﻿Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Admin (10-09-2016 16:35:21)
Running from C:\Users\Admin\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-06 21:36:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2560372422-2021965399-549226919-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2560372422-2021965399-549226919-500 - Administrator - Disabled)
Baruška (S-1-5-21-2560372422-2021965399-549226919-1007 - Limited - Enabled) => C:\Users\Baruška
DefaultAccount (S-1-5-21-2560372422-2021965399-549226919-503 - Limited - Disabled)
Guest (S-1-5-21-2560372422-2021965399-549226919-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.8.0.0 - Auslogics Labs Pty Ltd)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.20.59 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{6052a753-acc6-4c02-b5a8-70962ff8e0a4}) (Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Safepay™ (HKLM\...\Bitdefender Safepay) (Version: 2.0.0.744 - Bitdefender)
Catalyst Control Center Next Localization BR (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0830.1646.28334 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP)
COMODO Firewall (HKLM\...\{EC925096-5689-4BE3-B675-D16D0394B4A0}) (Version: 8.4.0.5076 - COMODO Security Solutions Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileAlyzer 2 (HKLM-x32\...\{29D3773E-54F4-23C2-D523-236A4453B845}_is1) (Version: 2.0.5.57 - Safer Networking Limited)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV v.1.07.0 (HKLM-x32\...\Grand Theft Auto IV_is1) (Version:  - )
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version:  - Valve)
Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Heroes & Generals (HKLM\...\Steam App 227940) (Version:  - Reto-Moto)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.0.2.143 - IObit)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
Killing Floor 2 (HKLM\...\Steam App 232090) (Version:  - Tripwire Interactive)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Malware Hunter 1.18.0.32 (HKLM-x32\...\Malware Hunter) (Version: 1.18.0.32 - Glarysoft Ltd)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 cs)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security)
Prime Benchmark 3.1 (HKLM-x32\...\Prime Benchmark_is1) (Version:  - Vlastimil Burian)
Puran Defrag 7.7.1 (HKLM\...\Puran Defrag_is1) (Version:  - Puran Software)
PWGen 2.8.0 (HKLM-x32\...\{8A5E6B59-2804-4677-8A5F-DEBC218CE4E0}_is1) (Version:  - Christian Thöing)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Serious Sam 3: BFE (HKLM\...\Steam App 41070) (Version:  - Croteam)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.2.0 - IObit)
Sonic & All-Stars Racing Transformed (HKLM\...\Steam App 212480) (Version:  - Sumo Digital)
Sophos Anti-Rootkit 1.5.0 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2016 (KB3118288) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{F249155C-1A63-4FA0-8F12-8A2034495AC0}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3118288) 64-Bit Edition (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}_Office16.PROPLUS_{F249155C-1A63-4FA0-8F12-8A2034495AC0}) (Version:  - Microsoft)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-4) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000647D1-7CC3-49D8-A136-58027C4C47D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-06] (Google Inc.)
Task: {08F828C2-3F13-4572-BAED-F3FA831E1E1A} - System32\Tasks\GMHSkipUAC => C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe [2016-09-05] (Glarysoft Ltd)
Task: {3BE72FB8-01E1-40B6-95A3-1D73BBA6547C} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-10] (COMODO)
Task: {7544DA6C-A75B-45D5-8E52-169DE680A4C6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {77CFB12C-C632-4A1D-9895-85C0A9AD221A} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit)
Task: {7F704849-62BF-476B-BC6A-3E24321DEF35} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {8B209CC9-21B6-496F-81F0-573146A8B492} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {A6F2C303-E3D6-4A09-ABD5-13D2E4092347} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {B116773B-C550-4216-AE01-D6E1CECF6ACE} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-06] (Advanced Micro Devices, Inc.)
Task: {BA402D59-1B2E-4AE4-B256-B2C2DA7CD652} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-06] (Google Inc.)
Task: {BB163CA0-D83A-44B5-99ED-3239826A04D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {C2586EAF-9F2E-4E4B-B5A7-0E77228EE55D} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-10] (COMODO)
Task: {E6100A2A-B309-442D-998A-1BCF9E6E9FE0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-25] (Piriform Ltd)
Task: {F7DC3A96-0173-450F-AC2E-57C2E7438E13} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-08] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-09-03 11:30 - 2016-09-03 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-03 11:30 - 2016-09-03 11:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-09-07 21:35 - 2016-09-07 21:35 - 01484776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\Battle.net Helper.exe
2016-08-07 13:12 - 2014-09-03 10:46 - 00203768 _____ () C:\Program Files\Bitdefender\Bitdefender Safepay\txmlutil.dll
2016-08-07 13:12 - 2014-09-03 10:48 - 00033336 _____ () C:\Program Files\Bitdefender\Bitdefender Safepay\manupdchksch.dll
2016-09-07 21:35 - 2016-09-07 21:35 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libcef.dll
2016-09-07 21:35 - 2016-09-07 21:35 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\ortp.dll
2016-09-07 21:35 - 2016-09-07 21:35 - 00194024 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\BZRECORD.dll
2016-09-07 21:35 - 2016-09-07 21:35 - 06402560 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\battle.net.dll
2016-09-07 21:35 - 2016-09-07 21:35 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libEGL.dll
2016-09-07 21:35 - 2016-09-07 21:35 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libGLESv2.dll
2016-09-07 21:35 - 2016-09-07 21:35 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libglesv2.dll
2016-09-07 21:35 - 2016-09-07 21:35 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\libegl.dll
2016-09-07 21:35 - 2016-09-07 21:35 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7963\ffmpegsumo.dll
2016-06-01 16:19 - 2016-06-01 16:19 - 02632640 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2016-06-01 16:17 - 2016-06-01 16:17 - 00144832 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2016-08-06 19:55 - 2016-08-09 01:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-06 19:55 - 2015-07-02 00:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-06 19:55 - 2016-08-25 01:06 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-06 19:55 - 2015-07-02 00:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-06 19:55 - 2015-07-02 00:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-06 19:55 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-06 19:55 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-06 19:55 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-06 19:55 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-06 19:55 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-06 19:55 - 2016-08-23 21:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-06 19:55 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-08-06 19:55 - 2016-08-04 22:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdave64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdgfxinfo64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdhcp64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdhdl64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdlvr64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdmantle64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdmcl64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdmiracast.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdmmcl6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdocl12cl64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdoclvp9lib64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdpcom64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdvlk64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdxc64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amfrt64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aticalcl64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aticaldd64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aticalrt64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aticfx64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atidemgy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atidxx64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atieah64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atieclxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atiesrxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atig6pxx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atig6txx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atiglpxx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atimpc64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atimuixx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atio6axx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ATIODCLI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ATIODE.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atisamu64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atitmm64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atiu9p64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atiumd64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atiumd6a.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\atiuxp64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin95ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin95itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coinst_16.30.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\detoured.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dgtrayicon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GameManager64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hsa-thunk64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mantle64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mantleaxl64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo-1-1-0-17-0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdave32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdgfxinfo32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdhcp32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdhdl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdlvr32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdmantle32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdmcl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdmmcl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl12cl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdoclvp9lib32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdpcom32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdvlk32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdxc32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amfrt32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiadlxx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiadlxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalcl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticaldd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalrt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticfx32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atidxx32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atieah32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atigktxx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiglpxx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atimpc32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atioglxx.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atisamu32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiu9pag.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdag.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdva.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiuxpag.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\detoured.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GameManager32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hsa-thunk.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mantle32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mantleaxl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-17-0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\a016bus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\a016cm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\a016cmnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\a016mgmt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\a016obex.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\a016wh.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\a016whnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdacpksd.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2erec.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmdag.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmpag.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ggflt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ggsomc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandbus64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lganddiag64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandgps64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetbus64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetdiag264.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetdiag64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgandnetgps64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgx64bus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgx64diag.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\lgx64gps.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nuidfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0016bus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0016cm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0016cmnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0016cr.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0016mgmt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0016obex.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0016unic.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0016wh.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0016whnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0017bus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0017cm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0017cmnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0017cr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0017mgmt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0017obex.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0017unic.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0017wh.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s0017whnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1018bus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1018cm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1018cmnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1018cr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1018mgmt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1018obex.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1018unic.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1018wh.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1018whnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1029bus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1029cm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1029cmnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1029cr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1029mgmt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1029obex.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1029unic.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1029wh.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1029whnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1039bus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1039cm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1039cmnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1039cr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1039mgmt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1039obex.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1039unic.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1039wh.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s1039whnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s916bus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s916cm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s916cmnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s916mgmt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s916obex.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s916wh.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\s916whnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\se3ebus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\se3ecm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\se3ecmnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\se3emgmt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\se3eobex.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\se3ewh.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\se3ewhnt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Admin\Desktop\Crysis3.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Admin\Desktop\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Admin\Desktop\metro.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Admin\Desktop\OOSU10.exe:$CmdZnID [29]
AlternateDataStreams: C:\Users\Admin\Desktop\procexp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Admin\Desktop\procexp.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Admin\Desktop\Zemana.AntiMalware.Portable.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Admin\Desktop\Zemana.AntiMalware.Portable.exe:$CmdZnID [29]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7914 more sites.

IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12731 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-08-30 01:38 - 2016-09-10 14:03 - 00000958 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2560372422-2021965399-549226919-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "O&O Defrag Tray.lnk"
HKLM\...\StartupApproved\StartupFolder: => "O&O Defrag Tray.lnk.disabled"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run: => "obkagent"
HKLM\...\StartupApproved\Run32: => "Eraser"
HKLM\...\StartupApproved\Run32: => "obkagent"
HKLM\...\StartupApproved\Run32: => "MalTray"
HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2560372422-2021965399-549226919-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4B246C8A-B9D4-4EA9-843A-D760FD195587}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AEA04726-9898-4B82-8EF5-606B69DB159F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EC61E06B-6E9D-4593-A14D-0E3C99A079EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E06A9D41-5866-4E85-9C97-C6C9364DA868}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D837CF6F-4800-4B75-88B6-DFD2E84BBD12}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DB027A0C-12D2-4A13-BCE8-A1C2838E41AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B18D4C41-7872-47F5-A817-0B3827252493}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4CE6433F-6F2A-44CB-BF8C-4EF82F7A3A46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{B60E04F7-1660-46E0-B244-46BFAAE88F05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{6ABC4E21-D3C2-4764-9E03-08CA18C081A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{F1A2BD12-E718-4165-B37F-FAC533E4DE83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{CB40311A-7A14-4A5B-988B-EF867975F7B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4BAFD390-8EBC-426E-86D0-21741557D389}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5823989A-D320-42A1-A068-27C72059DFE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E217321E-E0F4-4F0B-8C1C-2C76A384E68B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{D4515BDE-D812-4E87-B9F1-7FBCF596BFFC}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{3A0BDE42-6332-47B5-A5B3-489A66A22500}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{0512FFB6-3CD0-486B-853D-84DB5413C1A3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5B187C75-E046-4706-B227-AE9087F5762B}] => (Allow) LPort=2869
FirewallRules: [{2B71F78E-8408-4676-B2FC-2D4209E39EE9}] => (Allow) LPort=1900
FirewallRules: [{F7C27AE2-3D06-4422-AC7C-4E1D770B3C84}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{27BBFE37-A182-4970-ADE1-C4EA11BFB796}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{740A5F8A-AB45-4CD0-A49E-CC7F095D230C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{E3047E55-43B4-4919-8F32-61481C83D4D9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{F673248F-0089-4FD5-947E-9C0498202243}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{6F88743F-058F-4E84-8E63-09AC33D3C0E6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{EC323118-0485-499E-96A0-0A18D754B84B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{469576F9-9E36-45FB-A3E7-3FE09E0A6986}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{F4A7C510-ABCA-466B-8939-DE12E04B1349}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{A78F4B5C-1C23-4A24-831C-EE8EB823E166}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{FC27D52C-2BAE-4B01-A004-9EFD6856ECFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{EBB0C9C7-8903-4EEA-B96B-C5364202BF52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{24F13FBF-230C-448F-8C34-272916F54F30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [TCP Query User{31687DE8-6A5B-4819-8604-DBC3DCCAFE37}D:\hry\far cry 4\bin\farcry4.exe] => (Block) D:\hry\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{837AF060-8198-4114-81AB-D03C5C9D6AC3}D:\hry\far cry 4\bin\farcry4.exe] => (Block) D:\hry\far cry 4\bin\farcry4.exe
FirewallRules: [{6F8579D0-13AE-492C-8FAC-D3F9AA813C0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{B71C2974-D2EE-4A98-BFBD-86C1B328752A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{4D738F4A-F5BA-4904-AFAA-4D41C28C19B7}C:\program files (x86)\overwatch test\overwatch.exe] => (Block) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{F09997AD-0B54-4B5D-8BE6-426B615B72CB}C:\program files (x86)\overwatch test\overwatch.exe] => (Block) C:\program files (x86)\overwatch test\overwatch.exe
FirewallRules: [{BE8D9A5B-DB16-44F9-9F98-4AADAA2C4A9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{BB60D16A-46EE-4699-B480-5073F6E99A64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [TCP Query User{F03AB095-E407-406C-A603-E8268AB38D1F}C:\program files (x86)\overwatch\overwatch.exe] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{003E1CB6-D869-46A6-A5DC-E8CE6EF7BDDC}C:\program files (x86)\overwatch\overwatch.exe] => (Block) C:\program files (x86)\overwatch\overwatch.exe

==================== Restore Points =========================

07-09-2016 17:51:39 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2016 04:22:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program firefox.exe verze 48.0.2.6079 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1284

Čas spuštění: 01d20b5b76805652

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

ID hlášení: f6a37b72-7761-11e6-a46d-f07959613533

Úplný název balíčku s chybou: 

ID aplikace související s balíčkem s chybou:

Error: (09/10/2016 12:38:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZalmanR1)
Description: Aplikaci Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App se nepovedlo aktivovat, protože došlo k chybě: -2147024865. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (09/10/2016 12:07:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/09/2016 01:31:09 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (09/09/2016 01:29:52 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (09/09/2016 01:29:09 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (09/09/2016 01:28:59 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (09/09/2016 01:24:41 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (09/09/2016 01:17:29 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (09/09/2016 01:12:09 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
   Spouštění asynchronní operace

Kontext:
   Aktuální stav: DoSnapshotSet


System errors:
=============
Error: (09/10/2016 04:12:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/10/2016 04:12:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/10/2016 03:58:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/10/2016 03:06:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/10/2016 02:45:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/10/2016 02:03:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (09/10/2016 02:03:28 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (09/10/2016 01:52:24 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error: (09/10/2016 01:23:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/10/2016 01:00:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================
  Date: 2016-09-10 14:03:27.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-09 13:52:12.764
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-08 15:28:19.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-07 21:54:23.550
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-07 14:04:50.914
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-06 20:04:00.757
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-06 14:00:21.065
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-06 00:37:34.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-05 23:05:43.791
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-05 13:23:26.319
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 28%
Total physical RAM: 8093.33 MB
Available physical RAM: 5764.05 MB
Total Virtual: 11165.33 MB
Available Virtual: 8062.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:492.11 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:333.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E3B86E78)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B7F7BA07)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================