Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by ASUS (23-01-2017 10:50:22)
Running from C:\Users\ASUS\Desktop
Windows 10 Pro Version 1607 (X64) (2016-11-28 21:47:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2568721141-932381562-460693305-500 - Administrator - Disabled)
ASUS (S-1-5-21-2568721141-932381562-460693305-1001 - Administrator - Enabled) => C:\Users\ASUS
DefaultAccount (S-1-5-21-2568721141-932381562-460693305-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2568721141-932381562-460693305-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2568721141-932381562-460693305-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Aktualizácie NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
Brackets (HKLM-x32\...\{16BDB1F1-D0F6-4B24-92D4-D20B325B08FB}) (Version: 1.6 - brackets.io)
Connectify 2016 (HKLM\...\Connectify) (Version: 2016.0.11.37958 - Connectify)
Core Temp 1.5.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.5.1 - ALCPU)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogaléria (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Malwarebytes verzia 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office 2013 Professional Plus (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
NVIDIA 3D Vision radič ovládača 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Grafický ovládač 359.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.46 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Ovládací panel NVIDIA 359.46 (Version: 359.46 - NVIDIA Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7936 - Realtek Semiconductor Corp.)
RebelBetting 6.0 (HKLM-x32\...\RebelBetting) (Version: 6.0 - Clarobet AB)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-041B-1000-0000000FF1CE}_Office15.PROPLUS_{FC66F0AC-3648-4A48-B7CF-A3D359FEE40C}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CB85A0CF-0448-43D8-8006-173A8C84A018}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CB85A0CF-0448-43D8-8006-173A8C84A018}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 64-Bit Edition (HKLM\...\{90150000-012B-041B-1000-0000000FF1CE}_Office15.PROPLUS_{CB85A0CF-0448-43D8-8006-173A8C84A018}) (Version:  - Microsoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{2D7A9DE0-A61B-4555-9E44-8485AE3DB8A8}) (Version: 4.0.4 - WinSnare) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2568721141-932381562-460693305-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {266D39D3-C9F2-4EA1-B120-7FD56815F260} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {26B99C82-1A64-44B9-8388-0075842F6557} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {3E988291-FE91-4F39-88B7-894C75849A28} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-28] (Realtek Semiconductor)
Task: {409EB416-921C-4093-ADFF-090108598CA4} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-2CFM3UL-ASUS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {44D259A4-1C03-46FB-B371-C1DB26C30FDE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5645876A-418B-48DC-B1F6-36962EA5970B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {6242210F-8CF5-45E4-BF46-333B533DFD2C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {77442CE4-DBD8-4A57-8B6E-E406A5071D92} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-28] (Realtek Semiconductor)
Task: {788CC0D5-F1D1-43AA-9298-48B268D5E040} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {93E19D3D-F747-4EC4-81DC-D13102CEBFAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {CB0254A7-77DD-4201-A5EB-17B18A4C0313} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-11-28] (Realtek Semiconductor)
Task: {D88B3D4F-118D-435D-AD21-861F90DEA7AE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {F7683A20-E7A4-4CE7-AD42-6EB37D4D0D03} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ASUS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 14:47 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-11-28 23:01 - 2016-02-15 08:25 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-28 23:35 - 2015-03-12 03:43 - 00022528 _____ () C:\Windows\System32\us003lm.dll
2017-01-13 11:43 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-13 11:43 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-14 14:47 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-06-10 01:41 - 2016-06-10 01:41 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-11-28 22:50 - 2016-11-28 22:50 - 01864384 _____ () C:\Users\ASUS\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2015-08-14 14:28 - 2016-11-28 23:10 - 00402928 _____ () C:\Windows\system32\igfxTray.exe
2016-11-29 09:46 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:53 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 10:53 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 10:53 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 10:53 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 10:53 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 10:53 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 14:30 - 2016-12-14 14:30 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 14:30 - 2016-12-14 14:30 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 14:30 - 2016-12-14 14:30 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 14:30 - 2016-12-14 14:30 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-23 10:22 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-23 10:22 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-12 15:30 - 2016-12-08 15:57 - 00925240 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2568721141-932381562-460693305-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS\Desktop\14129781167_cc299f7b5e_o.jpg
DNS Servers: 158.193.86.5 - 158.193.86.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Connectify Hotspot"
HKU\S-1-5-21-2568721141-932381562-460693305-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [TCP Query User{4BE84387-2F5D-4146-B5E8-6DE688AC67CE}C:\program files (x86)\brackets\node.exe] => C:\program files (x86)\brackets\node.exe
FirewallRules: [UDP Query User{8BECD2DB-0A04-4757-983A-390F9D2C1E32}C:\program files (x86)\brackets\node.exe] => C:\program files (x86)\brackets\node.exe
FirewallRules: [TCP Query User{74795D3C-9321-4D77-9095-C0059DB3B9BC}G:\mafia iii\launcher.exe] => G:\mafia iii\launcher.exe
FirewallRules: [UDP Query User{E76E536A-6BFD-4FFA-80C7-F504EA7785E8}G:\mafia iii\launcher.exe] => G:\mafia iii\launcher.exe
FirewallRules: [TCP Query User{919AEF9A-0284-418B-9AEB-2DCEA38DD681}G:\mafia iii\mafia3.exe] => G:\mafia iii\mafia3.exe
FirewallRules: [UDP Query User{7563A221-485A-4F21-B818-EC370F001072}G:\mafia iii\mafia3.exe] => G:\mafia iii\mafia3.exe
FirewallRules: [TCP Query User{F3FE3684-6F43-4697-9AB9-AE1FD3DE1D34}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{97284DF0-63E4-4A07-B7A1-D02A4EAA16EA}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{1900CA82-DF2A-410A-862A-7D0534C7FE3F}E:\hry\mafia iii\launcher.exe] => E:\hry\mafia iii\launcher.exe
FirewallRules: [UDP Query User{07917813-26ED-4BF8-8011-DA680D11BD03}E:\hry\mafia iii\launcher.exe] => E:\hry\mafia iii\launcher.exe
FirewallRules: [TCP Query User{D755539C-91EA-48B5-8BFF-8215105F8C32}E:\hry\mafia iii\mafia3.exe] => E:\hry\mafia iii\mafia3.exe
FirewallRules: [UDP Query User{97DD9FA4-C9D8-4DFE-B204-38CD2E43D166}E:\hry\mafia iii\mafia3.exe] => E:\hry\mafia iii\mafia3.exe
FirewallRules: [{969ADFDE-963A-4399-8F4D-279E1AF75A07}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E4A62E11-0C18-4A1E-8777-89FAA67DBF5D}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A45C3DF6-D217-49A4-BAE3-50B066D4FAA9}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{27F83BFB-1709-450E-A3FA-30056F290AF5}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6A537813-6A3A-4D8D-BC53-8B2F77D10FB7}] => C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{2E56036F-8307-4EE1-B58C-8A5455F10959}] => C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{FCA91890-77B0-4293-BD81-9A04582935C2}] => C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{FF272366-6F71-4838-82F3-5CC5BE8CD552}] => C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{E7FABD53-45B7-4C5B-B772-C44E311A9EBD}] => C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{20AB18D8-4087-48AD-86C5-2C157EDEC4C8}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{23FEC510-B959-4D86-9054-8309165A185A}] => LPort=2869
FirewallRules: [{48A2CEB3-6E74-4A99-ABA2-7754D8F1D9CB}] => LPort=1900
FirewallRules: [{504FC2A0-5DFD-49F4-AC9F-C24B61BFCC34}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-12-2016 12:27:58 Scheduled Checkpoint
06-01-2017 20:34:19 Scheduled Checkpoint
11-01-2017 11:32:00 Windows Update
12-01-2017 16:40:12 Removed WinSnare
16-01-2017 17:45:08 Windows Update
23-01-2017 10:36:27 JRT Pre-Junkware Removal
23-01-2017 10:36:48 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2017 10:36:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/23/2017 10:36:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/23/2017 10:22:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: microsoftedgecp.exe, verzia: 11.0.14393.82, časová značka: 0x57a55786
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000604
Odstup chyby: 0x0000000000000000
Identifikácia chybujúceho procesu: 0x1484
Čas spustenia chybujúcej aplikácie: 0x01d27559f760adaa
Cesta chybujúcej aplikácie: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: b3f4eef8-1006-483c-a04d-24f516d91031
Celé meno chybujúceho balíka: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Identifikácia chybujúcej aplikácie vzhľadom na balík: MicrosoftEdge

Error: (01/23/2017 10:22:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: microsoftedgecp.exe, verzia: 11.0.14393.82, časová značka: 0x57a55786
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000604
Odstup chyby: 0x0000000000000000
Identifikácia chybujúceho procesu: 0x1484
Čas spustenia chybujúcej aplikácie: 0x01d27559f760adaa
Cesta chybujúcej aplikácie: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: f1c4ac36-896d-4d79-b841-93652eddf3ab
Celé meno chybujúceho balíka: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Identifikácia chybujúcej aplikácie vzhľadom na balík: MicrosoftEdge

Error: (01/23/2017 10:22:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: microsoftedgecp.exe, verzia: 11.0.14393.82, časová značka: 0x57a55786
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000604
Odstup chyby: 0x0000000000000000
Identifikácia chybujúceho procesu: 0x1484
Čas spustenia chybujúcej aplikácie: 0x01d27559f760adaa
Cesta chybujúcej aplikácie: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: 40fc3a65-10a6-4101-98c2-1b61dc507e9a
Celé meno chybujúceho balíka: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Identifikácia chybujúcej aplikácie vzhľadom na balík: MicrosoftEdge

Error: (01/23/2017 10:22:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: microsoftedgecp.exe, verzia: 11.0.14393.82, časová značka: 0x57a55786
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000604
Odstup chyby: 0x0000000000000000
Identifikácia chybujúceho procesu: 0x1484
Čas spustenia chybujúcej aplikácie: 0x01d27559f760adaa
Cesta chybujúcej aplikácie: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: b8612ae7-b275-4028-8a68-691a28d8a388
Celé meno chybujúceho balíka: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Identifikácia chybujúcej aplikácie vzhľadom na balík: MicrosoftEdge

Error: (01/23/2017 10:20:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: microsoftedgecp.exe, verzia: 11.0.14393.82, časová značka: 0x57a55786
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000604
Odstup chyby: 0x0000000000000000
Identifikácia chybujúceho procesu: 0x1484
Čas spustenia chybujúcej aplikácie: 0x01d27559f760adaa
Cesta chybujúcej aplikácie: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: 916822cb-0197-4658-8b09-c7d4ead1f1ca
Celé meno chybujúceho balíka: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Identifikácia chybujúcej aplikácie vzhľadom na balík: MicrosoftEdge

Error: (01/23/2017 10:20:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: microsoftedgecp.exe, verzia: 11.0.14393.82, časová značka: 0x57a55786
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000604
Odstup chyby: 0x0000000000000000
Identifikácia chybujúceho procesu: 0x1484
Čas spustenia chybujúcej aplikácie: 0x01d27559f760adaa
Cesta chybujúcej aplikácie: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: d76befcf-865f-4052-915b-31e7c521fa7a
Celé meno chybujúceho balíka: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Identifikácia chybujúcej aplikácie vzhľadom na balík: MicrosoftEdge

Error: (01/23/2017 10:20:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: microsoftedgecp.exe, verzia: 11.0.14393.82, časová značka: 0x57a55786
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000604
Odstup chyby: 0x0000000000000000
Identifikácia chybujúceho procesu: 0x1484
Čas spustenia chybujúcej aplikácie: 0x01d27559f760adaa
Cesta chybujúcej aplikácie: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: 4e9e239a-601e-475b-9662-85e64c5385a2
Celé meno chybujúceho balíka: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Identifikácia chybujúcej aplikácie vzhľadom na balík: MicrosoftEdge

Error: (01/23/2017 10:20:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: microsoftedgecp.exe, verzia: 11.0.14393.82, časová značka: 0x57a55786
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000604
Odstup chyby: 0x0000000000000000
Identifikácia chybujúceho procesu: 0x1484
Čas spustenia chybujúcej aplikácie: 0x01d27559f760adaa
Cesta chybujúcej aplikácie: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: 531aaa8c-b9c9-41ba-a204-caf8227d09c2
Celé meno chybujúceho balíka: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Identifikácia chybujúcej aplikácie vzhľadom na balík: MicrosoftEdge


System errors:
=============
Error: (01/23/2017 10:39:14 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume E:.

A corruption was found in a file system index structure.  The file reference number is 0x1a000000001497.  The name of the file is "\domm".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (01/23/2017 10:38:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/23/2017 10:38:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/23/2017 10:38:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/23/2017 10:38:20 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume113

Error: (01/23/2017 10:37:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/23/2017 10:36:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Display Driver Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/22/2017 10:18:18 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume E:.

A corruption was found in a file system index structure.  The file reference number is 0x1a000000001497.  The name of the file is "\domm".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".

Error: (01/22/2017 10:18:15 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: E:\Device\HarddiskVolume113

Error: (01/22/2017 07:38:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-01-23 10:03:47.217
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-23 10:03:47.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-13 12:14:26.961
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-13 12:14:26.911
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-11 11:31:56.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-11 11:31:56.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 10:43:38.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 10:43:38.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-07 17:24:18.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-07 17:24:18.210
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8075.19 MB
Available physical RAM: 6056.28 MB
Total Virtual: 21387.19 MB
Available Virtual: 19491.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.02 GB) (Free:161.25 GB) NTFS
Drive e: (1008 GB SSHD) (Fixed) (Total:914.18 GB) (Free:763.82 GB) NTFS
Drive f: () (Fixed) (Total:698.62 GB) (Free:690.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2BFB4DC8)

Partition: GPT.

========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: D04A7F08)

Partition: GPT.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 136854B0)

Partition: GPT.

==================== End of Addition.txt ============================