Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Ondra (13-11-2016 23:09:54)
Running from C:\Users\Ondra\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-06 13:24:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-261391004-168925671-1144472204-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-261391004-168925671-1144472204-503 - Limited - Disabled)
Guest (S-1-5-21-261391004-168925671-1144472204-501 - Limited - Disabled)
Ondra (S-1-5-21-261391004-168925671-1144472204-1001 - Administrator - Enabled) => C:\Users\Ondra

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Andy OS (HKLM\...\Andy OS) (Version: 46.14 - Andy OS, Inc)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.2.5.1125 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version:  - Codemasters Racing Studio)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Gila Gaming Mouse (HKLM-x32\...\{FB3A54A3-F867-456E-971F-712CC13DC830}}_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movavi Video Editor 12 (HKLM-x32\...\Movavi Video Editor 12) (Version: 12.0.1 - Movavi)
Mozilla Firefox 49.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 cs)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16084.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.4.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.)
VMware Player (HKLM\...\{BC00AC33-2B00-443D-8FC2-3656D94AEA0A}) (Version: 12.5.0 - VMware, Inc.)
VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.15.4.00000 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Filmora(Build 7.3.2) (HKLM-x32\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-261391004-168925671-1144472204-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-261391004-168925671-1144472204-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04040476-EDA8-456A-B5DA-A40A5ABCFA5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {6A002D3A-5EDF-4117-94BA-9B7042E5D82F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
Task: {709CC87E-9D2C-48B9-9BE2-5F9A3929EFF3} - System32\Tasks\Shut down => C:\Windows\System32\shutdown.exe [2016-07-16] (Microsoft Corporation)
Task: {AB48C02C-0CC0-4D84-A45D-B9CDF293DF1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
Task: {C97A2007-E605-46B4-BE8B-15AF594EFCE1} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Ondra) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Ondra).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-12 11:24 - 2016-10-01 22:11 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-06-12 11:24 - 2016-10-01 22:11 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-12 11:24 - 2016-10-01 22:11 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-12 11:24 - 2016-10-01 22:11 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-06-12 11:24 - 2016-10-01 22:11 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-12 11:24 - 2016-10-01 22:11 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-12 11:24 - 2016-10-01 22:11 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-06-12 11:24 - 2016-10-01 22:11 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-07 12:53 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-06 14:08 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-07 12:53 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-07 12:53 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-06 14:30 - 2016-10-06 14:30 - 01864384 _____ () C:\Users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-10-06 16:41 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-08 23:18 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-08 23:17 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 23:17 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 23:17 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 23:17 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 23:17 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-01 19:15 - 2016-06-01 19:15 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-11-05 15:40 - 2016-11-05 15:40 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-05 15:40 - 2016-11-05 15:40 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-05 15:40 - 2016-11-05 15:40 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-06-12 11:24 - 2016-10-01 22:11 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-12 11:24 - 2016-10-01 22:11 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-06-12 11:24 - 2016-10-01 22:11 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-06 14:30 - 2016-10-06 14:30 - 01383616 _____ () C:\Users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-10-06 14:30 - 2016-10-06 14:30 - 00118976 _____ () C:\Users\Ondra\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-06-10 21:57 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-06-10 21:57 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-06-10 21:57 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-06-10 21:57 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-06-10 21:57 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-06-10 21:57 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-06-10 21:57 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-06-10 21:57 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-06-10 21:57 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-06-10 21:57 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-06-10 21:57 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-06-10 21:57 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-10 19:54 - 2016-06-20 13:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-10-10 19:54 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-10-17 18:22 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-261391004-168925671-1144472204-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ondra\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{31128731-3c67-45f8-b514-f26837a6d2b1}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{129E5CC9-ECF4-4930-A2F3-101CBA2D2EEC}] => (Allow) E:\SteamLibrary\steamapps\common\FEAR Ultimate Shooter Edition\FEAR.exe
FirewallRules: [{E70635C5-AC0E-4D60-AEDC-285193ECE8C4}] => (Allow) E:\SteamLibrary\steamapps\common\FEAR Ultimate Shooter Edition\FEAR.exe
FirewallRules: [{E59065DE-8D9C-428C-847F-92B61C693BE5}] => (Allow) E:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{7E60592B-21AA-44CC-B7FC-13A017E712DF}] => (Allow) E:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{76FB17E8-F639-4F07-9E6B-87DED5E6307A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{ED76660D-5C0A-4D34-AD68-859359367824}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F685FC91-F5E1-42ED-A496-5950C3C2E0A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAB1789D-8DDD-4548-936F-7B7D79C78BEE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D10ABC4C-91C4-4AC1-85A4-5349CDA299A9}E:\steamlibrary\steamapps\common\left 4 dead\left4dead.exe] => (Allow) E:\steamlibrary\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [TCP Query User{6CA9C596-E4D0-4134-BB82-9300206F98A5}E:\steamlibrary\steamapps\common\left 4 dead\left4dead.exe] => (Allow) E:\steamlibrary\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{A296C147-8374-45C2-A009-EB5D2A748D23}] => (Block) E:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{784DFF1E-9634-4803-9C19-CD34C846AAC1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{69204A8E-23E4-4974-8521-863A1B5F37EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC841CC8-334B-412E-8074-D9814AF9E153}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{38035A6D-F414-45FC-8358-C672160843A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9E50A216-42CB-4875-817D-AF58E43F90A1}] => (Allow) E:\SteamLibrary\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{430FEEAA-BDFF-49F5-B9EE-5588C57DF1E0}] => (Allow) E:\SteamLibrary\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{F3C29CB4-2CA9-40CC-AF35-E00AAACBAE2B}] => (Allow) E:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{FB5E5084-F62A-40B8-A330-4A453D4D7140}] => (Allow) E:\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{708B0D9D-C13E-4F11-9DF5-8A9D93314784}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D4B60AA4-E688-42D6-B27A-87D54DE98ED1}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{01022121-AD80-420C-8CB4-833BEDDA147C}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{15C3E16A-D715-4BAB-89C8-63AFE33EBBF9}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{30EFB1A9-B243-4BB6-8FA6-70CC526EFA5E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{39B80CC4-5D59-414C-81C6-21E32E768048}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{022FB7AA-C0FF-449F-B299-49B898895275}E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0F1BFA82-C8F7-49A9-88E6-B89C836A2759}E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{9F56E6DE-87A3-4DCA-AE43-0E286FDE13D0}] => (Allow) E:\SteamLibrary\steamapps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{4D9CE02B-4552-4539-A328-027B9CCF39B7}] => (Allow) E:\SteamLibrary\steamapps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{7AFF6665-330A-4BF8-84EF-FF82AE6E219A}] => (Allow) E:\SteamLibrary\steamapps\common\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{0E6687E5-83F9-4ADC-A37A-C288478DF646}] => (Allow) E:\SteamLibrary\steamapps\common\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [TCP Query User{216C9EBA-53AA-4BAC-AC62-DFC02759DB2B}E:\steamlibrary\steamapps\common\portal 2\portal2.exe] => (Allow) E:\steamlibrary\steamapps\common\portal 2\portal2.exe
FirewallRules: [UDP Query User{C2FE9488-6B1D-4C38-9714-C882F8284404}E:\steamlibrary\steamapps\common\portal 2\portal2.exe] => (Allow) E:\steamlibrary\steamapps\common\portal 2\portal2.exe
FirewallRules: [TCP Query User{3D5B4CDC-2446-4C48-96B9-17F230DE30D0}E:\steamlibrary\steamapps\common\half-life\hl.exe] => (Allow) E:\steamlibrary\steamapps\common\half-life\hl.exe
FirewallRules: [UDP Query User{71D23E6B-888F-4C44-B1F2-0639A20A3600}E:\steamlibrary\steamapps\common\half-life\hl.exe] => (Allow) E:\steamlibrary\steamapps\common\half-life\hl.exe
FirewallRules: [{133837F1-39DB-46A1-B595-1842F4244B44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CEB3D606-BE0B-4D5B-804A-AC133CA9177D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{ABDBC3F7-7CB1-4C53-8BA3-D89389AC143E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3A14FB0C-CE34-4691-BB7F-9647E3F1F3A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E4AEFA78-3E6F-46DF-A8DF-D10F0BC6C9BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{2FC0291A-868B-4C6F-B358-2B6555FFBF23}E:\steamlibrary\steamapps\common\counter-strike source\hl2.exe] => (Allow) E:\steamlibrary\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{62AA7153-5954-4309-A491-53C3B6C55258}E:\steamlibrary\steamapps\common\counter-strike source\hl2.exe] => (Allow) E:\steamlibrary\steamapps\common\counter-strike source\hl2.exe
FirewallRules: [{20740AAA-4C26-47EA-A1A6-587A9014F624}] => (Allow) E:\SteamLibrary\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{85E762B5-A65A-4543-B89C-12DC8F2B21BB}] => (Allow) E:\SteamLibrary\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{DDBC1B2F-D0F2-49F6-B8B0-5D5A45FF7646}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E295BD3B-A8A0-4FE8-B2CF-EC7F20C09172}] => (Allow) E:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{69C38FB6-1C52-4A2A-AD0F-FA1F88881112}] => (Allow) E:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{880F040D-904A-4283-9C03-3C019199475E}] => (Allow) E:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3543FDD1-EB9C-4EBA-BFED-8801F303A125}] => (Allow) E:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{AEBB7F16-E38D-4A0C-8740-F2C34BF8EF6D}] => (Allow) E:\SteamLibrary\steamapps\common\Showerdad\SHOWERDAD.exe
FirewallRules: [{5BEBCE04-05EF-466A-A7A3-96FC803917BA}] => (Allow) E:\SteamLibrary\steamapps\common\Showerdad\SHOWERDAD.exe
FirewallRules: [TCP Query User{D5162244-EEDF-4AA5-92DB-88509DCCBDA3}C:\users\ondra\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ondra\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D90B5C00-B20E-4869-AFD5-6ED3CAD11A03}C:\users\ondra\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ondra\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{8FEDA245-E314-48D7-887A-84AE6A46F09A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{D8C6366A-6107-403F-AE2E-337550768F8E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{6AD462E1-21FD-42A5-8B56-E8A6E3BFA0FC}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{A885451C-D49B-4E42-B37D-7212A9E1DAC3}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{51FE5896-EB4B-4326-98BD-1DB5DD7C0A7D}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{12C38C70-0BED-46DF-8C34-1EF9114C5E09}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{1FC0A1EB-4B74-4F24-B0E8-2023F7BD3D3D}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{878C7CF2-4675-4E2F-9692-95F4C8C89C35}] => (Allow) C:\Program Files\Andy\andy.exe
FirewallRules: [{BB70B7D3-2FEB-4211-87EC-4FC9A4A89686}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{3C6947CA-8B4D-4F52-9596-BD6C4584929B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{B0F3E3DD-005E-41AF-A2A9-A44CCCFDE993}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{71C926D0-7717-46FC-925C-4C40C9746B61}] => (Allow) C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{8F2C0592-C7AE-46AA-9EB6-0999825CD4A2}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{039EB93B-500C-45AA-95E3-1DEF04457B80}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{96CB4058-2D3D-4CB3-8543-91067EFA5369}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{1B486AE2-F00B-48C7-960B-26B420009A9C}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{2520D0F7-C2E6-49CC-9280-B0F6B61DB6E3}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{746C4882-FA61-4043-B754-464F7D757785}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{6AA04113-F924-4156-82ED-6EE8545F5FC1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5B06050B-4354-482C-AFED-BB40E1B5A8A0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{900AA306-F187-4DCF-AC65-A9E5620CCE01}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F3C6DEFF-7CDC-469C-84A7-80CE6EA2FA1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AA50DD1E-57F1-4F7B-B394-498714AAF520}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{5FF5201B-5630-4175-B206-40C9FC077AAF}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{0561798B-FA2E-4D2A-B602-1F4A5E10FF65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CA0F557B-5F38-41DB-B492-85E52BBC4CD0}] => (Allow) E:\SteamLibrary\steamapps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{DD358B06-063F-468A-8B6B-990579012622}] => (Allow) E:\SteamLibrary\steamapps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2016 11:05:16 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

Error: (11/13/2016 11:04:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819bc32
Exception code: 0xc0000005
Fault offset: 0x000000000003061d
Faulting process id: 0x1da8
Faulting application start time: 0x01d23df9f64c6d3b
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 003eea63-7eed-4443-87e4-d59d0f5446b8
Faulting package full name: 
Faulting package-relative application ID:

Error: (11/13/2016 10:04:49 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


System errors:
=============
Error: (11/13/2016 11:04:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2016 10:03:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2016 10:02:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.

Error: (11/13/2016 10:01:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/13/2016 10:01:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/13/2016 10:01:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/13/2016 10:01:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware Authorization Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/13/2016 10:01:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware USB Arbitration Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/13/2016 10:01:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/13/2016 10:01:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VIA Karaoke digital mixer Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-11-13 23:07:15.031
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-13 23:07:15.029
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-13 21:55:03.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-13 21:55:03.398
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-13 21:22:50.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-13 21:22:50.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-10 20:51:38.014
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-10 20:51:38.012
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-06 19:39:28.003
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-06 19:39:28.002
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 21%
Total physical RAM: 8190.05 MB
Available physical RAM: 6433.56 MB
Total Virtual: 9470.05 MB
Available Virtual: 7635.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:96.75 GB) (Free:23.33 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (TAJFUN_DATA) (Fixed) (Total:931.51 GB) (Free:129.83 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DATA) (Fixed) (Total:833.85 GB) (Free:173.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 41DF92FA)
Partition 1: (Active) - (Size=96.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 MB) - (Type=27)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
Partition 4: (Not Active) - (Size=833.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0007BF26)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================