PolyWorks 1.5.0.13 (HKLM-x32\...\Soldat PolyWorks) (Version: 1.5.0.13 - Copyright Anna Zajaczkowski)
Soldat verze 1.7.1 (HKLM-x32\...\Soldat_is1) (Version: 1.7.1 - Transhuman Design)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2317950726-4075255425-951869584-1001\...\Spotify) (Version: 1.0.37.150.gad02a02e - Spotify AB)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version:  - Nadeo)
UE4 Prerequisites (x64) (HKLM-x32\...\{9514471f-b41e-41f7-af03-7da1d05b279e}) (Version: 1.0.8.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.8.0 - Epic Games, Inc.) Hidden
Unreal Development Kit: 2015-01 (HKLM\...\UDK-edf65ae1-ae9f-48de-b23d-222d5ea23f9e) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.16 - IDRIX)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.9.0 - Elaborate Bytes)
Vivaldi (HKU\S-1-5-21-2317950726-4075255425-951869584-1001\...\Vivaldi) (Version: 1.4.589.11 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Webshare uploader (HKLM-x32\...\WebshareDLC) (Version:  - Webshare)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Worms Armageddon Patch (HKLM-x32\...\Worms Armageddon Patch) (Version:  - )
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2317950726-4075255425-951869584-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Morko\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DAB77B2-1556-4E56-92CE-3870535933D1} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {1FE54A8D-D324-4D2D-9C3B-5BA0C6F654BF} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-09-07] (Overwolf LTD)
Task: {5D8F0A6C-2DA1-4483-B813-1D2F785EF1A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {6C4AF989-C143-4E8B-8E33-2F42FCC4D918} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-02] (NVIDIA Corporation)
Task: {777F7448-C75B-4D95-95DC-9EF044D644FB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {85805ECE-DE73-47D3-BF45-07112A56DD9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {994B4518-1715-4EFA-AD17-3F075D892C91} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-02] (NVIDIA Corporation)
Task: {ACA252AD-DB2B-4E7D-AD02-2C272C80B58C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-02] (NVIDIA Corporation)
Task: {AECD18B5-75AC-4530-ACBB-975EB73ACF0F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-02] (NVIDIA Corporation)
Task: {D394B1F2-3DED-45DA-8715-39DCDF2D3C91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {D77DE589-B005-445E-86C8-F7AD27FB2F1D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-02] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Morko\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WA.exe.lnk -> D:\Gamez\autoHotkey\WA.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-16 10:08 - 2016-08-25 23:12 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-22 19:45 - 2015-12-22 19:45 - 00936456 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-09-09 12:36 - 2016-09-02 13:13 - 04488640 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-09 12:36 - 2016-09-02 13:13 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-09 12:36 - 2016-09-02 13:13 - 00418240 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-09-14 10:06 - 2016-09-14 10:06 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-14 10:06 - 2016-09-14 10:06 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-07-27 12:31 - 2015-04-22 02:09 - 00059392 _____ () D:\Soft\miranda-im-v0.10.23-x64\Plugins\ShlExt.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-12-30 14:31 - 2012-12-30 14:31 - 00049520 _____ () C:\Program Files\ASUS\Bluetooth Software\btwleapi.dll
2015-12-22 19:10 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 09:55 - 2016-07-13 09:55 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-14 10:06 - 2016-09-14 10:06 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-14 10:06 - 2016-09-14 10:06 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 10:06 - 2016-09-14 10:06 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-14 10:06 - 2016-09-14 10:06 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-27 22:11 - 2016-03-12 14:59 - 01423872 _____ () C:\Program Files\HexChat\cairo.dll
2015-12-27 22:11 - 2016-03-12 14:58 - 00217088 _____ () C:\Program Files\HexChat\libpng16.dll
2015-12-27 22:11 - 2016-03-12 14:58 - 00731136 _____ () C:\Program Files\HexChat\fontconfig.dll
2015-12-27 22:11 - 2016-03-12 14:57 - 00081408 _____ () C:\Program Files\HexChat\zlib1.dll
2015-12-27 22:11 - 2016-03-12 14:57 - 00032256 _____ () C:\Program Files\HexChat\iconv.dll
2015-12-27 22:11 - 2016-03-12 14:58 - 00597504 _____ () C:\Program Files\HexChat\pixman-1.dll
2015-12-27 22:11 - 2016-03-12 14:58 - 01430016 _____ () C:\Program Files\HexChat\libxml2.dll
2015-12-27 22:11 - 2016-03-12 15:00 - 00975872 _____ () C:\Program Files\HexChat\harfbuzz.dll
2016-03-24 23:16 - 2016-03-12 15:00 - 00059904 _____ () C:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs14\engines\libwimp.dll
2016-03-24 23:16 - 2016-03-12 14:59 - 00292864 _____ () C:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll
2016-03-24 23:16 - 2016-03-12 17:01 - 00013312 _____ () C:\Program Files\HexChat\lib\enchant\libenchant_win8.dll
2016-03-24 23:16 - 2016-03-12 17:00 - 00015360 _____ () C:\Program Files\HexChat\plugins\hcchecksum.dll
2016-03-24 23:16 - 2016-03-12 17:00 - 00011776 _____ () C:\Program Files\HexChat\plugins\hcdoat.dll
2016-03-24 23:16 - 2016-03-12 17:00 - 00013312 _____ () C:\Program Files\HexChat\plugins\hcexec.dll
2016-03-24 23:16 - 2016-03-12 17:00 - 00017920 _____ () C:\Program Files\HexChat\plugins\hcfishlim.dll
2016-03-24 23:16 - 2016-03-12 17:01 - 00032768 _____ () C:\Program Files\HexChat\plugins\hcmpcinfo.dll
2016-03-24 23:16 - 2016-03-12 17:00 - 00011776 _____ () C:\Program Files\HexChat\plugins\hcupd.dll
2016-03-24 23:16 - 2016-03-12 17:01 - 00019968 _____ () C:\Program Files\HexChat\plugins\hcsysinfo.dll
2016-03-24 23:16 - 2016-03-12 17:00 - 00039424 _____ () C:\Program Files\HexChat\plugins\hcnotifications-winrt.dll
2016-07-16 09:43 - 2008-07-11 15:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2016-07-16 09:43 - 2008-07-11 15:03 - 00282112 ____N () C:\Windows\System\HsMgr64.exe
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-08-30 02:17 - 2016-08-30 02:17 - 01096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-08-30 02:17 - 2016-08-30 02:17 - 00241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2012-08-17 12:44 - 2012-08-17 12:44 - 03345408 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2015-12-22 19:49 - 2016-09-17 08:45 - 00033064 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-12-22 19:45 - 2015-12-22 19:45 - 00113160 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-11-10 19:50 - 2015-11-10 19:50 - 01309880 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\kpcengine.2.2.dll
2016-08-15 21:53 - 2016-09-02 13:13 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-09 12:36 - 2016-09-02 13:00 - 00500672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-09 12:36 - 2016-09-02 13:00 - 00254400 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-09 12:36 - 2016-09-02 13:00 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-09 12:36 - 2016-09-02 13:00 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-09 12:36 - 2016-09-02 13:00 - 00428480 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-09 12:36 - 2016-09-02 13:00 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-09 12:36 - 2016-09-02 13:00 - 00375352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-09-15 10:55 - 2013-12-23 11:44 - 00143360 ____N () C:\Program Files\ASUS Xonar U3 Audio\customapp\program\Vmix112.dll
2016-09-09 12:36 - 2016-09-02 13:13 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2010-12-02 18:56 - 2010-12-02 18:56 - 00815104 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Data\X7H\Forms\OSD_Text\OSD_Text.dll
2011-01-09 21:45 - 2011-01-09 21:45 - 00088064 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_MouseDeviceManager.dll
2012-06-14 16:59 - 2012-06-14 16:59 - 02414080 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Data\X7H\Forms\ScreenCapture\ScreenCapture.dll
2012-05-17 12:17 - 2012-05-17 12:17 - 01000448 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Data\X7H\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-09-20 15:18 - 2010-09-20 15:18 - 00085504 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_ZoomControl.dll
2010-09-20 15:18 - 2010-09-20 15:18 - 00054272 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_ScrollbarControl.dll
2011-04-12 16:14 - 2011-04-12 16:14 - 00063488 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 21:16 - 2010-11-01 21:16 - 00062976 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2012-04-27 12:40 - 2012-04-27 12:40 - 00118272 _____ () C:\Program Files (x86)\Anti-Vibrate Oscar Editor\DLL\DLL_Wheel4D.dll
2016-08-27 16:50 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Morko\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-27 16:50 - 2016-08-27 16:50 - 01050296 _____ () \\?\C:\Users\Morko\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-27 16:50 - 2016-08-27 16:50 - 03793080 _____ () \\?\C:\Users\Morko\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-27 16:50 - 2016-08-27 16:50 - 00894136 _____ () \\?\C:\Users\Morko\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-27 16:50 - 2016-08-27 16:50 - 01119416 _____ () \\?\C:\Users\Morko\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-27 16:50 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Morko\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-27 16:50 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Morko\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-09-07 12:14 - 2016-09-07 12:14 - 45069312 _____ () C:\Program Files (x86)\Overwolf\0.97.306.0\libcef.DLL
2016-09-17 08:45 - 2016-09-17 08:45 - 00170496 _____ () \\?\C:\Users\Morko\AppData\Local\Temp\8E17.tmp.node
2016-09-02 08:10 - 2016-09-10 08:14 - 02022072 _____ () \\?\C:\Users\Morko\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-09-07 12:14 - 2016-09-07 12:14 - 01643008 _____ () C:\Program Files (x86)\Overwolf\0.97.306.0\libglesv2.dll
2016-09-07 12:14 - 2016-09-07 12:14 - 00074752 _____ () C:\Program Files (x86)\Overwolf\0.97.306.0\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-01-02 21:21 - 2016-01-02 21:23 - 00003522 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 statsfe2.update.microsoft.com.akadns.net 
0.0.0.0 fe2.update.microsoft.com.akadns.net 
0.0.0.0 s0.2mdn.net 
0.0.0.0 survey.watson.microsoft.com 
0.0.0.0 view.atdmt.com 
0.0.0.0 watson.microsoft.com 
0.0.0.0 watson.ppe.telemetry.microsoft.com 
0.0.0.0 vortex.data.microsoft.com 
0.0.0.0 vortex-win.data.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 
0.0.0.0 oca.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 
0.0.0.0 watson.telemetry.microsoft.com 
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 
0.0.0.0 redir.metaservices.microsoft.com 
0.0.0.0 choice.microsoft.com 
0.0.0.0 choice.microsoft.com.nsatc.net 
0.0.0.0 wes.df.telemetry.microsoft.com 
0.0.0.0 services.wes.df.telemetry.microsoft.com 
0.0.0.0 sqm.df.telemetry.microsoft.com 
0.0.0.0 telemetry.microsoft.com 
0.0.0.0 telemetry.appex.bing.net 
0.0.0.0 telemetry.urs.microsoft.com 
0.0.0.0 settings-sandbox.data.microsoft.com 
0.0.0.0 watson.live.com 
0.0.0.0 statsfe2.ws.microsoft.com 
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 
0.0.0.0 compatexchange.cloudapp.net 

There are 41 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2317950726-4075255425-951869584-1001\Control Panel\Desktop\\Wallpaper -> D:\Downloads\sound_wave-wallpaper-1920x1080.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PAExec => 3
MSCONFIG\Services: rpcapd => 3
HKU\S-1-5-21-2317950726-4075255425-951869584-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2317950726-4075255425-951869584-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2317950726-4075255425-951869584-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{30E5B882-599E-47C7-9A0E-750D10908DA0}] => (Allow) D:\Gamez\Steam\Steam.exe
FirewallRules: [{61C80609-7C5E-459A-BC21-69BD5D922D7B}] => (Allow) D:\Gamez\Steam\Steam.exe
FirewallRules: [{AE193A16-A573-45EB-8BE3-1193F63E96EE}] => (Allow) D:\Gamez\Steam\bin\steamwebhelper.exe
FirewallRules: [{FF586B77-0E19-4866-A522-AAC10ECF0C8B}] => (Allow) D:\Gamez\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{BDDD138B-3F52-4919-9F07-5583EDDF05FE}C:\users\morko\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\morko\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{CDD1E98D-3747-4AE9-8970-1FEB8DC7AB28}C:\users\morko\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\morko\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B8FD45CF-D9D1-42FD-A969-0F2C1803D53F}] => (Allow) D:\Gamez\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{0D96F6AC-8867-4C30-944D-68A2191C63AE}] => (Allow) D:\Gamez\Steam\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{F3A5FA6A-CC18-4934-94B2-B202F84E4E16}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{AFD4B18F-4C46-4EB9-83D3-D2D35EA5ACE4}] => (Allow) D:\Gamez\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{98CB7DAD-6316-4D24-90A9-22A4F63C1F7B}] => (Allow) D:\Gamez\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{95065E9E-280B-4AA1-9773-59C33B043F98}] => (Allow) D:\Gamez\Steam\steamapps\common\reflexfps\reflex.exe
FirewallRules: [{3859B7C7-F6E3-4CFE-B102-CD2BA5189F70}] => (Allow) D:\Gamez\Steam\steamapps\common\reflexfps\reflex.exe
FirewallRules: [{27C8CD6E-BE07-489E-8677-2BBADF3E5783}] => (Allow) D:\Gamez\Steam\steamapps\common\Grip\Grip\Binaries\Win64\Grip-Win64-Shipping.exe
FirewallRules: [{121A07FE-5C3D-4667-8B9E-FBC1809A1330}] => (Allow) D:\Gamez\Steam\steamapps\common\Grip\Grip\Binaries\Win64\Grip-Win64-Shipping.exe
FirewallRules: [{90CE7737-5BF7-40D1-A341-2DEB6D4F6DE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AFC8CFD1-D119-4FFD-87E8-CEED2A5CE37C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7D476443-80A1-40C1-BEBC-444B6CDB92B9}D:\gamez\soldat 1.7.0\soldat.exe] => (Block) D:\gamez\soldat 1.7.0\soldat.exe
FirewallRules: [UDP Query User{1C2316DD-EFC5-4E44-BF25-41DE27B4E170}D:\gamez\soldat 1.7.0\soldat.exe] => (Block) D:\gamez\soldat 1.7.0\soldat.exe
FirewallRules: [{C9222D8A-17B9-4590-8BE3-9077FEEE786D}] => (Allow) D:\Gamez\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{400713D7-57A6-484D-803A-3782E631FE39}] => (Allow) D:\Gamez\Steam\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [TCP Query User{087B5339-90B6-46FB-803A-9D0A2E19F1F4}D:\soft\miranda-im-v0.10.23-x64\miranda64.exe] => (Allow) D:\soft\miranda-im-v0.10.23-x64\miranda64.exe
FirewallRules: [UDP Query User{43CD2AF2-236C-44FA-8D7B-7D25BDC3A533}D:\soft\miranda-im-v0.10.23-x64\miranda64.exe] => (Allow) D:\soft\miranda-im-v0.10.23-x64\miranda64.exe
FirewallRules: [TCP Query User{42EF49DC-141D-4C94-8A9D-047119BC03AA}D:\gamez\steam\steamapps\common\worms armageddon\wa.exe] => (Allow) D:\gamez\steam\steamapps\common\worms armageddon\wa.exe
FirewallRules: [UDP Query User{C0845F8B-03C7-4745-B71C-FDFA6F3B5866}D:\gamez\steam\steamapps\common\worms armageddon\wa.exe] => (Allow) D:\gamez\steam\steamapps\common\worms armageddon\wa.exe
FirewallRules: [{65E83E17-F4F4-4632-A04C-4707C9EA5F48}] => (Allow) D:\Gamez\Steam\steamapps\common\Boid\Boid.exe
FirewallRules: [{439FF282-442B-4819-9B0C-F984CD61C819}] => (Allow) D:\Gamez\Steam\steamapps\common\Boid\Boid.exe
FirewallRules: [{46CEF4F3-1BCD-4CE1-B946-6EE711B38997}] => (Allow) D:\Gamez\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{6F754784-70D0-40B2-AA59-E89F889BE4DA}] => (Allow) D:\Gamez\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{3EA3495D-4750-4873-82DA-5AA245FA265F}] => (Allow) D:\Gamez\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{5DBE2217-8D43-44CA-9267-7C9B37714932}] => (Allow) D:\Gamez\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{E0D5B157-C855-482F-BF1A-960EC4EED836}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E736A0EF-C8FF-433E-998A-EA6BC4CAB0B8}] => (Allow) D:\Soft\Vivaldi\Application\vivaldi.exe
FirewallRules: [{C25AFCFB-F60E-46FF-AFCC-F57B1E184EC3}] => (Allow) C:\UDK\Custom\Binaries\Win32\UDK.exe
FirewallRules: [{287581AC-8FA2-432F-80A8-AB2DDF32DDAC}] => (Allow) C:\UDK\Custom\Binaries\Win32\UDK.exe
FirewallRules: [{1EB3F480-AFC7-4122-AA52-92C26A4052A9}] => (Allow) C:\UDK\Custom\Binaries\Win64\UDK.exe
FirewallRules: [{291E9837-39CF-41F0-83F2-78769A4FB2D0}] => (Allow) C:\UDK\Custom\Binaries\Win64\UDK.exe
FirewallRules: [{285DB7F1-13DF-4CF5-9ED5-6FBA1C2CABE0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{2C07840C-BE34-453B-BD4F-F1C73CD0C43A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{CDFBD176-489D-4D75-94E9-0B3F8894DF9C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E1187771-F6F5-42D4-9922-6880404D8B8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C459FCAF-0550-4F57-995F-E6D2C39B1131}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{040BB85D-7A19-4326-9599-3F3BF47CAA19}C:\soldat\soldat.exe] => (Allow) C:\soldat\soldat.exe
FirewallRules: [UDP Query User{842F31B3-C766-436F-BD00-3E5E58A9CAAB}C:\soldat\soldat.exe] => (Allow) C:\soldat\soldat.exe
FirewallRules: [TCP Query User{EDCAD970-2652-4C82-B5B9-900A0AFB818C}D:\gamez\soldat\soldat.exe] => (Allow) D:\gamez\soldat\soldat.exe
FirewallRules: [UDP Query User{4377E0E5-E39C-427E-B12D-FED72686CDFF}D:\gamez\soldat\soldat.exe] => (Allow) D:\gamez\soldat\soldat.exe
FirewallRules: [{4C4DC58B-92EC-4C05-8AAA-921E433CA2F8}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\gu.exe
FirewallRules: [{0909ED1F-433A-460B-9E45-17B5A0E549B5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\gu.exe
FirewallRules: [{4DBE3202-D5DB-4D3F-B88D-157891C55018}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\Rayman Origins.exe
FirewallRules: [{BA93F4CB-3FF8-474A-968A-F8AE309E0581}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\Rayman Origins.exe
FirewallRules: [TCP Query User{B02B8328-6EC9-4BA1-AC80-863B0F4C85F6}D:\downloads\soldatservertest\soldatserver.exe] => (Allow) D:\downloads\soldatservertest\soldatserver.exe
FirewallRules: [UDP Query User{1A759435-A65E-4BCC-B4F8-B82B9A93823B}D:\downloads\soldatservertest\soldatserver.exe] => (Allow) D:\downloads\soldatservertest\soldatserver.exe
FirewallRules: [{8D7CCC86-99BF-4455-BAD6-A3C95178D389}] => (Allow) D:\Gamez\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{82C2162E-AD70-43C0-B86F-28C7FAB224EC}] => (Allow) D:\Gamez\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{1BD45B18-9604-48ED-AB04-1C8AC250E744}] => (Allow) D:\Gamez\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{73155E3B-6E19-470D-B4BF-26CDEFBBB34C}] => (Allow) D:\Gamez\The Crew (Worldwide)\TheCrew.exe

==================== Restore Points =========================

01-09-2016 21:15:59 Windows Update
13-09-2016 11:14:58 Installed Oracle VM VirtualBox 5.1.6
15-09-2016 09:44:36 Removed ASUS Xonar U3 Audio
16-09-2016 09:54:27 Removed PhoenixSuit

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2016 08:45:36 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu WmiApRpl v knihovně DLL C:\Windows\system32\wbem\wmiaprpl.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/17/2016 08:45:36 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/17/2016 08:45:36 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu MSDTC v knihovně DLL C:\Windows\system32\msdtcuiu.DLL se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/17/2016 08:45:36 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu Lsa v knihovně DLL C:\Windows\System32\Secur32.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/17/2016 08:45:36 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu ESENT v knihovně DLL C:\Windows\system32\esentprf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/16/2016 09:20:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu WmiApRpl v knihovně DLL C:\Windows\system32\wbem\wmiaprpl.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/16/2016 09:20:31 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/16/2016 09:20:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu MSDTC v knihovně DLL C:\Windows\system32\msdtcuiu.DLL se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/16/2016 09:20:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu Lsa v knihovně DLL C:\Windows\System32\Secur32.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (09/16/2016 09:20:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu ESENT v knihovně DLL C:\Windows\system32\esentprf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.


System errors:
=============
Error: (09/17/2016 08:45:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HuaweiHiSuiteService64.exe neuspěla při spuštění v důsledku následující chyby: 
Systém nemůže nalézt uvedený soubor.

Error: (09/17/2016 08:45:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba avpsus neuspěla při spuštění v důsledku následující chyby: 
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (09/17/2016 08:45:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby avpsus bylo dosaženo časového limitu (30000 ms).

Error: (09/16/2016 09:42:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_83420 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (09/16/2016 09:42:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_83420 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (09/16/2016 09:42:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_83420 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (09/16/2016 09:42:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_83420 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (09/16/2016 09:20:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HuaweiHiSuiteService64.exe neuspěla při spuštění v důsledku následující chyby: 
Systém nemůže nalézt uvedený soubor.

Error: (09/16/2016 09:20:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba avpsus neuspěla při spuštění v důsledku následující chyby: 
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (09/16/2016 09:20:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby avpsus bylo dosaženo časového limitu (30000 ms).


CodeIntegrity:
===================================
  Date: 2016-09-16 07:07:34.641
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\$RECYCLE.BIN\S-1-5-21-4062113069-4117900418-385688541-1000\$RCF141I\PE3_mod\WIN7_add\amd64\Windows\SysWOW64\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-16 07:07:34.631
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\$RECYCLE.BIN\S-1-5-21-4062113069-4117900418-385688541-1000\$RCF141I\PE3_mod\WIN7_add\amd64\Windows\SysWOW64\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-16 07:07:34.622
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\$RECYCLE.BIN\S-1-5-21-4062113069-4117900418-385688541-1000\$RCF141I\PE3_mod\WIN7_add\amd64\Windows\SysWOW64\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-16 07:07:34.611
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\$RECYCLE.BIN\S-1-5-21-4062113069-4117900418-385688541-1000\$RCF141I\PE3_mod\WIN7_add\amd64\Windows\SysWOW64\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-16 07:07:34.601
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\$RECYCLE.BIN\S-1-5-21-4062113069-4117900418-385688541-1000\$RCF141I\PE3_mod\WIN7_add\amd64\Windows\SysWOW64\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-16 07:07:34.591
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\$RECYCLE.BIN\S-1-5-21-4062113069-4117900418-385688541-1000\$RCF141I\PE3_mod\WIN7_add\amd64\Windows\SysWOW64\userenv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-16 07:07:33.514
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\$RECYCLE.BIN\S-1-5-21-4062113069-4117900418-385688541-1000\$RCF141I\PE3_mod\WIN7_add\amd64\Windows\SysWOW64\RpcRtRemote.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-16 07:07:33.504
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\$RECYCLE.BIN\S-1-5-21-4062113069-4117900418-385688541-1000\$RCF141I\PE3_mod\WIN7_add\amd64\Windows\SysWOW64\RpcRtRemote.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-16 07:07:33.495
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\$RECYCLE.BIN\S-1-5-21-4062113069-4117900418-385688541-1000\$RCF141I\PE3_mod\WIN7_add\amd64\Windows\SysWOW64\RpcRtRemote.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-16 07:07:33.485
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\$RECYCLE.BIN\S-1-5-21-4062113069-4117900418-385688541-1000\$RCF141I\PE3_mod\WIN7_add\amd64\Windows\SysWOW64\RpcRtRemote.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 15%
Total physical RAM: 16326.85 MB
Available physical RAM: 13858.96 MB
Total Virtual: 18758.85 MB
Available Virtual: 16337.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:138.01 GB) (Free:67.15 GB) NTFS
Drive d: (Data) (Fixed) (Total:833.01 GB) (Free:358.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 0F13CE26)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C1424E92)
Partition 1: (Not Active) - (Size=833 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98.5 GB) - (Type=83)

==================== End of Addition.txt ============================