Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Alena Figurová (23-01-2017 08:43:16)
Running from C:\Users\Alena Figurová\Desktop
Windows 10 Home Version 1511 (X64) (2017-01-21 07:38:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2188189512-3963220683-3404735136-500 - Administrator - Disabled)
Alena Figurová (S-1-5-21-2188189512-3963220683-3404735136-1002 - Administrator - Enabled) => C:\Users\Alena Figurová
DefaultAccount (S-1-5-21-2188189512-3963220683-3404735136-503 - Limited - Disabled)
Guest (S-1-5-21-2188189512-3963220683-3404735136-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F9078757-A2EC-D4FF-5F25-E6BE885EF665}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11196 - Realtek Semiconductor Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.12.108.1 - Intel Security)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.5222.01 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
Lenovo PowerDVD12 (x32 Version: 12.0.5709.60 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.019.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{E442BFFD-8406-4C6D-BE7E-0CF6E61EE363}) (Version: 3.2.004.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.069.02 - Lenovo)
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
LenovoUtility (x32 Version: 3.0.0.4 - Lenovo) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2188189512-3963220683-3404735136-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 sk) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 sk)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.887.880.032216 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.31220 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7738 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0283 - REALTEK Semiconductor Corp.)
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
User Manuals (HKLM-x32\...\InstallShield_{7042D952-EE42-4C09-A23D-E7AE4D047007}) (Version: 6.0.0.0 - Lenovo)
User Manuals (x32 Version: 6.0.0.0 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows KMS Activator Ultimate 2016 v3.0 (HKLM\...\Windows KMS Activator Ultimate 2016 v3.0_is1) (Version: v3.0 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E04DF0E-87CA-4AA6-9F00-F3459298CA6F} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {0ECD1A97-AA22-4EAF-BCF2-BD7CDBC92921} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-01-25] (Lenovo)
Task: {1E6FAF26-AD94-4578-9641-B3A5EA1E1DEE} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [2015-09-25] ()
Task: {285A2864-1739-4379-857C-A31554E8BD16} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [2015-09-11] (CyberLink Corp.)
Task: {3EDDAAE5-1D3D-4B2B-8195-4A56C2C59D13} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {4003B84C-7988-4000-BB2C-FFE0E98F9701} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {51ED5F68-6980-47A7-973F-21DECAA09935} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2016-01-25] (Lenovo)
Task: {5F139148-22D9-401A-A01C-FCE12B6E12BE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-21] (AVAST Software)
Task: {71600107-AE85-4BB4-9298-FEA768C3007A} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {7EDF8DEB-E57B-4184-AAD3-A72ED971868B} - System32\Tasks\SafeZone scheduled Autoupdate 1484988188 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {84AD5E7D-F486-483C-9B4F-4920E97C456B} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2016-04-22] (CyberLink Corp.)
Task: {8690A5AF-844A-480C-B9D2-2727BF850C51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-21] (Google Inc.)
Task: {9E0BC7FA-0FE0-445C-B4C6-DCFE8A9FF896} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {9FFCFC23-6DBE-4B6E-B6BB-5B68B78C13E7} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {A8DBA3ED-5D7C-45BF-80B6-98E112D33810} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [2015-09-25] ()
Task: {AC9A3CA6-951D-4F1F-9559-3B4E4CA73953} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-01-25] (Lenovo)
Task: {C3ED60E5-76D8-4FD1-9CE3-1322949E2D22} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-07] (Lenovo)
Task: {D37B39EF-1AE6-4D18-9023-CB2BA9BCE4D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {E09C4974-1FB0-433D-82D9-8A41727E4369} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {F07FCC4F-9B60-482D-A5EF-E860963F336F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {FA460A2B-E254-4DAC-A0C4-291E60744715} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\cce57a27-5754-4d75-b690-9bb735046e89 => powershell.exe -nologo -noninteractive "&amp; {New-Item -Path Registry::HKCU\Software\Lenovo\ImController\ScheduledTasks\cce57a27-5754-4d75-b690-9bb735046e89 -type directory -force;$conter=Get-Date;$conter=$conter.ToUniversalTime();Set-ItemProperty -Path Registry::HKCU\Software\Lenovo\ImController\ScheduledTasks\c (the data entry has 73 more characters).
Task: {FC7CF858-713F-4147-8E3B-CD481E7F5E63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-02-19 09:38 - 2016-02-19 09:38 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-01-21 13:35 - 2016-10-25 10:42 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-21 13:35 - 2016-10-25 10:42 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-09-11 18:05 - 2016-09-11 18:05 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2017-01-21 22:49 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-01-21 14:19 - 2016-10-25 05:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-21 13:35 - 2016-10-25 05:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-21 13:36 - 2016-10-25 05:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-21 13:36 - 2016-10-25 05:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-11 18:47 - 2016-09-11 18:47 - 00791848 _____ () C:\Program Files\Lenovo\LenovoUtility\utility.exe
2016-09-11 18:47 - 2016-09-11 18:47 - 00097048 _____ () C:\Program Files\Lenovo\LenovoUtility\kbdhook.dll
2016-09-11 18:25 - 2016-09-11 18:25 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-09-11 18:25 - 2016-09-11 18:25 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-09-11 18:25 - 2016-09-11 18:25 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-09-11 19:41 - 2014-07-03 17:22 - 00277720 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe
2017-01-21 09:40 - 2017-01-21 09:40 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-21 09:42 - 2017-01-21 09:42 - 04458584 _____ () C:\Program Files\AVAST Software\Avast\defs\17012002\algo.dll
2017-01-21 09:40 - 2017-01-21 09:40 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-11 18:47 - 2015-02-13 00:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2016-09-11 18:58 - 2014-07-04 05:35 - 00627672 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2014-07-04 20:35 - 2014-07-04 20:35 - 00016856 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2017-01-21 09:40 - 2017-01-21 09:40 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2017-01-21 23:16 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2188189512-3963220683-3404735136-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{10470C65-16F1-41F0-9202-8403C2CDD437}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{A8A4D720-65B4-444D-A656-E8EE09DA41D2}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{883BD9AE-246C-498D-BA2C-4F527B5AA8FC}] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{0BC07186-28BB-487E-80B4-5AA2C2D86065}] => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{DD133E3E-160A-4945-AA4E-8A4FB8839EA5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{819F5EBC-508D-43E0-93B1-F369E4F4E722}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BEF71BDD-EDF7-49A5-9720-2AE49D19CE6B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9B5276A-061D-42EC-B607-A9A448E93343}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5BF994B-4ED3-47A2-9DDD-0222838C504F}] => C:\Program Files\Windows KMS Activator Ultimate 2016 v3.0\Windows KMS Activator Ultimate 2016 v3.0.exe
FirewallRules: [{B87E4D6E-FEFC-479D-B27A-AEC798EB4BE4}] => C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{7C30080F-EA9C-440E-A42F-ABD908E23D34}] => C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{42F10151-4D14-4FC5-B58C-277693927542}] => C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{4996425C-EFEE-4CBD-8CC4-2CCC7BC2933D}] => C:\Program Files\Microsoft Office\Office16\UcMapi.exe

==================== Restore Points =========================

21-01-2017 22:56:09 Windows Update
21-01-2017 22:57:09 Windows Update
23-01-2017 00:03:24 Installed Microsoft Office Professional Plus 2016
23-01-2017 00:04:25 PROPLUS

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2017 08:37:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/23/2017 08:37:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/23/2017 04:36:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/23/2017 04:36:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/23/2017 04:29:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: tbaseprovisioning.exe, verzia: 1.0.0.0, časová značka: 0x56b4dcb7
Názov chybujúceho modulu: KERNELBASE.dll, verzia: 10.0.10586.672, časová značka: 0x580efb0a
Kód výnimky: 0xe0434352
Odstup chyby: 0x000bdb18
Identifikácia chybujúceho procesu: 0x40c
Čas spustenia chybujúcej aplikácie: 0x01d27528d8476955
Cesta chybujúcej aplikácie: C:\Windows\SysWOW64\tbaseprovisioning.exe
Cesta chybujúceho modulu: C:\Windows\SYSTEM32\KERNELBASE.dll
Identifikácia hlásenia: 2f418b4e-196b-451a-9a1e-aaaa7596b7ed
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/23/2017 04:29:30 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: tbaseprovisioning.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStoreCore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress, Boolean)
   at System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.X509FindType, System.Object, System.ServiceModel.EndpointAddress)
   at System.ServiceModel.Security.X509CertificateRecipientServiceCredential.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation, System.Security.Cryptography.X509Certificates.StoreName, System.Security.Cryptography.X509Certificates.X509FindType, System.Object)
   at System.ServiceModel.Configuration.X509RecipientCertificateServiceElement.ApplyConfiguration(System.ServiceModel.Security.X509CertificateRecipientServiceCredential)
   at System.ServiceModel.Configuration.ServiceCredentialsElement.ApplyConfiguration(System.ServiceModel.Description.ServiceCredentials)
   at System.ServiceModel.Configuration.ServiceCredentialsElement.CreateBehavior()
   at System.ServiceModel.Description.ConfigLoader.LoadBehaviors[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ServiceModel.Configuration.ServiceModelExtensionCollectionElement`1<System.ServiceModel.Configuration.BehaviorExtensionElement>, System.Collections.Generic.KeyedByTypeCollection`1<System.__Canon>, Boolean)
   at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(System.ServiceModel.ServiceHostBase, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement, System.Action`1<System.Uri>, Boolean)
   at System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(System.ServiceModel.Description.ConfigLoader, System.ServiceModel.Description.ServiceDescription, System.ServiceModel.Configuration.ServiceElement)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHost.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(System.ServiceModel.UriSchemeKeyedCollection)
   at System.ServiceModel.ServiceHost.InitializeDescription(System.Type, System.ServiceModel.UriSchemeKeyedCollection)
   at System.ServiceModel.ServiceHost..ctor(System.Type, System.Uri[])
   at RootPaApp.RootPaWindowsService.startThread()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (01/23/2017 04:05:54 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/23/2017 04:05:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/23/2017 01:26:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/23/2017 01:26:07 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (01/23/2017 04:33:08 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-8160CBSI)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user LAPTOP-8160CBSI\Alena Figurová SID (S-1-5-21-2188189512-3963220683-3404735136-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/23/2017 04:33:08 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-8160CBSI)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user LAPTOP-8160CBSI\Alena Figurová SID (S-1-5-21-2188189512-3963220683-3404735136-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/23/2017 04:33:08 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-8160CBSI)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user LAPTOP-8160CBSI\Alena Figurová SID (S-1-5-21-2188189512-3963220683-3404735136-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/23/2017 04:30:43 AM) (Source: Microsoft-Windows-Eventlog) (EventID: 30) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Error: (01/23/2017 04:29:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba tbaseprovisioning sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/23/2017 04:29:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby InstallerService zlyhalo kvôli nasledujúcej chybe: 
The system cannot find the file specified.

Error: (01/23/2017 04:17:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sync Host_51c30 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/23/2017 04:17:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/23/2017 04:16:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Windows Driver Foundation - User-mode Driver Framework bola ukončená s nasledujúcou chybou: 
Insufficient system resources exist to complete the requested service.

Error: (01/23/2017 04:15:06 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správca riadenia služieb sa po neočakávanom ukončení služby Program Compatibility Assistant Service pokúsil vykonať opravnú akciu (Reštartovať službu), ale táto činnosť zlyhala s nasledujúcou chybou: 
An instance of the service is already running.


CodeIntegrity:
===================================
  Date: 2017-01-23 04:31:11.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-23 00:12:29.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-22 12:24:05.574
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-22 11:38:17.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-22 11:36:54.140
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-22 11:17:51.014
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-22 10:54:09.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-22 10:40:27.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-22 03:20:13.946
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-21 23:10:12.371
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics 
Percentage of memory in use: 50%
Total physical RAM: 3490.6 MB
Available physical RAM: 1723.63 MB
Total Virtual: 4834.6 MB
Available Virtual: 2789.21 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:886.08 GB) (Free:844.97 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.9 GB) NTFS
Drive f: (16.0.4266.1001) (CDROM) (Total:0.92 GB) (Free:0 GB) UDF
Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive h: () (Removable) (Total:3.82 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 552D72E0)

Partition: GPT.

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================