Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.09.2018
Ran by ficon (13-09-2018 18:11:42)
Running from C:\Users\ficon\Desktop
Windows 10 Pro Version 1803 17134.285 (X64) (2018-07-05 11:05:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3729285627-2482725458-3480958094-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3729285627-2482725458-3480958094-503 - Limited - Disabled)
ficon (S-1-5-21-3729285627-2482725458-3480958094-1001 - Administrator - Enabled) => C:\Users\ficon
Guest (S-1-5-21-3729285627-2482725458-3480958094-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3729285627-2482725458-3480958094-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aktualizace NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
Assassin's Creed Origins (HKLM-x32\...\{DAC281DD-7006-49D4-905B-E8BDA474A230}_is1) (Version:  - Ubisoft)
ASUS GLCKIO2 Driver (HKLM-x32\...\{548dd834-70c5-4426-8065-fbeabdd2bb5d}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - ASUSTeK Computer Inc.) Hidden
aTube Catcher verze 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.06.29 - ASUSTeK Computer Inc.)
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.4 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{c23c281b-0c0f-4c58-b069-92db94049ad0}) (Version: 1.0.4 - ASUS) Hidden
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 1.00.33 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{5adb80f9-1040-4375-8c2c-9eea2624cbf7}) (Version: 1.00.33 - ASUSTeK Computer Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.72.1082 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.3 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{0589c0a4-38f0-40bc-9296-8be22aa26522}) (Version: 1.0.3 - CORSAIR COMPONENTS INC.) Hidden
Crossout Launcher 1.0.3.63 (HKLM-x32\...\CrossOutLauncher_is1) (Version:  - )
Discord (HKU\S-1-5-21-3729285627-2482725458-3480958094-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.82 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gyazo 3.3.9 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Java 8 Update 181 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.3 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{a1697240-f3cf-483c-a9d2-3cd9e5bf3615}) (Version: 1.0.3 - KINGSTON COMPONENTS INC.) Hidden
Malwarebytes verze 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3729285627-2482725458-3480958094-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Nano Service Pack (HKLM\...\{1D502E63-4AB2-426C-83D5-25DE83E111F6}) (Version: 6.2.18 - SystemNanoPacks) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.7 - Notepad++ Team)
NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.82 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.82 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Ovládací panel NVIDIA 398.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.82 - NVIDIA Corporation) Hidden
Patriot Viper RGB (HKLM\...\{E42E13B0-071E-49C1-B1CC-58198E82F302}) (Version: 1.00.02 - Patriot Memory) Hidden
Patriot Viper RGB (HKLM-x32\...\{d549ba94-f6a7-4153-9c75-2e40ec8e1c8e}) (Version: 1.00.02 - Patriot Memory)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 2.2 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.20 - Ghisler Software GmbH)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Tukui Client (HKLM-x32\...\{7E8B9F21-63F2-4AE1-A815-71680B8E9C52}) (Version: 3.1.5 - Tukui)
Twitch (HKU\S-1-5-21-3729285627-2482725458-3480958094-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Two Point Hospital (HKLM\...\SKIDROW - Two Point Hospital) (Version:  - SKIDROW)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.6.0 - Azureus Software, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-06-30] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-07-30] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {058B4E94-8954-4376-B844-E0731BDE6049} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
Task: {14542B9E-8B7D-4422-A4AA-7F172A5CDE89} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {15DC852F-B97C-423B-97BD-AC7C1A28D25E} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2018-08-08] (Nota Inc.)
Task: {2D8AEFDC-E099-4335-93B0-23FBB00D93ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-05] (Google Inc.)
Task: {2E554D76-D007-427F-825F-42C68910C67F} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {3909759B-79D5-4006-9AE9-20B263D51924} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-07-19] (NVIDIA Corporation)
Task: {50439A46-481F-4ED0-BA42-60302DC6CE2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-05] (Google Inc.)
Task: {57BF71AB-3CEB-4EEC-A56F-CEE57AB044ED} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {5F840709-238E-4C18-A1B4-9716A308081A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {624E1342-797C-46EB-A11F-865B4BB07C02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {645F247B-6A26-4373-9294-617AD06BA46A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6C1E1A46-42DC-4051-9992-58D81E99E3FA} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-07-19] (NVIDIA Corporation)
Task: {706ADBF7-EBCA-4AA4-8C10-6886BFB3F10E} - System32\Tasks\ASUS\AsRogAuraGpuDllServer => C:\Program Files (x86)\LightingService\\AsRogAuraGpuDllServer.exe [2018-04-25] ()
Task: {75A4A772-FC22-48B3-B51E-A7878925315B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-19] (NVIDIA Corporation)
Task: {93071EA4-63AB-4281-948E-657128D0C0DE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
Task: {9357ECAD-3D9F-4002-B063-BBA1BA227AA7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
Task: {A2154D5B-2552-4706-9570-631E86F62000} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-07-19] (NVIDIA Corporation)
Task: {A762CD03-A0F2-4331-A9A2-75BBDC55DA9E} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [2018-07-05] (ASUSTeK Computer Inc.) <==== ATTENTION
Task: {A8C2C252-0AD3-450C-AA47-CAAFBEE84B1D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-07-19] (NVIDIA Corporation)
Task: {B29C1F12-82F7-4093-A313-9EFE52412509} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-07-19] (NVIDIA Corporation)
Task: {B7724F32-2CE7-439B-B734-D11062A9E789} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-07-19] (NVIDIA Corporation)
Task: {CAAE1531-4998-4E62-A78C-80A5FEE208EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {CF4737BC-0794-41B2-9DCE-470E45D1E3A6} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d41471ef295f25 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [2018-07-05] (ASUSTeK Computer Inc.) <==== ATTENTION
Task: {CFE42D32-8702-465A-BAB8-B714C8A1A1DD} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2018-08-08] (Nota Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\ficon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome\Vzdialená plocha Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) ==============

2018-09-02 18:23 - 2018-08-06 14:20 - 002769768 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-09-02 18:23 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-07-05 15:33 - 2018-07-19 22:20 - 001314856 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-25 16:49 - 2018-04-25 16:49 - 000282072 _____ () C:\Program Files (x86)\LightingService\AsRogAuraGpuDllServer.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\SYSTEM32\inputhost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-13 16:13 - 2018-08-31 05:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 22:45 - 2018-07-17 22:46 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 22:45 - 2018-07-17 22:46 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 22:45 - 2018-07-17 22:46 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 22:45 - 2018-07-17 22:46 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 22:45 - 2018-07-17 22:46 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-09-12 22:25 - 2018-09-12 22:25 - 035124736 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-09-12 22:25 - 2018-09-12 22:25 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-09-12 22:25 - 2018-09-12 22:25 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-04-12 19:10 - 2018-04-12 19:10 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-12 22:25 - 2018-09-12 22:25 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-08-10 16:47 - 2018-08-08 02:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-10 16:47 - 2018-08-08 02:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2018-09-02 00:52 - 2018-09-02 00:52 - 001623040 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
2018-08-30 16:03 - 2018-08-27 22:52 - 098006816 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-08-30 16:03 - 2018-09-05 22:14 - 001055520 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
2018-08-30 16:03 - 2018-08-27 22:52 - 004443424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2018-08-30 16:03 - 2018-08-27 22:52 - 000100128 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-07-05 15:33 - 2018-07-19 22:19 - 095437352 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-07-05 15:33 - 2018-07-19 22:19 - 003029032 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-07-05 15:33 - 2018-07-19 22:19 - 000149544 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-08-21 20:34 - 2018-08-21 20:34 - 004255232 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1807.2121.1000_x64__8wekyb3d8bbwe\Calculator.exe
2018-08-21 20:34 - 2018-08-21 20:34 - 004445248 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1807.2121.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-05 15:00 - 2018-07-05 15:00 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1807.2121.1000_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-08-30 16:03 - 2018-08-30 16:03 - 002926424 _____ () C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_hook\14\DiscordHook64.dll
2018-07-05 17:07 - 2018-03-16 15:01 - 000081368 _____ () C:\Program Files (x86)\ASUS\AXSP\4.00.01\ATKEX.dll
2018-07-05 17:07 - 2018-03-16 15:01 - 000229848 _____ () C:\Program Files (x86)\ASUS\AXSP\4.00.01\ASUS_WMI.dll
2018-07-05 17:07 - 2018-09-13 17:19 - 000034088 _____ () C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll
2018-04-18 15:11 - 2018-04-18 15:11 - 001777664 _____ () C:\Program Files (x86)\LightingService\Vender.dll
2018-07-05 13:50 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\ficon\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
2018-07-05 13:50 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\ficon\AppData\Local\Discord\app-0.0.301\libglesv2.dll
2018-07-05 13:50 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\ficon\AppData\Local\Discord\app-0.0.301\libegl.dll
2018-07-05 20:47 - 2018-09-05 22:14 - 000876320 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-07-05 20:47 - 2018-09-08 22:31 - 002646304 _____ () C:\Program Files (x86)\Steam\video.dll
2018-07-05 20:47 - 2016-09-01 03:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-07-05 20:47 - 2017-12-20 03:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-07-05 20:47 - 2017-12-20 03:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-07-05 20:47 - 2017-12-20 03:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-07-05 20:47 - 2017-12-20 03:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-07-05 20:47 - 2016-09-01 03:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-07-05 20:47 - 2017-12-20 03:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-07-05 20:47 - 2016-09-01 03:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-07-05 20:47 - 2018-09-08 22:31 - 001015584 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-07-05 20:47 - 2016-07-05 00:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-09-02 00:52 - 2018-09-02 00:52 - 000783360 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_hashlib.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 000047104 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_socket.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 000009728 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\select.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 000758784 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\unicodedata.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 000084992 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_ctypes.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 000053760 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_bz2.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 001861120 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtCore.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 000075264 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\sip.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 000137216 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_lzma.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 002002944 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtGui.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 004101120 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtWidgets.pyd
2018-09-02 00:52 - 2018-09-02 00:52 - 000039424 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\psutil._psutil_windows.pyd
2018-07-05 13:51 - 2018-08-30 16:03 - 011321176 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
2018-07-05 13:51 - 2018-09-13 15:50 - 001615704 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
2018-07-05 13:51 - 2018-07-05 13:51 - 001910104 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
2018-07-05 13:51 - 2018-07-05 13:51 - 000422744 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
2018-07-05 13:51 - 2018-07-05 13:51 - 000145240 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-07-05 13:51 - 2018-07-05 13:51 - 000512856 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
2018-07-05 13:51 - 2018-08-11 06:53 - 001641304 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
2018-07-05 13:51 - 2018-09-01 12:21 - 001743704 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
2018-07-05 13:51 - 2018-07-05 13:51 - 002722648 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
2018-08-11 06:53 - 2018-09-13 15:50 - 001257816 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
2018-08-11 06:53 - 2018-09-13 15:50 - 022378328 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
2018-07-05 13:51 - 2018-07-05 13:51 - 002760536 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
2018-07-05 13:51 - 2018-07-05 13:51 - 001249112 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node
2018-07-05 13:51 - 2018-08-30 16:03 - 001657176 _____ () \\?\C:\Users\ficon\AppData\Roaming\discord\0.0.301\modules\discord_hook\discord_hook.node
2018-07-05 15:33 - 2018-07-19 22:19 - 001032744 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-09-11 21:56 - 2018-09-11 21:56 - 080193536 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10532\libcef.dll
2018-09-11 21:56 - 2018-09-11 21:56 - 000540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10532\ortp.dll
2018-09-11 21:56 - 2018-09-11 21:56 - 000079360 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10532\libEGL.dll
2018-09-11 21:56 - 2018-09-11 21:56 - 003289600 _____ () C:\Program Files (x86)\Battle.net\Battle.net.10532\libGLESv2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2018-07-15 09:18 - 000004912 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0	treasuredata.com
0.0.0.0	in.treasuredata.com
0.0.0.0	redshell.io
0.0.0.0	api.redshell.io
0.0.0.0	choice.microsoft.com
0.0.0.0	choice.microsoft.com.nstac.net
0.0.0.0	df.telemetry.microsoft.com
0.0.0.0	oca.telemetry.microsoft.com
0.0.0.0	oca.telemetry.microsoft.com.nsatc.net
0.0.0.0	redir.metaservices.microsoft.com
0.0.0.0	reports.wes.df.telemetry.microsoft.com
0.0.0.0	services.wes.df.telemetry.microsoft.com
0.0.0.0	settings-sandbox.data.microsoft.com
0.0.0.0	settings-win.data.microsoft.com
0.0.0.0	sqm.df.telemetry.microsoft.com
0.0.0.0	sqm.telemetry.microsoft.com
0.0.0.0	sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0	telecommand.telemetry.microsoft.com
0.0.0.0	telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0	telemetry.appex.bing.net
0.0.0.0	telemetry.microsoft.com
0.0.0.0	telemetry.urs.microsoft.com
0.0.0.0	vortex-sandbox.data.microsoft.com
0.0.0.0	vortex-win.data.microsoft.com
0.0.0.0	vortex.data.microsoft.com
0.0.0.0	watson.telemetry.microsoft.com
0.0.0.0	watson.telemetry.microsoft.com.nsatc.net
0.0.0.0	watson.ppe.telemetry.microsoft.com
0.0.0.0	wes.df.telemetry.microsoft.com
0.0.0.0	vortex-bn2.metron.live.com.nsatc.net

There are 87 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3729285627-2482725458-3480958094-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ficon\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\yoda420.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3729285627-2482725458-3480958094-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\Windows\system32\svchost.exe
FirewallRules: [{06149C18-0DF2-4388-BAF2-C137494F87EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9FC3DC53-39FB-418B-93F4-4D16746B1472}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AFE8A96D-9FC3-4A35-938C-330FAC3D0060}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{40FCC961-CF8C-43A3-BF2E-3BA25438ADDD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{205A04E1-206A-48F9-B0A3-BBC31D62B927}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E763C935-1065-48A2-9E58-A3FD73BDEF72}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{25869348-8653-44A9-946D-0BC8EA232766}] => (Allow) F:\SteamLibrary\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{DB3364AB-3750-44D6-9D25-2D5B8D98FFE8}] => (Allow) F:\SteamLibrary\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{862466D4-B94E-4108-B545-35F74D91A655}] => (Allow) F:\SteamLibrary\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{11C00CBB-179A-48B3-BE25-3240EED15D89}] => (Allow) F:\SteamLibrary\steamapps\common\Move or Die\MoveOrDie.exe
FirewallRules: [{48E83C04-7E49-44C5-A659-66C5C76AE8CC}] => (Allow) F:\SteamLibrary\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{D5DF3EC2-9BCE-4FA3-8B3E-2209BADA5915}] => (Allow) F:\SteamLibrary\steamapps\common\Move or Die\Editor.exe
FirewallRules: [{1F45A32B-2BCF-4CAA-9D9E-289D81D4C096}] => (Allow) F:\SteamLibrary\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{73EF76A3-C19D-4924-9926-D08DAA945107}] => (Allow) F:\SteamLibrary\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{41E00AFB-CDBC-4D83-B136-2BA21B14B1EA}] => (Allow) F:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{6D2BBE5B-E8F1-4A59-B434-353BF43B5E70}] => (Allow) F:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{D8E9302D-33EE-4DAF-9139-22DA385E77DC}] => (Allow) F:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{EE32C5EA-8B13-4907-A2F5-050B859FD89A}] => (Allow) F:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{8FF043D3-AC6E-4AE8-9C5B-77793FE0F02A}] => (Allow) F:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{DAC42B78-9C21-4212-A788-C4A51D59E5E6}] => (Allow) F:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{D681E120-E5B7-43BB-9ED8-A335A0713143}] => (Allow) F:\SteamLibrary\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{8754CC4B-8774-493F-85FD-BCDC1AED29DC}] => (Allow) F:\SteamLibrary\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{B851CAFE-E34E-4D66-B3B5-7A26245751A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{304D4091-A131-44A6-BFBB-9F55F17B060E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{65E3081C-6375-4B29-8553-ABA1789A7E59}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F8E4D8A7-A0C3-4C9E-ABD3-A76A2EBCA7C4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3BDFF5FE-821D-4100-9832-D379256C079D}] => (Allow) F:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{1829C41B-BEDE-4FEA-8EC7-09A5DCF8FC05}] => (Allow) F:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{D341CCDB-6FBE-463D-954D-8A964C87C56D}C:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{77517B95-85FF-4A3E-9103-E7C667B500AA}C:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base66182\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B1184151-5961-4183-A3E7-5FE963944576}C:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1D0217F1-D589-4E6D-B597-E836583915A6}C:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base66488\heroesofthestorm_x64.exe
FirewallRules: [{604FAC86-0D84-4480-949D-7EAAC3B63121}] => (Allow) F:\SteamLibrary\steamapps\common\Crossout\launcher.exe
FirewallRules: [{B1EA4DFB-0FC0-4E9D-B481-9DFB5BBA45FD}] => (Allow) F:\SteamLibrary\steamapps\common\Crossout\launcher.exe
FirewallRules: [{F587B506-E8EC-45AE-A43E-985A86822DC7}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{31A5DCD5-7DFF-4550-982C-2D5DAFD9C1D2}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{619157AD-083D-456F-A917-77BACEE5ACD1}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{4E4E7192-62F1-4357-A90A-B4C9A7AF4822}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [TCP Query User{33421B24-4AF1-4D51-8F46-6F21CC2E6ACF}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe
FirewallRules: [UDP Query User{431BD5E9-3FC8-4696-B34F-B691DCA37A38}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe
FirewallRules: [TCP Query User{DF3C6C35-2FCA-42B1-93DE-44BEDA77CCBB}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [UDP Query User{5F364BE5-C3A9-4652-8FAD-7D4235591682}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe
FirewallRules: [{973702CB-8ADF-432C-98D4-67D18D5236C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{86629A4A-4803-40C4-BBB2-16AF2E93777C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{68CD8897-F06D-4CBA-9641-4A1D9DBEF562}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9D68F2E5-F766-455B-99B1-6B1D183BD034}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF502304-0529-41AC-9B06-42B1A48EB653}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BECCCCA5-F55B-41FB-B618-58A74152FA56}] => (Allow) F:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{0FFC725E-8F49-49A7-9882-B4ECA27A5053}] => (Allow) F:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{B7E9EEA4-A8BE-4ED4-BC58-2EA1FFFC166E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{6C529AAB-AC14-4C46-8E7F-119D7B0F4379}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
FirewallRules: [{2B6933D1-7278-49CB-8CE6-D3C85E4F4C6F}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{8B58450F-7BC9-4882-B2A4-9804419419DB}] => (Allow) C:\Users\ficon\AiYZoOc.exe
FirewallRules: [{8B609AAD-CFB1-45BD-9B0C-9F86961C2B76}] => (Allow) C:\Users\ficon\AppData\Roaming\oSEaYm.exe
FirewallRules: [{88BB2119-07C3-4868-B4EA-9A9D53A1C5D0}] => (Allow) LPort=1688
FirewallRules: [{B792D5C8-1473-4F67-8E1A-D509B7C74936}] => (Allow) C:\Users\ficon\Downloads\Nová složka\_SadeemPC.com_KM5P1C01020\Your Files Is Here\KMSpico Portable\AutoPico.exe
FirewallRules: [{53D5FDF4-FDB8-4DCC-85DD-ED467D85290F}] => (Allow) C:\Users\ficon\Downloads\Nová složka\_SadeemPC.com_KM5P1C01020\Your Files Is Here\KMSpico Portable\AutoPico.exe
FirewallRules: [{DB284C79-5518-4098-B06F-999C65F3F096}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CD3010A8-7E5C-46A5-B606-5865767AC125}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4B0880F5-1566-4B11-A2FF-3DF10A5417A9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E85C75D6-60FB-4072-80E6-516BC9099E0B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{83E0F23F-B27F-471C-8970-B5A544DAD5EF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7E24C30D-9012-4EF1-842D-7A3C907D28A7}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{892FAC5D-BF36-4884-A6B4-97A85369263C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D6C47E0C-5F0B-487D-8546-377C1C5549A0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0E529DF3-1F86-47D6-94D8-85C1DAC105DD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{F18D124C-940D-4E3B-9EFC-7C6D450CEADF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{B7A44F4D-731F-49CC-BC0F-9D4C5FF161DA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{120C9614-59F8-4A33-A76E-D303F10B3826}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9305C9B2-870F-4D6C-8538-5358FF5F7FD5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C9BBC1D3-F8D0-486A-8B38-28368283531D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{50B64C99-7351-4361-801F-E1F9CB6D1C0F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7DCCD358-F8DF-4C3A-AC99-C8308CAC331C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8BACB7CB-9873-4187-A0C5-BFB6A32CA377}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FD6421C5-3DE0-42A0-8AF4-50D08D9A79D1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8ADBABDF-E3DF-45D0-AF64-B01B01C12DA9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B51BBE58-5D2E-4CE8-A0BB-DB2E0E296625}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crossout\launcher.exe
FirewallRules: [{E434B677-BF47-43AD-A802-1A44688F1BEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crossout\launcher.exe

==================== Restore Points =========================

26-08-2018 00:13:06 Inštalátor modulov systému Windows
27-08-2018 18:48:14 Inštalátor modulov systému Windows
28-08-2018 20:50:05 Inštalátor modulov systému Windows
29-08-2018 22:49:32 Inštalátor modulov systému Windows
31-08-2018 20:49:00 Inštalátor modulov systému Windows
01-09-2018 22:48:21 Inštalátor modulov systému Windows
02-09-2018 23:00:49 Inštalátor modulov systému Windows
04-09-2018 17:55:39 Inštalátor modulov systému Windows
05-09-2018 19:55:53 Inštalátor modulov systému Windows
06-09-2018 21:00:27 Inštalátor modulov systému Windows
07-09-2018 23:45:28 Inštalátor modulov systému Windows
09-09-2018 10:12:56 Inštalátor modulov systému Windows
10-09-2018 15:10:51 Inštalátor modulov systému Windows
11-09-2018 17:11:24 Inštalátor modulov systému Windows
12-09-2018 19:10:57 Inštalátor modulov systému Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2018 06:07:00 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-JLC7P1R)
Description: httphttp-2147467263

Error: (09/13/2018 05:20:28 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-JLC7P1R)
Description: httphttp-2147467263

Error: (09/13/2018 05:14:03 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-JLC7P1R)
Description: httphttp-2147467263

Error: (09/13/2018 03:56:32 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-JLC7P1R)
Description: httphttp-2147467263

Error: (09/13/2018 03:55:56 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (11336,G,0) Pokus o otevření souboru C:\Users\ficon\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení selhal. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (09/13/2018 03:51:01 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-JLC7P1R)
Description: httphttp-2147467263

Error: (09/12/2018 06:04:33 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-JLC7P1R)
Description: httphttp-2147467263

Error: (09/12/2018 06:03:33 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-JLC7P1R)
Description: httphttp-2147467263


System errors:
=============
Error: (09/13/2018 05:29:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba LightingService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/13/2018 05:20:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Launch pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.WscBrokerManager
 a APPID 
Unavailable
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/13/2018 05:20:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Launch pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.WscDataProtection
 a APPID 
Unavailable
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/13/2018 05:20:23 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-JLC7P1R)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli DESKTOP-JLC7P1R\ficon (SID: S-1-5-21-3729285627-2482725458-3480958094-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/13/2018 05:20:17 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-JLC7P1R)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli DESKTOP-JLC7P1R\ficon (SID: S-1-5-21-3729285627-2482725458-3480958094-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/13/2018 05:19:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JLC7P1R)
Description: Server Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy!App se v daném časovém limitu neregistroval u služby DCOM.

Error: (09/13/2018 05:19:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/13/2018 05:19:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Reštartovať službu.


Windows Defender:
===================================
Date: 2018-09-02 18:24:59.428
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/ICLoader&threatid=222548&enterprise=0
Název: SoftwareBundler:Win32/ICLoader
ID: 222548
Závažnost: Vysoká
Kategorie: Softvérový balík
Cesta: file:_C:\Users\ficon\Downloads\SadeemPC.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.275.623.0, AS: 1.275.623.0, NIS: 1.275.623.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-09-02 18:24:50.113
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Program Files\1JZPFCE43C\uninstaller.exe; file:_C:\Program Files\1OZD4I7RZ6\uninstaller.exe; file:_C:\Program Files\I3EWLTJRZC\uninstaller.exe; file:_C:\Program Files\JIFQNZL03Y\uninstaller.exe; file:_C:\Program Files\OJVPB1NT8W\uninstaller.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.275.623.0, AS: 1.275.623.0, NIS: 1.275.623.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-09-02 18:24:49.931
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Program Files\1JZPFCE43C\uninstaller.exe; file:_C:\Program Files\1OZD4I7RZ6\uninstaller.exe; file:_C:\Program Files\I3EWLTJRZC\uninstaller.exe; file:_C:\Program Files\OJVPB1NT8W\uninstaller.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.275.623.0, AS: 1.275.623.0, NIS: 1.275.623.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-09-02 18:24:49.779
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Program Files\1JZPFCE43C\uninstaller.exe; file:_C:\Program Files\1OZD4I7RZ6\uninstaller.exe; file:_C:\Program Files\I3EWLTJRZC\uninstaller.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.275.623.0, AS: 1.275.623.0, NIS: 1.275.623.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

Date: 2018-09-02 18:24:49.663
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.C!cl&threatid=2147723654&enterprise=0
Název: Trojan:Win32/Fuerboos.C!cl
ID: 2147723654
Závažnost: Závažná
Kategorie: Trójsky kôň
Cesta: file:_C:\Program Files\1JZPFCE43C\uninstaller.exe; file:_C:\Program Files\1OZD4I7RZ6\uninstaller.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Verze podpisu: AV: 1.275.623.0, AS: 1.275.623.0, NIS: 1.275.623.0
Verze modulu: AM: 1.1.15200.1, NIS: 1.1.15200.1

CodeIntegrity:
===================================

Date: 2018-09-11 17:03:34.840
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-09-11 17:03:34.839
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-09-10 17:32:00.827
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-09-10 17:32:00.826
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-09-09 14:50:10.287
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-09-09 14:50:10.287
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-09-08 01:31:14.939
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-09-08 01:31:14.938
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

Processor: AMD Ryzen 7 2700X Eight-Core Processor 
Percentage of memory in use: 46%
Total physical RAM: 16310.4 MB
Available physical RAM: 8652.76 MB
Total Virtual: 18742.4 MB
Available Virtual: 7063.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:229.87 GB) NTFS
Drive d: (D) (Fixed) (Total:540.89 GB) (Free:540.73 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:390.08 GB) (Free:389.94 GB) NTFS

\\?\Volume{7140e432-0000-0000-0000-100000000000}\ (Vyhradené systémom) (Fixed) (Total:0.54 GB) (Free:0.16 GB) NTFS
\\?\Volume{ca288db0-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{ca288db0-0000-0000-0000-808b61000000}\ () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7140E432)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CA288DB0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.1 GB) - (Type=0F Extended)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================