﻿Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by Admin (23-02-2017 20:55:03)
Running from C:\Users\Admin\Desktop\Maintenance
Windows 10 Pro Version 1607 (X64) (2017-02-16 20:06:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-3854131961-306697548-3940262695-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3854131961-306697548-3940262695-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3854131961-306697548-3940262695-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3854131961-306697548-3940262695-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3854131961-306697548-3940262695-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6521 - CDBurnerXP)
COMODO Firewall (HKLM\...\COMODO Internet Security) (Version: 10.0.0.6092 - COMODO Security Solutions Inc.)
COMODO Firewall (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) Hidden
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
Google Chrome (HKLM\...\{BE40B3E0-129E-313C-B663-94C192C5143F}) (Version: 56.0.2924.87 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.404762.41 - Comodo)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 cs)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Serious Sam Classic: The Second Encounter (HKLM\...\Steam App 41060) (Version:  - Croteam)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.5.0 - ShareX Team)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-3854131961-306697548-3940262695-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Update for Skype for Business 2016 (KB3141501) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{D7445990-15D2-466D-BA6D-588F28226F27}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3141501) 64-Bit Edition (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}_Office16.PROPLUS_{D7445990-15D2-466D-BA6D-588F28226F27}) (Version:  - Microsoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A830E40-EE38-4907-9C7A-12FCC94B33E7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {2A885B82-B30C-446B-9DA0-92A1C57D0121} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {4A88EB6C-611E-4DDC-8331-EB35BBF395FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-16] (Google Inc.)
Task: {86DDD27C-9249-4DDC-9B93-FF8ECF557CFF} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {97C67F0C-5FD5-401F-BCF4-3BA2C6FD0A13} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)
Task: {BF97400C-DA75-4023-AA86-0E0128058853} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-12-28] (COMODO)
Task: {D2B926EA-C735-459D-AF70-58184BAB6D9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-16] (Google Inc.)
Task: {E029B5A7-EC1A-499B-896C-9411AD30E2A4} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-12-28] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-12-28 00:17 - 2016-12-28 00:17 - 00155320 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2016-12-28 00:16 - 2016-12-28 00:16 - 00179896 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2016-12-28 00:16 - 2016-12-28 00:16 - 00107704 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-02-16 22:31 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\System32\CoreUIComponents.dll
2017-02-16 22:31 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-02-16 21:59 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-16 21:59 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-16 22:31 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-31 20:45 - 2016-10-31 20:45 - 00592384 _____ () C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX64.dll
2017-02-16 21:08 - 2017-02-16 21:08 - 00959168 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-11-21 05:05 - 2016-11-21 05:05 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-16 22:30 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-16 22:30 - 2016-12-21 08:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-02-16 22:30 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-16 22:30 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-16 22:30 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-02-16 22:30 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-16 22:30 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 23:32 - 2017-02-10 02:17 - 00869888 _____ () C:\Users\Admin\AppData\Roaming\Metadefender-Local\x64\mdproxy.exe
2017-02-22 23:32 - 2017-01-31 02:30 - 02097584 _____ () C:\Users\Admin\AppData\Roaming\Metadefender-Local\x64\libwavmodapi.dll
2016-04-13 09:38 - 2016-04-13 09:38 - 00482304 _____ () C:\Users\Admin\AppData\Local\MEGAsync\libsodium.dll
2017-02-19 17:38 - 2016-06-21 19:30 - 00442144 _____ () C:\Users\Admin\Desktop\Maintenance\IObit Uninstaller\App\uninstaller\madExcept_.bpl
2017-02-19 17:38 - 2016-06-21 19:29 - 00210720 _____ () C:\Users\Admin\Desktop\Maintenance\IObit Uninstaller\App\uninstaller\madBasic_.bpl
2017-02-19 17:38 - 2016-06-21 19:29 - 00059680 _____ () C:\Users\Admin\Desktop\Maintenance\IObit Uninstaller\App\uninstaller\madDisAsm_.bpl
2017-02-19 17:38 - 2016-05-23 21:49 - 00899872 _____ () C:\Users\Admin\Desktop\Maintenance\IObit Uninstaller\App\uninstaller\webres.dll
2017-02-19 17:38 - 2016-10-18 16:57 - 00631072 _____ () C:\Users\Admin\Desktop\Maintenance\IObit Uninstaller\App\uninstaller\ProductStatistics.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\DasPtct.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Users\Admin\Downloads\15785669_1498221460205184_716525381_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\15817551_1498221730205157_914731756_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\15823992_1498221626871834_298957654_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\15824699_1498221600205170_1466243221_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\15857276_1498221436871853_88316332_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\16586647_1541710292522967_1499878984_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\16586757_1541710065856323_484625654_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\16593595_1541710062522990_1293530862_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\IMG_20161229_230508.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\IMG_20161229_230528.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\IMG_20161229_230632.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\IMG_20161229_230938.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\IMG_20161229_231019.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Downloads\pattern-review-bucket-bag-how-about-orange-204501.png:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2017-02-19 17:34 - 00000986 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3854131961-306697548-3940262695-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3854131961-306697548-3940262695-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3854131961-306697548-3940262695-1001\...\StartupApproved\StartupFolder: => "ShareX.lnk"
HKU\S-1-5-21-3854131961-306697548-3940262695-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3854131961-306697548-3940262695-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3854131961-306697548-3940262695-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3854131961-306697548-3940262695-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9FD484C8-9B59-4D79-A397-F7E362B2A051}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3C8CBA11-8A8C-4264-95D1-211955678F21}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5354E49F-0D10-4BE5-9D49-A8EBDA0AA56F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{04E427D7-5ED1-4C6D-AB46-5A73CB28DE6C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E087EE3F-112F-4812-A6BD-0F1B853090EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{42BC0B80-DC21-45DF-BEBC-73142B7569F6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{099C257B-24D8-41FA-B345-B30E11C14BF8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D348B962-F36F-4FB2-9FDE-5BAA547E4061}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC281364-164F-4E5F-A938-59CAEEE3DFCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe
FirewallRules: [{8A20946E-06E0-4F0B-915D-48477F26D051}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe
FirewallRules: [{5D2AE299-A018-496B-81B7-4D62B9A00A63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe
FirewallRules: [{A6535B61-7CF4-4AE5-BA5D-C446A90F29B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe
FirewallRules: [{BE8345F0-53F5-4AA0-8CB9-51D5AF4F528E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe
FirewallRules: [{BDF295D4-300A-40CD-9AEF-A41C29EB816B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe

==================== Restore Points =========================

20-02-2017 21:11:23 Ultra Adware Killer adware removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2017 05:40:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\program files\amd\cim\bin64\SetACL64.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (02/23/2017 07:27:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-C0AI81H)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (02/23/2017 07:27:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-C0AI81H)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (02/22/2017 11:32:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program WINWORD.EXE verze 16.0.4483.1000 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1cb0

Čas spuštění: 01d28d58ea58a7ee

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\Microsoft Office\Office16\WINWORD.EXE

ID hlášení: c3c2d399-f94e-11e6-84dc-00e1b0113493

Úplný název balíčku s chybou: 

ID aplikace související s balíčkem s chybou:

Error: (02/22/2017 10:27:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro F:\Sandra\Nová složka\Programy\esetsmartinstaller_csy.exe se nezdařilo. Chyba v souboru manifestu nebo zásad  na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/22/2017 08:30:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro D:\Users\Admin\Desktop\esetsmartinstaller_csy.exe se nezdařilo. Chyba v souboru manifestu nebo zásad  na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Součást 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/22/2017 01:17:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\program files\amd\cim\bin64\SetACL64.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (02/22/2017 01:16:32 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Vytvoření výčtu relací uživatelů pro generování fondů filtrů se nezdařilo.

Podrobnosti:
	(HRESULT : 0x80040210) (0x80040210)

Error: (02/21/2017 11:56:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\program files\amd\cim\bin64\SetACL64.exe se nezdařilo.
Závislé sestavení Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (02/20/2017 09:11:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.


System errors:
=============
Error: (02/23/2017 08:13:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/23/2017 04:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Ochrana softwaru neuspěla při spuštění v důsledku následující chyby: 
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/23/2017 04:11:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Ochrana softwaru bylo dosaženo časového limitu (30000 ms).

Error: (02/23/2017 04:10:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Ochrana softwaru neuspěla při spuštění v důsledku následující chyby: 
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (02/23/2017 04:10:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Ochrana softwaru bylo dosaženo časového limitu (30000 ms).

Error: (02/23/2017 07:34:10 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (02/23/2017 07:33:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (02/23/2017 07:27:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/23/2017 07:27:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/23/2017 07:27:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800} se v daném časovém limitu neregistroval u služby DCOM.


CodeIntegrity:
===================================
  Date: 2017-02-23 20:13:09.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-23 20:12:21.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-23 19:35:34.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-23 18:18:27.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-23 18:12:02.553
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-23 18:04:59.104
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-23 17:40:35.056
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-23 17:28:25.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-23 16:26:19.565
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-23 16:11:31.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 87%
Total physical RAM: 8091.56 MB
Available physical RAM: 1044.01 MB
Total Virtual: 15853.24 MB
Available Virtual: 2045.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:241.68 GB) (Free:151.37 GB) NTFS
Drive d: () (Fixed) (Total:689.05 GB) (Free:488.42 GB) NTFS
Drive e: () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:45.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E3B86E78)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B7F7BA07)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================