Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 Ran by Stepan (21-08-2016 21:02:41) Running from C:\Users\Stepan\Downloads Windows 10 Home Version 1511 (X64) (2016-01-19 09:21:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-600410608-1858306824-1911990453-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-600410608-1858306824-1911990453-503 - Limited - Disabled) Diane (S-1-5-21-600410608-1858306824-1911990453-1007 - Limited - Enabled) => C:\Users\Diane Guest (S-1-5-21-600410608-1858306824-1911990453-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-600410608-1858306824-1911990453-1003 - Limited - Enabled) Jordyn (S-1-5-21-600410608-1858306824-1911990453-1005 - Limited - Enabled) => C:\Users\Jordyn Natasha (S-1-5-21-600410608-1858306824-1911990453-1006 - Limited - Enabled) => C:\Users\Natasha NeroMediaHomeUser.4 (S-1-5-21-600410608-1858306824-1911990453-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4 Stepan (S-1-5-21-600410608-1858306824-1911990453-1001 - Administrator - Enabled) => C:\Users\Stepan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC) ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Ansel (Version: 372.54 - NVIDIA Corporation) Hidden Any Video Converter Professional 5.0.8 (HKLM-x32\...\Any Video Converter Professional_is1) (Version: - Any-Video-Converter.com) Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ArcSoft MediaImpression (HKLM-x32\...\{531F0013-964C-4BE6-B382-4117DC8BCDF9}) (Version: - ArcSoft) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}) (Version: 2.1.0.0 - ) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.2109.0 - CyberLink Corp.) Hidden CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.) CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.5.3.2325 - CyberLink Corp.) CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd) EPSON Artisan 1430 Series Printer Uninstall (HKLM\...\EPSON Artisan 1430 Series) (Version: - SEIKO EPSON Corporation) EPSON Attach To Email (HKLM-x32\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON) EPSON Attach To Email (x32 Version: 1.01.0000 - SEIKO EPSON) Hidden Epson Copy Utility 4 (HKLM-x32\...\{06A7E8AB-2856-4490-BAA9-F338ABE7695A}) (Version: 4.01.0001 - Seiko Epson Corporation) Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Event Manager (HKLM-x32\...\{4B22C430-7EA8-4534-8358-376FD900B953}) (Version: 3.10.0042 - Seiko Epson Corporation) EPSON File Manager (HKLM-x32\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - ) EPSON PERFECTION V30_V300 PHOTO Manual (HKLM-x32\...\EPSON PERFECTION V30_V300 PHOTO User’s Guide) (Version: - ) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.05.00 - SEIKO EPSON CORPORATION) EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) EPSON Scan Assistant (HKLM-x32\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - ) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden FairStars CD Ripper 1.90 (HKLM-x32\...\FairStars CD Ripper_is1) (Version: - FairStars Soft) File Type Advisor 1.6 (HKLM-x32\...\File Type Advisor_is1) (Version: - ) Free FLAC to MP3 Converter 1.4 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version: 1.4 - PolySoft Solutions) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{2C74A102-DC39-4158-A831-02BDE2EC7D5D}) (Version: 8.0.5.485 - Kaspersky Lab) Kaspersky Password Manager (x32 Version: 8.0.5.485 - Kaspersky Lab) Hidden Kaspersky Total Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab) Kaspersky Total Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.) Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Music Recorder (HKLM-x32\...\{F50CC230-EE79-4931-B72D-8E4D195DFFB0}) (Version: 14.1.500.0 - Audials AG) Nero 7 Ultra Edition (HKLM-x32\...\{293C9DF5-7669-4826-BBB2-E1F182D71033}) (Version: 7.02.8631 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG) Nero MediaHome 4 Essentials (HKLM-x32\...\{c58b8d2f-2381-4a7e-8037-50e713f5781f}) (Version: - Nero AG) Nero MediaHome Free (HKLM-x32\...\{14A8A437-1BC1-4B14-8887-3B5EF324A7FA}) (Version: 16.0.00800 - Nero AG) Nero Prerequisite Installer 2.0 (HKLM-x32\...\{F4C242B4-2973-43F3-93F2-ED1B47AE8848}) (Version: 12.0.02000 - Nero AG) Nero Prerequisite Installer 4.0 (HKLM-x32\...\{4CC76B5A-EEEA-4ED5-B92A-3808EDA2C7B6}) (Version: 16.0.00500 - Nero AG) Network Guide EPSON Artisan 1430 Series (HKLM-x32\...\EPSON Artisan 1430 Series Netg) (Version: - ) NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue) NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue) NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.54 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.) PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PHOTOfunSTUDIO 9.0 SE (HKLM-x32\...\{42B815EE-C908-4FE4-8B8E-E8B907F5B06F}) (Version: 9.00.312 - Panasonic Corporation) Prerequisite installer (x32 Version: 12.0.0008 - Nero AG) Hidden Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.91.1119.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden SparkTrust PC Cleaner Plus (HKLM-x32\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.3.14.1 - SparkTrust) <==== ATTENTION Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tom Clancys Rainbow Six Siege (HKLM-x32\...\Tom Clancys Rainbow Six Siege_is1) (Version: - ) TP-LINK USB Printer Controller (HKLM-x32\...\{3EC900B5-28EE-4472-A9FF-B11A879EC838}) (Version: 1.12.0927 - TP-LINK) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) User's Guide EPSON Artisan 1430 Series (HKLM-x32\...\EPSON Artisan 1430 Series Useg) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-2) (Version: 1.0.11.1 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.11.1 (Version: 1.0.11.1 - LunarG, Inc.) Hidden WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-600410608-1858306824-1911990453-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Stepan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E0467F4-839C-4196-B8EC-27F179AD5EDF} - System32\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe Task: {0FD865E9-13E1-4D13-B7B0-F8279830C371} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {1D28A65A-0FDB-42C2-B7A4-8480171A0C68} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-21] (Microsoft Corporation) Task: {223EF964-5B6C-484E-B882-4D46A4CFEA53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {265E76CD-C262-4E19-8781-7E9316A505F0} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2016-07-27] (SparkTrust Systems) <==== ATTENTION Task: {38329735-9504-44AE-BB5E-C63402669E49} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {3BABDF16-4349-4EF1-A893-22394F30AFE1} - System32\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe Task: {3E09D38D-3003-4A6A-A175-1390DEE94655} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {406C3957-E1AD-4F75-AADF-C7236DFD490A} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_9F2687C4-6797-11E6-9CBA-7824AFC129AE => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2016-07-27] (SparkTrust) <==== ATTENTION Task: {4A75A742-B6E7-4E25-A977-B9AD971C7A45} - System32\Tasks\{79D1CF0C-9F02-5AB2-8460-E7159068251E} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\eff4e719\f83d0aa8.dll" <==== ATTENTION Task: {5E4A78C5-7A35-46B5-B7F1-D952E005E80F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {64760BA2-B14F-4EDA-9829-9AF1E1256EB9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {65CBD860-678B-40BC-A8DB-D1D89AF1FB1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.) Task: {6BB1DE5D-0059-4897-9073-82A66A9550B2} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION Task: {6DD497D5-8A0B-48C2-A1EB-22939F61FBB7} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2016-07-27] (SparkTrust Systems) <==== ATTENTION Task: {79CC3036-0A5D-4E3B-ACAA-8D3D5804E478} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.) Task: {7FB6A892-0DA9-4B60-A9F1-66B399DA5302} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {9A70822A-74A8-4FC2-BC12-9F98C46EF8E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.) Task: {9DF14C5E-5E8B-46B0-893B-C30712371001} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.) Task: {9DF7118D-75B8-49D9-9EB3-E48F3279A1B6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {A53684C2-F1AF-47F1-AB78-C4975C8A2178} - System32\Tasks\{61CD6456-A0C2-46D9-A1DC-A3A08D5D51C1} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain Task: {AC23D927-41EF-4122-BD7F-549943AD8639} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BC03D4B8-DF01-4158-98B5-F71AF503A51D} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2015-07-15] (File Type Advisor) Task: {BF7E63CC-73B2-42B5-8CB3-336E12CCA355} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {D9420185-3A37-4973-B2F6-85C5489AA2F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {E40E0DE8-3C90-46A0-ADAE-79147E1B96F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {E61F3361-C27B-4AA2-897E-A89429B6ED4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {F78880B0-05D8-41A0-9888-8F9850D83201} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated) Task: {F8EDA1A2-E2A0-44CB-A753-C7E5392A300E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\SparkTrust PC Cleaner Plus_sch_9F2687C4-6797-11E6-9CBA-7824AFC129AE.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\SparkTrust Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION Task: C:\WINDOWS\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Stepan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1471765264&a=1054667&src=sh&uuid=cd752df4-dc5d-4e79-b7d7-9f81b650732d" ShortcutWithArgument: C:\Users\Stepan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1471765264&a=1054667&src=sh&uuid=cd752df4-dc5d-4e79-b7d7-9f81b650732d" ShortcutWithArgument: C:\Users\Stepan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1471765264&a=1054667&src=sh&uuid=cd752df4-dc5d-4e79-b7d7-9f81b650732d" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1471765264&a=1054667&src=sh&uuid=cd752df4-dc5d-4e79-b7d7-9f81b650732d" ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 15:18 - 2015-10-30 15:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-01-19 16:47 - 2016-08-11 20:27 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-01-19 16:46 - 2016-01-19 13:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe 2016-07-13 13:32 - 2016-07-01 12:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-13 13:32 - 2016-07-01 12:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-07-18 21:27 - 2016-07-18 21:27 - 00959168 _____ () C:\Users\Stepan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-04-19 07:26 - 2016-04-19 11:20 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-01-20 08:37 - 2016-01-20 08:37 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-13 13:34 - 2016-07-01 11:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-13 13:32 - 2016-07-01 11:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-13 13:32 - 2016-07-01 11:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-13 13:32 - 2016-07-01 11:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-13 13:33 - 2016-07-01 11:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-02-19 07:28 - 2016-06-15 04:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2015-12-25 08:00 - 2016-06-15 04:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-02-19 07:28 - 2016-06-15 04:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-03-30 20:00 - 2016-06-15 04:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2014-11-29 16:42 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2016-03-30 20:00 - 2016-06-15 04:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-03-30 20:00 - 2016-06-15 04:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-03-30 20:00 - 2016-06-15 04:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-01-30 08:06 - 2016-06-15 04:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-03-30 20:00 - 2016-06-15 04:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-03-30 20:00 - 2016-06-15 04:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\kpcengine.2.3.dll 2016-08-21 18:19 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-08-21 18:19 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2016-08-21 18:19 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-08-21 18:19 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2016-08-21 18:19 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2016-01-19 16:46 - 2016-08-21 20:43 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll 2016-01-19 16:46 - 2016-01-19 13:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll 2016-04-19 07:26 - 2016-04-19 11:20 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 07:26 - 2016-04-19 11:20 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-04-22 14:25 - 2016-06-15 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-07-15 12:06 - 2016-07-15 12:06 - 00434128 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ipm_service.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7914 more sites. IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\123simsen.com -> www.123simsen.com There are 7914 more sites. IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-600410608-1858306824-1911990453-1004\...\123simsen.com -> www.123simsen.com There are 7914 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-600410608-1858306824-1911990453-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stepan\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg HKU\S-1-5-21-600410608-1858306824-1911990453-1004\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 9.0 SE.lnk => C:\Windows\pss\PHOTOfunSTUDIO 9.0 SE.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Stepan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager" HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "Fitbit Connect" HKLM\...\StartupApproved\Run32: => "Bonus.SSR.FR12" HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "EPSON Stylus Photo 1410 Series" HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "Fitbit Connect" HKU\S-1-5-21-600410608-1858306824-1911990453-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{633E0ADA-AE4D-4F71-AF60-92E436DB1CC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9E9693CD-D91C-4EC8-B449-5D816EC8820A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{85EE68EB-2355-4D27-A965-91B9DC2E6486}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2C34DC50-94BB-4C04-9400-3C149C4A6573}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{DAFFE5B5-64B4-4795-82CC-C1F614EA3D06}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{BDA20B67-2D74-4891-A3CC-A0347C3D9FCE}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{B1F8DF8F-FE9F-4285-AA5D-419F9BFB290B}] => (Allow) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe FirewallRules: [{77B6B08F-CEE2-44CA-9EFD-96660DFE591A}] => (Allow) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe FirewallRules: [{7A846797-E15F-43F3-B2D8-A076F9633C87}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{D8EB9354-A23C-4A7C-B418-EAE627FB6470}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{A8F3FE30-9874-40F2-A3F0-5C35979BBAAF}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{D87BC718-6BFF-414E-BFC5-002D5D316BEB}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{82B3B736-E953-4514-8968-8091CB508EF3}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe FirewallRules: [TCP Query User{BB09126D-B79C-4734-A280-A50C8CDB6D3A}C:\users\stepan\downloads\utorrent.exe] => (Allow) C:\users\stepan\downloads\utorrent.exe FirewallRules: [UDP Query User{29678F85-1104-40CA-BED0-ACC9BB01BC3A}C:\users\stepan\downloads\utorrent.exe] => (Allow) C:\users\stepan\downloads\utorrent.exe FirewallRules: [{ADDE2FC0-A738-476B-AF49-64269A21023A}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe FirewallRules: [{AC33E745-E580-4E41-9D41-6938E7E3A0B9}] => (Allow) C:\Program Files (x86)\TP-LINK\USB Printer Controller\USB Printer Controller.exe FirewallRules: [{1F1D2B58-F400-47FF-AC51-4501C9A722A4}] => (Allow) LPort=7437 FirewallRules: [{37159EE9-B1F8-4705-933C-9906F3396391}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe FirewallRules: [{A9793092-B89B-40C7-ABF0-A6B95A77673D}] => (Allow) C:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe FirewallRules: [TCP Query User{5C3D1DD4-465D-4C94-A509-3A89A26AA9EC}C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe] => (Allow) C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe FirewallRules: [UDP Query User{4AA42AB8-DEA9-4FCA-AB99-3302D83ED0ED}C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe] => (Allow) C:\program files (x86)\tp-link\usb printer controller\usb printer controller.exe FirewallRules: [{2DB47EC7-3545-4861-95C2-F527790DF08A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe FirewallRules: [{87C75C22-6A1A-443E-9C80-CE432E60E002}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe FirewallRules: [{63DE073F-BCF0-4ADA-B863-697C46E0D610}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe FirewallRules: [{E261C894-135E-4140-AF9B-82DC508A4DBB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe FirewallRules: [{41E8E95C-9C5F-4980-9D0D-746836E32C28}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{70854E0C-BBDD-4283-96B0-8A371749B061}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{8178C65F-8D2A-44A9-A440-44755420A901}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{D5BD5556-1523-486C-9020-11F10D0C5250}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{0C327C7C-86D1-482F-B008-1CFD384E108C}] => (Allow) F:\Network\EpsonNetSetup\ENEasyApp.exe FirewallRules: [{E9FA4679-C34D-444F-8AA7-B603ABB8ADCB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{03E6F07D-7B6D-4C0B-AABA-7F76D6E20BB2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [TCP Query User{703A3B93-A4C0-444D-8777-A761FDD192D0}C:\users\stepan\downloads\utorrent.exe] => (Allow) C:\users\stepan\downloads\utorrent.exe FirewallRules: [UDP Query User{0754A1FF-AFC6-4040-B5B7-0B6AD03D6581}C:\users\stepan\downloads\utorrent.exe] => (Allow) C:\users\stepan\downloads\utorrent.exe FirewallRules: [{0B1EB856-83DB-4875-B5FC-89A2F6C2C87E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{1507A6DC-956A-42CF-9155-462DBD5F0E64}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{97A78269-6546-4580-BD12-F0DF21190376}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{980F0525-2280-4EC2-804E-165E903F849E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{093AE59D-A224-464C-9971-65D1548B2AD1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{97C037F6-1611-4EC1-8A6F-AB57EF0D7106}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{17725D44-40A4-4CD7-9498-F143B19525E6}] => (Allow) C:\Program Files (x86)\Music Recorder\Music Recorder 2016\Audials.exe FirewallRules: [{B1E17694-6F05-445C-90A7-5FCE89FD7E59}] => (Allow) LPort=12972 FirewallRules: [{88C7081D-B57C-4E8E-A7A5-57A6E7EA287D}] => (Allow) LPort=14714 FirewallRules: [{637702F8-8013-4F76-80D2-719BB871962A}] => (Allow) LPort=31931 FirewallRules: [{C2F14E86-2499-40A0-B42E-1ABF512E0566}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E391BB26-D0CA-48B5-BB5D-FAFEE6EB2DAA}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{ACE6CE10-9B73-411F-9B7D-FC29EBD65E86}] => (Allow) D:\Games\Mass Effect\Binaries\MassEffect.exe FirewallRules: [{6427D5DA-4D75-41D4-85F6-E7104FED8EE6}] => (Allow) D:\Games\Mass Effect\Binaries\MassEffect.exe FirewallRules: [{CC8DD02A-480F-47EF-9237-FE449C8C2D8D}] => (Allow) D:\Games\Mass Effect\MassEffectLauncher.exe FirewallRules: [{E1E25A3E-021C-46C5-B813-18AE22C1523D}] => (Allow) D:\Games\Mass Effect\MassEffectLauncher.exe FirewallRules: [{B31B4B5B-B3DB-46B2-A574-B0F5471060CC}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{605428C4-366F-43B0-8B61-17774D601C30}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{6ECB955A-B96F-49A4-96C7-E2C1D3E7D8EC}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{49F1CB8E-DF29-46CC-8984-A4D3C2058D5D}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 14-08-2016 19:00:45 Windows Backup 18-08-2016 07:12:33 Windows Update 20-08-2016 12:54:00 Installed DirectX 21-08-2016 19:00:41 Windows Backup ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/21/2016 07:10:44 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048). Error: (08/21/2016 07:10:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/21/2016 07:10:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/21/2016 07:10:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/21/2016 07:05:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DespicableMe_w8.exe, version: 0.0.0.0, time stamp: 0x57b129dc Faulting module name: DespicableMe_w8.exe, version: 0.0.0.0, time stamp: 0x57b129dc Exception code: 0xc0000005 Fault offset: 0x007b3441 Faulting process id: 0x33bc Faulting application start time: 0xDespicableMe_w8.exe0 Faulting application path: DespicableMe_w8.exe1 Faulting module path: DespicableMe_w8.exe2 Report Id: DespicableMe_w8.exe3 Faulting package full name: DespicableMe_w8.exe4 Faulting package-relative application ID: DespicableMe_w8.exe5 Error: (08/21/2016 07:05:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DespicableMe_w8.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 00843441 Stack: Error: (08/21/2016 07:00:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/21/2016 07:00:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/21/2016 06:39:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2084.9592, time stamp: 0x57605ac0 Faulting module name: MessageBus.dll, version: 0.0.0.0, time stamp: 0x5760534f Exception code: 0xc0000005 Fault offset: 0x0000000000010f73 Faulting process id: 0x2880 Faulting application start time: 0xNvStreamNetworkService.exe0 Faulting application path: NvStreamNetworkService.exe1 Faulting module path: NvStreamNetworkService.exe2 Report Id: NvStreamNetworkService.exe3 Faulting package full name: NvStreamNetworkService.exe4 Faulting package-relative application ID: NvStreamNetworkService.exe5 Error: (08/21/2016 04:42:48 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 20.8.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 324 Start Time: 01d1fb87e849f17b Termination Time: 17 Application Path: C:\Users\Stepan\Downloads\FRST64.exe Report Id: 3ad0196d-677b-11e6-9cb4-7824afc129ae Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (08/21/2016 08:43:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (08/21/2016 08:07:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Software Protection service hung on starting. Error: (08/21/2016 08:01:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Delivery Optimization service hung on starting. Error: (08/21/2016 07:55:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (08/21/2016 07:55:04 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 7:52:30 PM on ‎8/‎21/‎2016 was unexpected. Error: (08/21/2016 07:54:45 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY) Description: 32212256844703264068121888 Error: (08/21/2016 07:51:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_6ab21 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/21/2016 07:51:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_6ab21 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/21/2016 07:51:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_6ab21 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/21/2016 07:51:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_6ab21 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-08-17 17:21:09.876 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-17 17:21:09.861 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-11 07:15:52.984 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 17:41:22.544 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 11:11:27.515 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 11:11:27.503 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 11:06:57.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 11:06:57.768 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 08:13:07.712 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-13 21:14:05.449 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz Percentage of memory in use: 32% Total physical RAM: 8127.7 MB Available physical RAM: 5482.21 MB Total Virtual: 16319.7 MB Available Virtual: 13446.94 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.07 GB) (Free:549.88 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:74.53 GB) (Free:43.41 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:465.75 GB) (Free:274.21 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1CF5B0C) Partition 1: (Active) - (Size=931.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: E6CAE6CA) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 069A6176) Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================