Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018 Ran by janek (28-02-2018 21:03:19) Running from C:\Users\janek\Desktop Windows 10 Home Version 1511 10586.218 (X64) (2016-03-18 09:15:43) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1608297646-3217866677-88377970-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1608297646-3217866677-88377970-503 - Limited - Disabled) Guest (S-1-5-21-1608297646-3217866677-88377970-501 - Limited - Disabled) janek (S-1-5-21-1608297646-3217866677-88377970-1002 - Administrator - Enabled) => C:\Users\janek ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 18.011.20036 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\{AA3B06B1-E89A-43C6-A26B-7109DB4BEE7B}) (Version: 12.0.7.148 - Adobe Systems, Inc) Age of Empires III (HKLM-x32\...\{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios) AMD Catalyst Install Manager (HKLM\...\{BB0F1FB3-6352-BDEE-32D3-B3F463E3B95C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Aplikacja Blizzard (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) AutoHotkey 1.1.24.01 (HKLM\...\AutoHotkey) (Version: 1.1.24.01 - Lexikos) Avira (HKLM-x32\...\{0d7485e0-9bee-4f51-be99-b5ed9e4c3cad}) (Version: 1.2.105.36322 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{1EC8A200-307B-4964-A67D-6E10088C1CE1}) (Version: 1.2.105.36322 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.34.20 - Avira Operations GmbH & Co. KG) BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.36.1601 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform) Chicago 1930 (HKLM-x32\...\{8260CE2F-C7ED-4853-AC9A-84938E27372D}) (Version: 1.1 - ) Commandos 2: Men of Courage (HKLM-x32\...\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}) (Version: - ) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd) Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP) Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell) Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.) Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) doPDF (HKLM\...\{F64C7477-8040-4993-9554-EC22AE7FA2C0}) (Version: 8.9.951 - Softland) Hidden doPDF 8 (HKLM-x32\...\{3e04b5b8-dfc4-4bb3-99a1-a57ad01e1d55}) (Version: 8.9.951 - Softland) Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.) DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden EasyUO Menu Designer (HKLM-x32\...\{598D06D4-283A-4798-80B6-77F7E720E8A5}) (Version: 1.0.10 - ScriptFellow) Europa Universalis III Complete (HKLM-x32\...\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}) (Version: 1.00.0000 - Paradox Interactive) Fallen Earth (HKLM-x32\...\GamersFirst Fallen Earth) (Version: - GamersFirst) foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski) Fotor 3.1.1 (HKLM-x32\...\Fotor) (Version: 3.1.1 - Everimaging Co., Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of Might and Magic IV - Złota Edycja (HKLM-x32\...\{94B4E2D8-A184-415C-BF9E-F699D76466BD}) (Version: 3.0 - ) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation) HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.77.0 - HTC) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.5.8 - PandoraTV) League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) Legend of Grimrock (HKLM-x32\...\Legend of Grimrock_is1) (Version: - GOG.com) Manager (HKLM-x32\...\{38251B9A-C44B-42D9-9A6A-0697986E334A}) (Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden Manager (HKLM-x32\...\{5EF868DE-3D1B-41BE-9EA9-3D50C14BC145}) (Version: 9.0.8.33982 - LULU Software Limited) Hidden Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - ) Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110415-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830 (HKLM-x32\...\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}) (Version: 11.0.60830.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation) Mozilla Firefox 58.0.2 (x64 pl) (HKLM\...\Mozilla Firefox 58.0.2 (x64 pl)) (Version: 58.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla) Norma Pro (HKLM-x32\...\{6FCEBA1E-B484-4972-883F-E2B99A12758E}) (Version: - ) novaPDF 8 Printer Driver (HKLM\...\{C5275556-5365-45C5-9586-1F6D56CD4BB4}) (Version: 8.9.951 - Softland) NSIS Example2 (HKLM-x32\...\Tibia Auto) (Version: - ) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) OpenOffice 4.1.2 (HKLM-x32\...\{E0ED9630-38E3-418F-A615-A9B2B5758BE5}) (Version: 4.12.9782 - Apache Software Foundation) Oracle VM VirtualBox 5.2.6 (HKLM\...\{EA9602E3-0184-45B9-9E15-028776CD7A6E}) (Version: 5.2.6 - Oracle Corporation) Pakiet zgodności dla systemu Office 2007 (HKLM-x32\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Path of Building version 1.4.73 (HKLM-x32\...\{72FA9AB7-189F-4BDE-8856-72DEB90C157B}_is1) (Version: 1.4.73 - Openarl) Path of Exile (HKLM-x32\...\{5e37eb26-2d6e-4b09-9dda-67b2c7f8d5bb}) (Version: 3.1.1.24680 - Grinding Gear Games) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 3.1.1.24680 - Grinding Gear Games) Hidden PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH) PDF Architect 4 Create Module (HKLM\...\{72B9DF2C-76FA-40B5-A469-16EAB159CE72}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (HKLM\...\{BDF7326B-7ED4-4034-B867-F4E88D4E628B}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDF Architect 4 View Module (HKLM\...\{03E04B47-9270-4613-8D7E-DA4AD2B259A0}) (Version: 4.1.5.29097 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.2 - pdfforge GmbH) PhotoFiltre 7 (HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\PhotoFiltre 7) (Version: - ) qBittorrent 3.3.11 (HKLM-x32\...\qBittorrent) (Version: 3.3.11 - The qBittorrent project) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.7 - Qualcomm Atheros) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.006 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.) Rejestracja produktu (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden Rejestracja produktu Dell (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver) Settlers IV - Złota Edycja (HKLM-x32\...\{A2422674-F3A7-46F2-8966-EC6B1FBD6EB3}) (Version: 1.0 - ) Soda PDF Desktop (HKLM-x32\...\SodaDesktop) (Version: 9.2.10.34167 - LULU Software) Soda PDF Desktop Asian Fonts Pack (HKLM\...\{CBFF9D21-FBBB-48D7-9F84-C24370992AA4}) (Version: 9.2.12.34356 - LULU Software) Hidden Soda PDF Desktop Convert Module (HKLM\...\{8FC1C3BD-A694-4E9E-B51F-207BCD6A2133}) (Version: 9.2.12.34356 - LULU Software) Hidden Soda PDF Desktop Create Module (HKLM\...\{83A67DAD-E51A-4A3A-AD6A-49A5853F6D9A}) (Version: 9.2.12.34356 - LULU Software) Hidden Soda PDF Desktop Edit Module (HKLM\...\{1F974010-6C8B-42B6-A669-B0A696FAFB29}) (Version: 9.2.12.34356 - LULU Software) Hidden Soda PDF Desktop Forms Module (HKLM\...\{981FAAEC-D9AB-475A-985D-EF74A046A372}) (Version: 9.2.12.34356 - LULU Software) Hidden Soda PDF Desktop Insert Module (HKLM\...\{511A21D3-BB6E-4336-80C8-E63CDF6A307C}) (Version: 9.2.12.34356 - LULU Software) Hidden Soda PDF Desktop OCR Module (HKLM\...\{438CF57D-B860-4A6F-95ED-7B6FD267040D}) (Version: 9.2.12.34356 - LULU Software) Hidden Soda PDF Desktop Review Module (HKLM\...\{1368EEAD-7B14-47E1-BF26-4CD49C5B7BCF}) (Version: 9.2.12.34356 - LULU Software) Hidden Soda PDF Desktop Secure Module (HKLM\...\{B094A0C4-2225-4F9C-A3D6-50700AAFCA80}) (Version: 9.2.12.34356 - LULU Software) Hidden Soda PDF Desktop View Module (HKLM\...\{165B875F-9B74-4434-97F9-1FCB926504F8}) (Version: 9.2.12.34356 - LULU Software) Hidden SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stronghold 2 Deluxe (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.30 - Firefly Studios) Tibia (HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\Tibia) (Version: - CipSoft GmbH) Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version: - Electronic Arts) Ultima Online Renaissance 5.0.8.3 (HKLM\...\{85204665-3317-4953-BDB8-3BB60C75C130}) (Version: 5.0.8.3 - www.uorenaissance.com) UOS version 1.0.5 (HKLM-x32\...\{FC6804BE-B90F-4C2B-BF21-6A4063C8FD4C}_is1) (Version: 1.0.5 - UOS, Team.) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN) WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) XVM wersja 7.3.2 (HKLM-x32\...\{2865cd27-6b8b-4413-8272-cd968f316050}_is1) (Version: 7.3.2 - XVM team) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-08] (Cyberlink) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-12-21] (McAfee, Inc.) ContextMenuHandlers1: [PDFArchitect4_ManagerExt] -> {3AECFCB3-8472-48E9-BC7B-5A3CD945C886} => C:\Program Files\PDF Architect 4\creator-context-menu.dll [2016-08-05] (pdfforge GmbH) ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-12-16] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-08] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-08] (Alexander Roshal) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-08] (Cyberlink) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-07-16] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2016-12-21] (McAfee, Inc.) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-12-16] (Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-08] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-08] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0291B506-26AB-4C1B-8158-BCD03D2348E7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-20] (PC-Doctor, Inc.) Task: {22C3DC72-82C1-4505-A596-B05DAD39E943} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-30] () Task: {2E7E8E2A-8B9F-4C49-BA1F-550017CDEA1C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {340BE274-E2CA-4413-98DD-9B9611A18491} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {38745343-C100-44DF-9BB3-4EEBB095AE99} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-20] (PC-Doctor, Inc.) Task: {4459BB68-C034-4714-9317-6DDCDA7AC3E9} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-12-16] (Avira Operations GmbH & Co. KG) Task: {64A580BC-127E-47C4-9AA7-574FD8D69C9F} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink) Task: {6F620BA8-7B21-4731-BFDB-0181CD46A3DF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd) Task: {734CAEA2-7CDC-4DE7-9DF8-976C28C3FFCF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd) Task: {739BBAB1-BBA1-40BE-A219-BC5064340B80} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-29] (CyberLink Corp.) Task: {A73BFBD2-7B45-4966-91F0-60D1805D34DD} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {AA2A4548-628B-4D97-BAEE-E50E64379B9C} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-05-02] (Avira Operations GmbH & Co. KG) Task: {AFA40A43-35AD-47A6-8E7A-3F20B67D4693} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2017-08-16] () Task: {C400F7CB-9A75-4125-A184-EC1BC2A350C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-15] (Adobe Systems Incorporated) Task: {D21F5413-147E-4690-A7BA-1F1676571136} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor) Task: {E3068B71-8CBB-454E-B7B7-FF54AE4AC5E2} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION Task: {E9294BD3-D5F1-461F-95E8-2C5835039583} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-01-17] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP L0T2OMH ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\janek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Razor\Visit Razor's Website.lnk -> hxxp://www.runuo.com/razor ==================== Loaded Modules (Whitelisted) ============== 2016-08-28 19:42 - 2014-06-03 09:26 - 000031016 _____ () C:\WINDOWS\System32\solidlocalmon.dll 2015-07-16 05:38 - 2015-07-16 05:38 - 000127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2016-05-15 17:30 - 2013-08-15 09:18 - 000325632 _____ () C:\Program Files\KIANO USB modem\WCDMA_Eject.exe 2017-08-16 13:18 - 2017-08-16 13:18 - 000146736 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll 2013-10-17 14:27 - 2013-10-17 14:27 - 000166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2015-09-09 21:57 - 2014-04-15 02:59 - 000253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2015-07-16 05:39 - 2015-07-16 05:39 - 000138752 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2015-10-30 08:18 - 2015-10-30 08:18 - 000185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-04-13 22:27 - 2016-03-29 11:20 - 002656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-02-13 13:54 - 2016-02-13 13:54 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-04-13 22:24 - 2016-04-02 04:25 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-04-13 22:25 - 2016-04-02 04:03 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-04-13 22:25 - 2016-04-02 03:58 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-04-13 22:26 - 2016-04-02 03:59 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-04-13 22:26 - 2016-04-02 04:02 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-10-21 08:07 - 2016-10-21 08:07 - 000030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll 2016-10-21 08:07 - 2016-10-21 08:07 - 000607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll 2016-10-21 08:07 - 2016-10-21 08:07 - 000059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll 2016-10-21 08:07 - 2016-10-21 08:07 - 000035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll 2016-10-21 08:07 - 2016-10-21 08:07 - 000079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll 2016-10-21 08:08 - 2016-10-21 08:08 - 000129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll 2016-10-21 08:09 - 2016-10-21 08:09 - 000223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll 2016-12-21 10:24 - 2016-12-21 10:24 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll 2017-11-21 13:50 - 2017-11-21 13:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 12:04 - 2016-03-31 17:54 - 000000857 _____ C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1608297646-3217866677-88377970-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\janek\Desktop\nyc-17.jpg DNS Servers: 192.168.1.20 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 HKLM\...\StartupApproved\Run: => "QuickSet" HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1608297646-3217866677-88377970-1002\...\StartupApproved\Run: => "World of Tanks" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{0412E53C-31A3-4AC8-B2D5-4CA5343DC07C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2CCF0D18-718D-45D6-A337-A2F425C425CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{991B4B8C-FCA4-493F-850B-D0DF0AA24EC7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{01D0CA63-5AFA-47FA-84DD-A6BB48C3C6D1}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{69501DC7-8913-49D2-9958-9DD5025609F1}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE FirewallRules: [TCP Query User{380A1ECE-4382-47A5-B159-1B8006D7F3A7}C:\games\fifa 12\game\fifa.exe] => (Allow) C:\games\fifa 12\game\fifa.exe FirewallRules: [UDP Query User{43D3771C-75DD-4D0E-8376-5E62A90553FF}C:\games\fifa 12\game\fifa.exe] => (Allow) C:\games\fifa 12\game\fifa.exe FirewallRules: [{7D162296-BD28-4CF4-B8CC-22E8435E1D8F}] => (Allow) C:\Program Files (x86)\The Elder Scrolls V Skyrim\Launcher.exe FirewallRules: [{33FFC099-C8D4-4988-8C5C-D63C06C50E05}] => (Allow) C:\Program Files (x86)\The Elder Scrolls V Skyrim\Launcher.exe FirewallRules: [TCP Query User{0E269469-8465-46E1-9D2C-7850A9885E7B}C:\program files (x86)\r.g. mechanics\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\r.g. mechanics\dishonored\binaries\win32\dishonored.exe FirewallRules: [UDP Query User{6DC9D784-6599-4C9E-BE74-2B75354AF39F}C:\program files (x86)\r.g. mechanics\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\r.g. mechanics\dishonored\binaries\win32\dishonored.exe FirewallRules: [TCP Query User{1298B533-A4BB-4804-9C68-29BBFD77A8C9}C:\program files (x86)\r.g. mechanics\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\r.g. mechanics\dishonored\binaries\win32\dishonored.exe FirewallRules: [UDP Query User{B2FCB026-399D-48FB-AC7E-CF6C1BA77886}C:\program files (x86)\r.g. mechanics\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\r.g. mechanics\dishonored\binaries\win32\dishonored.exe FirewallRules: [TCP Query User{C0C8DF4B-AD8D-431A-8C54-D9A1DF6A001D}C:\program files (x86)\r.g. mechanics\inversion\bin\inversion.exe] => (Block) C:\program files (x86)\r.g. mechanics\inversion\bin\inversion.exe FirewallRules: [UDP Query User{29250925-8D85-4A83-9A96-412BBD0481BA}C:\program files (x86)\r.g. mechanics\inversion\bin\inversion.exe] => (Block) C:\program files (x86)\r.g. mechanics\inversion\bin\inversion.exe FirewallRules: [{736B3347-6C44-480A-A7DD-D3E727464A3C}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe FirewallRules: [{36A99F0D-4B20-41EF-8085-8E8986F2460E}] => (Allow) C:\Program Files (x86)\Firefly Studios\Stronghold 2\Stronghold2.exe FirewallRules: [{D52EF5DD-2357-4216-ACEB-CF6B0F622AF4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5C5C2BC4-FED3-4E38-8044-94AE274EC1DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{35481644-7072-4383-BF44-F121AA9EAE63}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{6806B90D-1894-4EE5-9D84-1C0AF0E6DF6D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{4BE72294-D48E-4728-A34D-1263476E4FA9}C:\users\janek\downloads\civilization v\civilization v\civilizationv.exe] => (Allow) C:\users\janek\downloads\civilization v\civilization v\civilizationv.exe FirewallRules: [UDP Query User{D94F9825-7DE1-410C-92F7-1CD3A4081CAB}C:\users\janek\downloads\civilization v\civilization v\civilizationv.exe] => (Allow) C:\users\janek\downloads\civilization v\civilization v\civilizationv.exe FirewallRules: [TCP Query User{6920A944-FED4-4817-A39A-4F3050E80549}C:\program files (x86)\cts games\szone-online\szoneonlinelauncher.exe] => (Allow) C:\program files (x86)\cts games\szone-online\szoneonlinelauncher.exe FirewallRules: [UDP Query User{A6D15F36-77E9-45BE-99D3-C0746156BE75}C:\program files (x86)\cts games\szone-online\szoneonlinelauncher.exe] => (Allow) C:\program files (x86)\cts games\szone-online\szoneonlinelauncher.exe FirewallRules: [{1AD50AD3-E6D3-4A69-9CDE-54D6BDDCB876}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{5350B717-8C48-41CE-8652-8D079F2198EE}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{EF1E5F12-F50C-4EB3-9478-7334E760922A}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{CED874A2-6052-47FB-896F-342E7AD64CF9}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{CEC238C5-9556-45E0-9E49-A1C1A569180F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{FB4B7725-23F9-4F66-8A66-0C61541DE987}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{DC5767E4-D410-412E-A478-B174798E9001}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe FirewallRules: [{402B54DE-165B-461F-B95D-C9A59A74592A}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe FirewallRules: [{10C9527F-A937-4BD9-B3E1-F608A68E2A83}] => (Allow) LPort=8501 FirewallRules: [{099A41F9-19A5-4964-8C73-93F2A19A1319}] => (Allow) LPort=8501 FirewallRules: [TCP Query User{D57410FA-D492-475D-B675-6927DD56FFC9}C:\games\electronic arts\ultima online classic\client.exe] => (Block) C:\games\electronic arts\ultima online classic\client.exe FirewallRules: [UDP Query User{F199093E-1E8C-4CCB-9A02-ED8593FDFC0B}C:\games\electronic arts\ultima online classic\client.exe] => (Block) C:\games\electronic arts\ultima online classic\client.exe ==================== Restore Points ========================= 18-02-2018 18:40:33 Zainstalowane Heroes of Might and Magic IV - Złota Edycja 19-02-2018 20:09:57 Installed Oracle VM VirtualBox 5.2.6 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/28/2018 08:45:41 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/28/2018 08:45:41 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (02/28/2018 08:45:40 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (02/28/2018 08:45:39 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/28/2018 08:45:38 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/28/2018 08:45:38 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/28/2018 08:45:38 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/27/2018 06:00:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-L0T2OMH) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (02/28/2018 09:02:24 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY) Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop. Error: (02/28/2018 08:58:40 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L0T2OMH) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-L0T2OMH\janek SID (S-1-5-21-1608297646-3217866677-88377970-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool. Error: (02/28/2018 08:58:22 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY) Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop. Error: (02/28/2018 08:54:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: Incorrect function. Error: (02/28/2018 08:54:04 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-L0T2OMH) Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop. Error: (02/27/2018 06:48:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_661e51c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (02/27/2018 06:48:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/27/2018 06:32:58 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY) Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop. Windows Defender: =================================== Date: 2016-04-29 12:26:03.289 Description: Windows Defender scan has been stopped before completion. Scan ID: {7FD931AE-B5FD-4A83-A5E3-BE794C3F4169} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2016-04-29 11:12:01.477 Description: Windows Defender scan has been stopped before completion. Scan ID: {67433688-60D6-48CA-A9B9-2A53ACD8B8BE} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2016-04-28 17:53:21.819 Description: Windows Defender scan has been stopped before completion. Scan ID: {F3D5E3D7-61AA-4AF5-8E82-E52E5363BAFC} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2016-04-27 20:54:41.921 Description: Windows Defender scan has been stopped before completion. Scan ID: {A0032FC1-A84C-43A9-B753-4A9278D04356} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2016-04-27 15:36:25.502 Description: Windows Defender scan has been stopped before completion. Scan ID: {4C116C7B-A228-4494-BF80-42FE847B095E} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2017-10-21 08:02:07.791 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070006 Error description: The handle is invalid. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2017-10-21 07:57:23.808 Description: Windows Defender Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. Date: 2017-10-21 07:57:22.964 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 115.60.0.0 Update Source: Microsoft Malware Protection Center Signature Type: Network Inspection System Update Type: Full Current Engine Version: Previous Engine Version: 2.1.11804.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2017-10-21 07:57:22.935 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.429.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2017-10-21 07:57:22.914 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.219.429.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.12706.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =================================== Date: 2017-04-30 11:16:02.059 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-09 19:43:00.126 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-29 22:52:57.184 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-14 12:23:58.812 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-16 12:26:28.976 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-15 13:46:17.913 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-10 19:41:24.971 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-27 09:43:13.645 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A10-8700P Radeon R6, 10 Compute Cores 4C+6G Percentage of memory in use: 34% Total physical RAM: 11723.89 MB Available physical RAM: 7702.54 MB Total Virtual: 13515.89 MB Available Virtual: 8973.66 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.16 GB) (Free:620.07 GB) NTFS Drive d: (SH2_DELUXE) (CDROM) (Total:2.22 GB) (Free:0 GB) CDFS Drive e: (H4_DISK1) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS Drive g: (H4_DISK2) (CDROM) (Total:0.5 GB) (Free:0 GB) CDFS \\?\Volume{dd3d6a0e-2783-4c9c-aad5-07e393313e4d}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS \\?\Volume{2b704b66-9210-43be-8827-afc8bcf6819a}\ (Image) (Fixed) (Total:12.3 GB) (Free:0.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 8EA7FAC5) Partition: GPT. ==================== End of Addition.txt ============================