Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by f4r0 (06-11-2016 08:20:33)
Running from C:\Users\f4r0\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-12 06:53:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2305605956-2274955029-540922724-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2305605956-2274955029-540922724-503 - Limited - Disabled)
f4r0 (S-1-5-21-2305605956-2274955029-540922724-1001 - Administrator - Enabled) => C:\Users\f4r0
Guest (S-1-5-21-2305605956-2274955029-540922724-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 9.0.401.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 9.0.401.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personálny firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
American Truck Simulator (HKLM-x32\...\American Truck Simulator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Ashampoo Burning Studio 2015 v.1.15.0 (HKLM-x32\...\{91B33C97-21E3-DF34-9630-2EE80DDE1648}_is1) (Version: 1.15.0 - Ashampoo GmbH & Co. KG)
Assassins Creed - Syndicate (HKLM-x32\...\Assassins Creed - Syndicate_is1) (Version: 1.12.0.0 - Ubisoft)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.5.24 - Autodesk, Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.70.1080 - AB Team, d.o.o.)
Carmageddon - Max Damage (HKLM-x32\...\Carmageddon - Max Damage_is1) (Version:  - )
Catalyst Control Center Next Localization BR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.1.0.0489 - Disc Soft Ltd)
Deadpool version 1.0 (HKLM-x32\...\{F6E1E870-A96B-4583-A467-4358E5A40BB4}_is1) (Version: 1.0 - )
DiRT Rally v1.1 (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.39.1 - Dropbox, Inc.) Hidden
Dying Light (HKLM-x32\...\Dying Light_is1) (Version: 1.11.0.0 - Techland)
Emergency 2017 (HKLM-x32\...\Emergency 2017_is1) (Version:  - )
ESET Smart Security (HKLM\...\{4CB3B9EE-3841-40D5-89FA-42017161A37D}) (Version: 9.0.376.1 - ESET, spol. s r.o.)
Expansion Pack 2016 (HKLM-x32\...\Expansion Pack 2016) (Version: 0.3.1 - PCM.daily's Database Team)
Farming Simulator 17 (HKLM-x32\...\Farming Simulator 17_is1) (Version:  - )
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.44.20513.9 - Electronic Arts)
Freemake Video Converter verzia 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HPReyos (HKLM-x32\...\HPReyos) (Version:  - ) <==== ATTENTION
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Kodi (HKU\S-1-5-21-2305605956-2274955029-540922724-1001\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Mantis Burn Racing (HKLM-x32\...\Mantis Burn Racing_is1) (Version:  - )
MediaInfo 0.7.84 (HKLM\...\MediaInfo) (Version: 0.7.84 - MediaArea.net)
Microsoft Office 2013 Professional Plus (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mirror's Edge: Catalyst (HKLM-x32\...\Mirror's Edge: Catalyst_is1) (Version:  - )
MotoGP 15 (HKLM-x32\...\MotoGP 15_is1) (Version:  - )
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Murdered Soul Suspect verzia 1.0 (HKLM-x32\...\Murdered Soul Suspect_is1) (Version: 1.0 - CzTorrent.net)
Music NFO Builder v1.20 (HKLM-x32\...\Music NFO Builder_is1) (Version:  - Pawel Piecuch)
MXGP2 (HKLM-x32\...\MXGP2_is1) (Version:  - )
My Web Shield (HKLM\...\mweshield) (Version: 3.0 - My Web Shield) <==== ATTENTION
NASCAR Heat Evolution (HKLM-x32\...\NASCAR Heat Evolution_is1) (Version:  - )
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
No Man's Sky (HKLM-x32\...\No Man's Sky_is1) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.2.1.38915 - Electronic Arts, Inc.)
pCars ver. 10.3.0.0.1220 (HKLM-x32\...\{29F690C2-B158-404B-AF58-156C4884C952}_is1) (Version: 10.3.0.0.1220 - *Let'sPlay*)
Pro Cycling Manager 2016 (HKLM-x32\...\Pro Cycling Manager 2016_is1) (Version:  - )
Pro Evolution Soccer 2017 (HKLM-x32\...\Pro Evolution Soccer 2017_is1) (Version:  - )
Pro Pinball Timeshock! - The Ultra Edition (HKLM-x32\...\Pro Pinball Timeshock! - The Ultra Edition_is1) (Version:  - )
R.B.I. Baseball 16 (HKLM-x32\...\R.B.I. Baseball 16_is1) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
RIDE 2 (HKLM-x32\...\RIDE 2_is1) (Version:  - )
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version:  - Square Enix)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shadow Warrior 2 (HKLM-x32\...\Shadow Warrior 2_is1) (Version:  - )
Sheltered (HKLM-x32\...\1454930864_is1) (Version: 2.0.0.2 - GOG.com)
Ships 2017 (HKLM-x32\...\Ships 2017_is1) (Version:  - )
Sid Meier's Civilization 6 (HKLM-x32\...\Sid Meier's Civilization 6_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subtitle Edit 3.4.11 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.11.0 - Nikse)
SurveillancePlugin (HKLM-x32\...\{9345EA94-E0FC-442B-950D-AABD0AB95F5D}) (Version: 1.0.0.787 - Synology)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
The Solus Project (HKLM-x32\...\1455617752_is1) (Version: 2.9.0.12 - GOG.com)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.6.0.0 - Tukero[X]Team)
TransOcean 2 Rivals (HKLM-x32\...\TransOcean 2 Rivals_is1) (Version:  - )
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-041B-1000-0000000FF1CE}_Office15.PROPLUS_{FC66F0AC-3648-4A48-B7CF-A3D359FEE40C}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wasteland 2 Director's Cut (HKLM-x32\...\Wasteland 2 Director's Cut_R.G. Gamblers_is1) (Version:  - R.G. Gamblers, Fanfar)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
WinRAR 5.21 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wirecast (HKLM\...\{2EDE31E5-8935-4E89-9D47-BCCF70668A09}) (Version: 7.1.0 - Telestream LLC)
World of Warships (HKU\S-1-5-21-2305605956-2274955029-540922724-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
XCOM 2 (HKLM-x32\...\XCOM 2_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2305605956-2274955029-540922724-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305605956-2274955029-540922724-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\f4r0\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305605956-2274955029-540922724-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01E28582-4A49-4A36-9788-F9D1098C9B5F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-01] (Dropbox, Inc.)
Task: {07F1C5BA-1D92-41EC-8C73-288C1C0660AF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-01] (Dropbox, Inc.)
Task: {0B2D094F-CC12-49BA-9C24-061742617CE7} - System32\Tasks\{7748807D-87C5-41F7-9EC0-4F10F3F1382C} => pcalua.exe -a E:\torrentz\expressvpn-install_v3.09.exe -d E:\torrentz
Task: {15988B43-53E6-4423-80E1-BFE950F8FB4B} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-26] (Advanced Micro Devices, Inc.)
Task: {1766F4A6-E92B-456D-A84E-1E90836567A0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2278DC56-A708-4476-B1D9-FB150E3BA9CF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-12] (Microsoft Corporation)
Task: {3081A5AE-5A2B-4210-9BB5-675C7AE8CF31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {334A6FE1-2A9A-4BF3-B0FE-3ED40360FD0C} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe <==== ATTENTION
Task: {39C948BC-EE77-4E2D-B775-CE0FFBE188EF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-30] (Adobe Systems Incorporated)
Task: {4B7A2C6D-6B59-45A5-9ED5-6D50619ECEB5} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-10-20] (UCWeb Inc) <==== ATTENTION
Task: {4E1230F8-99A3-481D-B288-C55DC5B6640C} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {55449AD1-3F3B-40B8-8D9A-FC642A9BA12F} - System32\Tasks\ComputerZ-Tray => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe [2016-09-18] () <==== ATTENTION
Task: {60F0186A-A011-426F-A898-5C3DBA4AE80C} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Application\uclauncher.exe [2016-11-05] (UC Web Inc.) <==== ATTENTION
Task: {6721F262-8675-4484-B07E-8ABCCB176E5E} - System32\Tasks\Realtek HD Audio => C:\Users\f4r0\AppData\Roaming\iSkysoft iMedia Converter Deluxe\Realtek HD\rthdcpl.exe <==== ATTENTION
Task: {6DC04911-1BC4-4939-94DF-790CB9343DEA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {77DC3A32-815D-498D-B921-E733A73D5C93} - System32\Tasks\Nversythernely Configuration => C:\Program Files (x86)\Nalersybodat\coaterph.exe [2016-11-05] (Glarysoft Ltd)
Task: {BC56BDEA-6390-426E-9C41-DD41D8F6376D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-10-30] (Adobe Systems Incorporated)
Task: {C1514188-202E-4E4D-9784-C04314FAC225} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-10-20] (UCWeb Inc) <==== ATTENTION
Task: {C167369D-434E-4C49-B3DD-77DFD5EBF994} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-05] (Google Inc.)
Task: {C29AF6B2-8540-448C-850D-465C8BC12D5A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {C75C6620-0239-4160-B96E-83EF49F4CCE2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {CCD47A15-DF50-46C4-B1D3-6DCD2E2CA5A8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FD2EA9DA-5380-4299-B4CE-DAB75CC69EA6} - System32\Tasks\edd2563489cbb90cb69a57d7497f2e4b => Rundll32.exe "C:\Program Files (x86)\Raptr Inc\m0d9b2.dll",e62dc6c6547f46bda862da2d05af6862 <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION

Shortcut: C:\Users\f4r0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Sрúšťаč арlikáсií Сhrоmе.lnk -> C:\Users\f4r0\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\f4r0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk -> C:\Users\f4r0\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\f4r0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Users\f4r0\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\Users\f4r0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Gооglе Сhrоmе.lnk -> C:\Users\f4r0\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\f4r0\AppData\Roaming\HPReyos\ReyosStarter3.exe (No File) <===== Cyrillic

ShortcutWithArgument: C:\Users\f4r0\AppData\Local\Thictzimertain\Spúšťač aplikácií Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\f4r0\AppData\Local\Google\Chrome\User Data\Spúšťač aplikácií Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\f4r0\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\f4r0\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://9o0gle.com/

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-12 08:22 - 2016-10-12 08:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-04 15:43 - 2015-11-04 15:43 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 05:08 - 2014-02-11 05:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 05:08 - 2014-02-11 05:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2016-10-12 08:22 - 2016-10-12 08:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-04-03 09:00 - 2015-02-27 13:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\ISCM64.dll
2016-11-05 16:48 - 2016-11-05 16:48 - 00338368 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
2016-10-12 08:00 - 2016-10-12 08:00 - 00959168 _____ () C:\Users\f4r0\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-12 08:22 - 2016-10-12 08:22 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-13 07:42 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-28 18:07 - 2016-10-15 04:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-28 18:07 - 2016-10-15 04:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-28 18:07 - 2016-10-15 04:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-28 18:07 - 2016-10-15 04:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-28 18:07 - 2016-10-15 04:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-05 17:03 - 2016-11-05 17:03 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-05 17:03 - 2016-11-05 17:03 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-05 17:03 - 2016-11-05 17:03 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2015-06-25 15:34 - 2015-06-25 15:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 15:37 - 2015-06-25 15:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 15:35 - 2015-06-25 15:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 15:38 - 2015-06-25 15:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 14:53 - 2015-06-25 14:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 14:51 - 2015-06-25 14:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-05-13 21:00 - 2016-05-11 14:31 - 00075264 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2016-11-05 20:23 - 2016-10-31 08:11 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libglesv2.dll
2016-11-05 20:23 - 2016-10-31 08:11 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libegl.dll
2016-10-01 08:52 - 2016-10-25 15:11 - 00022024 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2016-11-05 16:48 - 2015-10-15 12:21 - 00163344 _____ () C:\Program Files (x86)\GreatMaker\MaohaWiFi\maohasubstat.dll
2016-11-05 16:48 - 2014-12-18 08:02 - 00261600 _____ () C:\Program Files (x86)\GreatMaker\MaohaWiFi\Updater\CheckUpdate.dll
2016-11-05 16:48 - 2016-05-31 09:51 - 00237088 _____ () C:\Program Files (x86)\GreatMaker\MaohaWiFi\tipsdll.dll
2016-11-05 16:48 - 2014-08-19 08:36 - 00206816 _____ () C:\Program Files (x86)\GreatMaker\MaohaWiFi\CrRpt.dll
2016-10-01 08:52 - 2016-10-25 15:11 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-10-01 08:52 - 2016-10-25 15:11 - 00012288 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2015-11-15 08:34 - 2016-06-12 13:40 - 00266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2016-04-03 09:01 - 2014-10-31 15:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-04-03 09:01 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2016-05-01 08:23 - 2016-10-10 19:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-28 15:14 - 2016-10-10 19:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-28 15:14 - 2016-10-10 19:19 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-28 15:14 - 2016-10-10 19:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-05-01 08:23 - 2016-10-10 19:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-05-01 08:23 - 2016-10-10 19:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-05-01 08:23 - 2016-10-24 14:16 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-05-01 08:23 - 2016-10-10 19:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-28 15:14 - 2016-10-24 14:15 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-05-01 08:23 - 2016-10-10 19:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-28 15:14 - 2016-10-24 14:15 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-28 15:14 - 2016-10-24 14:15 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 18:51 - 2016-10-24 14:16 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-28 15:14 - 2016-10-24 14:15 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-28 15:14 - 2016-10-24 14:15 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-28 15:14 - 2016-10-10 19:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-28 15:14 - 2016-10-10 19:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-05-01 08:23 - 2016-10-24 14:16 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 18:51 - 2016-10-24 14:16 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-28 15:14 - 2016-10-24 14:15 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-28 15:14 - 2016-10-24 14:15 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 18:51 - 2016-10-10 19:20 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-10-28 15:14 - 2016-10-24 14:15 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-05-01 08:23 - 2016-10-24 14:16 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-05-01 08:23 - 2016-10-24 14:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-05-01 08:23 - 2016-10-24 14:16 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-05-01 08:23 - 2016-10-24 14:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-05-01 08:23 - 2016-10-10 19:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-05-01 08:23 - 2016-10-24 14:16 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-28 15:14 - 2016-10-24 14:15 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-28 15:14 - 2016-10-10 19:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-28 15:14 - 2016-10-24 14:15 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-10-28 15:14 - 2016-10-24 14:06 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-10-28 15:14 - 2016-10-24 14:15 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-28 15:14 - 2016-10-24 14:15 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-05-01 08:23 - 2016-10-10 19:19 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-28 15:14 - 2016-10-24 14:16 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-28 15:14 - 2016-10-24 14:16 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-28 15:14 - 2016-10-24 14:15 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-28 15:14 - 2016-10-24 14:16 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-28 15:14 - 2016-10-24 14:16 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-28 15:14 - 2016-10-24 14:16 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-05 18:51 - 2016-10-24 14:16 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-28 15:14 - 2016-10-10 19:24 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-28 15:14 - 2016-10-10 19:24 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-05-01 08:23 - 2016-10-10 19:21 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-05-01 08:23 - 2016-10-24 14:16 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-05 18:51 - 2016-10-24 14:16 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-10-28 15:14 - 2016-10-24 14:16 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-10-28 15:14 - 2016-10-24 14:16 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-10-28 15:14 - 2016-10-24 14:16 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-10-28 15:14 - 2016-10-24 14:16 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-07-21 08:30 - 2016-07-21 08:30 - 00239016 _____ () c:\program files (x86)\ludashi\lpi\hpsvc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [20324]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360904]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1157922]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2016-11-05 16:46 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2305605956-2274955029-540922724-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-2305605956-2274955029-540922724-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{13AE8C14-0B1B-4F88-A116-BEA7200E8005}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{5111554A-FD9A-4A7E-871E-F2E74DD293D4}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{9968B409-89D1-43C4-BF30-98F6D11D67B7}] => (Allow) D:\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{A6D496E6-E94B-46BF-B34E-813FEE81D227}] => (Allow) D:\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [UDP Query User{85FB294B-193B-4C03-9A81-70EB1F6BD689}C:\users\f4r0\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\f4r0\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{376C0DFB-FFBD-41BE-A300-32BDF955797D}C:\users\f4r0\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\f4r0\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{EDA98351-AA65-4EAD-986D-7AF05DDE7B5D}] => (Allow) D:\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{DC887F6E-2137-44F1-8E51-2CD90720BB34}] => (Allow) D:\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [UDP Query User{C87A0A89-8FF3-4DF8-ACC6-17F449674B6B}D:\murdered soul suspect\binaries\win64\murdered.exe] => (Allow) D:\murdered soul suspect\binaries\win64\murdered.exe
FirewallRules: [TCP Query User{CB2CD2CC-68EA-4115-BC06-C42B4E166958}D:\murdered soul suspect\binaries\win64\murdered.exe] => (Allow) D:\murdered soul suspect\binaries\win64\murdered.exe
FirewallRules: [{EC322FCD-89A4-4888-A4FF-2E3FDF7DFCF5}] => (Allow) d:\World_of_Warships\worldofwarships.exe
FirewallRules: [{8A75AD73-9919-4728-B627-2600008048BD}] => (Allow) d:\World_of_Warships\worldofwarships.exe
FirewallRules: [{0993C270-0FFC-46A6-9473-D7AA9A70DE80}] => (Allow) d:\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{D6B8D222-315C-4022-B5B6-D52DE2339591}] => (Allow) d:\World_of_Warships\WoWSLauncher.exe
FirewallRules: [UDP Query User{2B1AB32A-6F87-4FC7-AA82-FDD83384D54B}D:\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{B9DE4923-0821-482C-B384-D6D0AE074663}D:\xcom 2\binaries\win64\xcom2.exe] => (Allow) D:\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [{FA441766-DF79-4FBA-9609-EA99F10739FD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AF8CF7C4-4CC0-4447-8128-97689BD9D185}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7F10E4D7-B5DD-4242-9C38-DF8E2886C8FE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CDD5B73-ABBE-45B9-8804-AF5986907E56}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{2557236D-189A-4B19-832A-2142693F6FD6}D:\dying light0\dyinglightgame.exe] => (Allow) D:\dying light0\dyinglightgame.exe
FirewallRules: [TCP Query User{ABAC23D3-5394-4F34-9012-D293C8A4E7C0}D:\dying light0\dyinglightgame.exe] => (Allow) D:\dying light0\dyinglightgame.exe
FirewallRules: [UDP Query User{8A0FFFDC-9BBF-49BB-B620-ACD8493C5D5C}D:\origin games\fifa 16\fifa16.exe] => (Allow) D:\origin games\fifa 16\fifa16.exe
FirewallRules: [TCP Query User{57CE5C0E-8B0E-466C-8418-97A045506785}D:\origin games\fifa 16\fifa16.exe] => (Allow) D:\origin games\fifa 16\fifa16.exe
FirewallRules: [UDP Query User{B68CDF79-0470-4262-B5EA-A34BAC34A4F4}C:\users\f4r0\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\f4r0\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{45CC7D45-21D1-46B4-9945-8A45C646408E}C:\users\f4r0\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\f4r0\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{FC66A497-BB7E-4869-B1D8-BC8A415652CA}D:\origin games\fifa 16\fifa16.exe] => (Allow) D:\origin games\fifa 16\fifa16.exe
FirewallRules: [TCP Query User{E965B433-255B-48C8-BB25-FCFE68B95363}D:\origin games\fifa 16\fifa16.exe] => (Allow) D:\origin games\fifa 16\fifa16.exe
FirewallRules: [{0A5E9C90-85AF-4E04-816E-ECC5FF1E74AF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0153CE88-94DC-44CB-89CD-0E7A68780B27}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D5E90E86-299C-4254-909E-7565F5825B41}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{01C60266-08FE-4CBA-94B5-9FE4522BA6BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D545F682-BB15-46B5-805A-CBDEC2CAF51F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{216E22B3-38EA-4C8F-94CD-5E636B9E3CF3}] => (Allow) C:\Users\f4r0\AppData\Local\Temp\00027987\inst_buychannel_07.exe
FirewallRules: [{77047CFF-40C5-4FFB-B430-A50FD35B62C2}] => (Allow) C:\Users\f4r0\AppData\Local\Temp\00027987\inst_buychannel_07.exe
FirewallRules: [{E6ADD5E9-5A91-4F9B-A1C9-5BF58C257977}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{49CAAE66-34C8-448A-84DA-513F50B1F6C5}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{37AACC4E-5F61-466E-A204-CFF2F2FAB449}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
FirewallRules: [{6FB33C96-0FD1-432F-A758-67C3823ED0BD}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
FirewallRules: [{4784572D-9800-4D43-9C99-1A1D22973A8B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{604F514C-F304-4F36-8AE8-B3BBF7E3B3DC}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2016 07:59:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: utorrent.exe, verzia: 2.2.1.25534, časová značka: 0x4e4594ce
Názov chybujúceho modulu: GDI32.dll, verzia: 10.0.14393.206, časová značka: 0x57dad2ca
Kód výnimky: 0xc000041d
Odstup chyby: 0x00003e82
Identifikácia chybujúceho procesu: 0x16e0
Čas spustenia chybujúcej aplikácie: 0x01d237f6d2e5c60b
Cesta chybujúcej aplikácie: C:\Users\f4r0\AppData\Roaming\uTorrent\utorrent.exe
Cesta chybujúceho modulu: C:\WINDOWS\System32\GDI32.dll
Identifikácia hlásenia: 4a54bd31-8997-4884-947d-f84cd2c555a3
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (11/06/2016 07:59:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: utorrent.exe, verzia: 2.2.1.25534, časová značka: 0x4e4594ce
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.14393.351, časová značka: 0x5801a3a8
Kód výnimky: 0xc0000005
Odstup chyby: 0x00044f9e
Identifikácia chybujúceho procesu: 0x16e0
Čas spustenia chybujúcej aplikácie: 0x01d237f6d2e5c60b
Cesta chybujúcej aplikácie: C:\Users\f4r0\AppData\Roaming\uTorrent\utorrent.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 2c3f70dc-ea2e-491f-b309-912b95ca62f0
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (11/06/2016 07:26:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: Explorer.EXE, verzia: 10.0.14393.351, časová značka: 0x5801a56f
Názov chybujúceho modulu: windows.immersiveshell.serviceprovider.dll, verzia: 10.0.14393.0, časová značka: 0x57899873
Kód výnimky: 0x80270233
Odstup chyby: 0x0000000000033c25
Identifikácia chybujúceho procesu: 0x8ac
Čas spustenia chybujúcej aplikácie: 0x01d237f6826d8bd6
Cesta chybujúcej aplikácie: C:\WINDOWS\Explorer.EXE
Cesta chybujúceho modulu: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Identifikácia hlásenia: 2be4ac71-043e-47c6-8508-1bf269081626
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (11/06/2016 07:25:01 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/05/2016 10:11:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: utorrent.exe, verzia: 2.2.1.25534, časová značka: 0x4e4594ce
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.14393.351, časová značka: 0x5801a3a8
Kód výnimky: 0xc0000005
Odstup chyby: 0x00044f9e
Identifikácia chybujúceho procesu: 0x1b40
Čas spustenia chybujúcej aplikácie: 0x01d237a5a97e6c1b
Cesta chybujúcej aplikácie: C:\Users\f4r0\AppData\Roaming\uTorrent\utorrent.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: b8e80779-5946-41dc-bb8e-4500a3fa76b0
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (11/05/2016 09:45:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: Explorer.EXE, verzia: 10.0.14393.351, časová značka: 0x5801a56f
Názov chybujúceho modulu: windows.immersiveshell.serviceprovider.dll, verzia: 10.0.14393.0, časová značka: 0x57899873
Kód výnimky: 0x80270233
Odstup chyby: 0x0000000000033c25
Identifikácia chybujúceho procesu: 0xeb4
Čas spustenia chybujúcej aplikácie: 0x01d237a568f1fe28
Cesta chybujúcej aplikácie: C:\WINDOWS\Explorer.EXE
Cesta chybujúceho modulu: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Identifikácia hlásenia: 69fac6aa-aa8f-4f74-8b3c-dc98a9f1656b
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (11/05/2016 09:44:30 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/05/2016 09:09:36 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (11/05/2016 08:59:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HSSCP.exe version 5.20.41.9414 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2010

Start Time: 01d2379efabc9a5b

Termination Time: 6

Application Path: C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe

Report Id: 50a6421f-a392-11e6-9c0a-1c6f65893f0a

Faulting package full name: 

Faulting package-relative application ID:

Error: (11/05/2016 08:22:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: microsoftedgecp.exe, verzia: 11.0.14393.82, časová značka: 0x57a55786
Názov chybujúceho modulu: unknown, verzia: 0.0.0.0, časová značka: 0x00000000
Kód výnimky: 0xc0000604
Odstup chyby: 0x0000000000000000
Identifikácia chybujúceho procesu: 0x214c
Čas spustenia chybujúcej aplikácie: 0x01d23799f8edab28
Cesta chybujúcej aplikácie: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Cesta chybujúceho modulu: unknown
Identifikácia hlásenia: a59f1872-dacd-4a04-b5e4-e5eaafa7b747
Celé meno chybujúceho balíka: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Identifikácia chybujúcej aplikácie vzhľadom na balík: MicrosoftEdge


System errors:
=============
Error: (11/06/2016 08:08:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba My Web Shield Sentinel sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (11/06/2016 08:08:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba My Web Shield Consolidator sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (11/06/2016 07:59:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/06/2016 07:32:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HPReyos Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (11/06/2016 07:31:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Hardware Protection Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (11/06/2016 07:29:30 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Delivery Optimization sa pri spustení zablokovala.

Error: (11/06/2016 07:26:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/06/2016 07:26:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby mwescontroller zlyhalo kvôli nasledujúcej chybe: 
The system cannot find the file specified.

Error: (11/06/2016 07:25:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/06/2016 07:25:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2016-11-06 07:27:11.122
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-06 07:27:11.005
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-06 07:27:10.896
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-06 07:27:10.447
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-05 21:46:36.954
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-05 21:46:36.727
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-05 21:46:36.642
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-05 21:46:36.018
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-05 21:11:21.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-05 21:11:21.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 43%
Total physical RAM: 8189.55 MB
Available physical RAM: 4636.21 MB
Total Virtual: 16381.55 MB
Available Virtual: 13557.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:98.64 GB) (Free:40.12 GB) NTFS
Drive d: (Games) (Fixed) (Total:635.49 GB) (Free:119.04 GB) NTFS
Drive e: (Store) (Fixed) (Total:196.88 GB) (Free:35.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0004672C)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=635.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=196.9 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================