Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016 Ran by Zoe (26-09-2016 15:50:02) Running from C:\Users\Zoe\Downloads Windows 10 Home Version 1511 (X64) (2016-07-14 14:09:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2616824965-1911769703-2517132435-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2616824965-1911769703-2517132435-503 - Limited - Disabled) Guest (S-1-5-21-2616824965-1911769703-2517132435-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2616824965-1911769703-2517132435-1005 - Limited - Enabled) Zoe (S-1-5-21-2616824965-1911769703-2517132435-1001 - Administrator - Enabled) => C:\Users\Zoe ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS) Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.) Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden Bandizip (HKLM\...\Bandizip) (Version: 5.12 - Bandisoft.com) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender) Bitdefender Antivirus Plus 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION) EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation) FEH CD-ROM 2.0 (HKLM-x32\...\FEH CD-ROM 2.0) (Version: 2.0 - CEH Wallingford) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7167.2060 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2060 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2060 - Microsoft Corporation) Hidden OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation) Panda Antivirus Pro 2014 (x32 Version: 13.01.01 - Panda Security) Hidden Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation) Windows Driver Package - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) WPS Office (10.1.0.5507) (HKU\S-1-5-21-2616824965-1911769703-2517132435-1001\...\Kingsoft Office) (Version: 10.1.0.5507 - Kingsoft Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2616824965-1911769703-2517132435-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com) CustomCLSID: HKU\S-1-5-21-2616824965-1911769703-2517132435-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Zoe\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2616824965-1911769703-2517132435-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {019635A3-170E-413F-A7D1-325922EE3244} - \{F388D17B-B090-41F1-8FB2-D66CDA7EE461} -> No File <==== ATTENTION Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {118DF773-69A7-4D91-A076-1CF178E27BDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-20] (Google Inc.) Task: {15D0D1C7-C97F-441A-9365-3D9B8F1D6FE8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {1D94F137-08E9-4354-A156-2A466ACE7F09} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {2A8C1F7B-B8B6-41F8-823D-550CB57E3AD8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {2DA0B3CA-6FF6-4C8B-8736-B8B8FEFD6B94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {2EDB54D5-FE03-41CA-B903-3F7E43A92754} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {35DC5F9F-0EB9-414A-A99C-FF696315B25D} - \DNSWALTERS -> No File <==== ATTENTION Task: {36476FE7-D85C-46A1-B5B8-03D8DE26409C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek) Task: {3AEC25F3-B642-4EAF-B6E7-B5D4A1EADE4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-09-21] (Microsoft Corporation) Task: {46737119-53BC-4F02-B384-5DE011878D6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {4C91F6B2-CCEB-423B-880A-0D96D54FA2D9} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS) Task: {4D58CDE3-FC2D-4C0C-B214-94AC92AF6065} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {6387435A-79BE-4FD6-9455-E523643D9F42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-09-21] (Microsoft Corporation) Task: {6EF065F9-56CD-458E-9294-6BA3FE9F223E} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] () Task: {7321FAEA-A0F3-412A-9D1C-D287028DF434} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-21] (Microsoft Corporation) Task: {7545715E-2179-4194-A3B4-C12094C21F31} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {7B108146-5310-4CB4-9F51-4631C9A15244} - \CreateChoiceProcessTask -> No File <==== ATTENTION Task: {7FF82AA1-13CB-463A-BE30-43F936DF03AA} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-09-13] (Bitdefender) Task: {80BB42F1-68B6-4322-869D-2804EE848126} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {8960CB18-6C66-495E-B56C-7F66541DF7DD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {8AF63597-C334-40A2-9602-8B2A40894D4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8EAD12AF-C8BB-4E50-B178-F5972D9D4391} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9B053D66-4D29-4C6C-887D-3FE4CD0A6689} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {A9677DD3-9E55-4EF1-9149-3F254F1E9C28} - \User_Feed_Synchronization-{35E0D781-98D1-40BD-8C47-6F8C67A32793} -> No File <==== ATTENTION Task: {B015C76F-188A-41B9-939D-FD8C01A5F7FA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Zoe\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-25] (Microsoft Corporation) Task: {B24EDF03-52EF-4652-8225-D5A77198618A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-20] (Google Inc.) Task: {B2DC1BD7-019A-4EB3-8D7E-93ABC21DF2C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {B6C0C553-ED39-4037-A035-0E05E717997C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation) Task: {B875D3B9-F780-4EB8-B330-1B018FE2B2EC} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.) Task: {C917ADA6-6995-450D-AE66-5E27A7CF06DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {CAC4BCC3-51FF-4B21-95BB-9307F719E9B9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {CED82C4A-A89F-4C61-A268-B7F3FB561477} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {D5090F70-F97C-44D8-93C8-1E41DA1D4786} - \WPD\SqmUpload_S-1-5-21-2616824965-1911769703-2517132435-1001 -> No File <==== ATTENTION Task: {DDF31CD4-E278-4051-B39B-391BB1DD28D0} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.) Task: {E5371633-14EF-4445-9E60-12FAA6CCC4D7} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {E65370DA-E012-48A6-B6BB-EFF7EC248C40} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {ECF8D250-408D-4B31-B5C1-3176FC350A05} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F3DBFFCE-10A8-4EA1-A953-0A092534113D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-09-05] (Microsoft Corporation) Task: {F86A547D-F71A-4DDD-BC11-9150285ACD35} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {FA209086-B653-4ADC-B292-3EDC3DBA52CD} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_Zoe.job => C:\Users\Zoe\AppData\Local\kingsoft\WPS Office\10.1.0.5507\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Zoe.job => C:\Users\Zoe\AppData\Local\kingsoft\WPS Office\10.1.0.5507\wtoolex\wpsupdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Zoe\AppData\Local\Microsoft\Windows\RoamingTiles\16272922270.lnk -> hxxp://www.ebay.co.uk/ ShortcutWithArgument: C:\Users\Zoe\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\16272922270.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x5e21b6ba -pinnedTimeHigh 0x01cee455 -securityFlags 0x00000000 -url 0x00000016 hxxp://www.ebay.co.uk/ ShortcutWithArgument: C:\Users\Zoe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\55abbe2b5e9227c7\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============== 2016-08-01 10:29 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll 2016-08-01 10:30 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl 2016-08-01 10:30 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl 2016-08-01 10:30 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl 2016-08-01 10:30 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe 2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe 2016-09-20 15:50 - 2016-09-07 06:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-20 15:50 - 2016-09-07 06:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-08-25 20:47 - 2016-08-25 20:47 - 01864384 _____ () C:\Users\Zoe\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-09-21 16:40 - 2016-09-21 16:40 - 08921800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-09-20 15:49 - 2016-09-07 05:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-14 15:01 - 2016-07-14 15:01 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-14 15:01 - 2016-07-14 15:01 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-09-20 15:49 - 2016-09-07 05:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-09-20 15:49 - 2016-09-07 05:11 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-09-20 15:49 - 2016-09-07 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-09-20 15:49 - 2016-09-07 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-07-15 22:56 - 2016-07-16 22:41 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-08-24 10:02 - 2016-08-25 07:59 - 04028608 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40811.0_x64__8wekyb3d8bbwe\gfxim.dll 2016-08-24 10:02 - 2016-08-25 07:59 - 00071872 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40811.0_x64__8wekyb3d8bbwe\icui18n56.dll 2013-09-30 04:32 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2016-07-15 22:56 - 2016-07-16 22:41 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-07-15 22:56 - 2016-07-16 22:42 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Zoe\Downloads\AdwCleaner.exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\ChromeSetup (1).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\ChromeSetup (2).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\DriverRestore.exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\epson379220eu.EXE:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\FRST64 (1).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\FRST64 (2).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\JRT (1).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\JRT (2).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\JRT.exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\Setup.x86.en-US_ProPlusRetail_9982F-NVQ8P-84FGR-9WRD6-238DP_TX_PR_ (1).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\setupUK (1).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\setupUK (2).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\setupUK.exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\setupUS.exe:BDU [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2016-09-26 14:55 - 00000836 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2616824965-1911769703-2517132435-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zoe\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_7574.jpg DNS Servers: 82.163.143.171 - 82.163.142.173 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader" HKLM\...\StartupApproved\Run32: => "APVXDWIN" HKU\S-1-5-21-2616824965-1911769703-2517132435-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-2616824965-1911769703-2517132435-1001\...\StartupApproved\Run: => "Nike+ Connect" HKU\S-1-5-21-2616824965-1911769703-2517132435-1001\...\StartupApproved\Run: => "ApplePhotoStreams" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{F17DB62A-96F4-44DF-9F76-45EBC3651139}] => (Allow) C:\Users\Zoe\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe FirewallRules: [{4BAB0FC4-D16C-4C4A-90E2-88342F2E1DEC}] => (Allow) C:\Users\Zoe\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869 FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900 FirewallRules: [{99AB5382-1059-45AC-AAEB-E32736E99DF9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{A844D439-F068-4934-85E0-507B7BD352DF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{AE5FA5B3-1F45-467A-ACAE-A4A94DAC269E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{04566AC8-7662-44D7-B813-A41F290C2DBF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{3CCAECA0-768F-4F5A-9ECC-4E8D1FF15A97}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{EA93FD9A-1808-492B-A44A-F04C69E6F567}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A4ED8DC5-BE64-416C-A856-E63C06D1A7C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{52CB1B91-AFF0-47BC-ADF9-40403AF4E256}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FE1B2B1D-1C52-4D36-8937-A152AAA7D59E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{3B7BD42E-E1B5-48EA-99DE-779BCBC3649F}C:\users\zoe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zoe\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{359DB67B-76D7-4337-9B0A-F44DE5F3309E}C:\users\zoe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zoe\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{C017C10E-2B11-47DB-8A14-3816EA909867}C:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe] => (Allow) C:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe FirewallRules: [UDP Query User{A64692A3-B4B5-40DA-99D7-4330077217AA}C:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe] => (Allow) C:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe FirewallRules: [{D0FEDCAA-157A-412A-BFB8-295E684B77DB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{C1592DD4-6908-4BE5-87AC-A29D6F474DD6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{F908679E-DB90-4E6A-985B-7FF51ECB6542}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{12C443AC-F577-4AB6-863A-7C32ACC2E516}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{3349D4C9-E274-4DEB-B009-998B08D0DA07}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{A81AE7A2-9DB1-4E6C-87D3-B7E2B0411E44}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{4A500812-247E-46CB-B775-2548A8983E38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe ==================== Restore Points ========================= 21-09-2016 17:13:41 Scheduled Checkpoint 26-09-2016 11:31:26 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/26/2016 02:55:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZOE) Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/26/2016 02:55:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 9230125 Error: (09/26/2016 02:55:48 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 9230125 Error: (09/26/2016 02:55:47 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/26/2016 12:17:53 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/26/2016 11:31:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (09/26/2016 11:23:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0 Faulting module name: twinapi.appcore.dll, version: 10.0.10586.589, time stamp: 0x57cf9512 Exception code: 0xc000027b Fault offset: 0x000000000004b1c9 Faulting process ID: 0x2134 Faulting application start time: 0x01d217dfbf7213f3 Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report ID: c3d7b324-0c0d-4197-887a-67f0e944194d Faulting package full name: Microsoft.XboxOneSmartGlass_2.2.1510.30008_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.XboxOneSmartGlass Error: (09/26/2016 10:42:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ZOE) Description: Package Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend. Error: (09/26/2016 10:39:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program MicrosoftEdgeCP.exe version 11.0.10586.20 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1e7c Start Time: 01d217d9a230c60a Termination Time: 17 Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Report Id: 2c84ea4d-83cd-11e6-bedd-d850e61c06da Faulting package full name: Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: MicrosoftEdge Error: (09/25/2016 09:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15360 System errors: ============= Error: (09/26/2016 03:39:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (09/26/2016 03:36:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (09/26/2016 02:57:28 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (09/26/2016 02:55:54 PM) (Source: DCOM) (EventID: 10010) (User: ZOE) Description: The server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout. Error: (09/26/2016 12:16:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout. Error: (09/26/2016 11:24:02 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (09/26/2016 11:15:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Feature update to Windows 10, version 1607. Error: (09/26/2016 11:06:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_2872b46 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/26/2016 11:06:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_2872b46 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/26/2016 11:06:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_2872b46 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-09-22 10:25:10.250 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-21 17:21:59.888 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-21 12:12:35.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-21 11:22:20.973 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-21 09:25:05.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 10:17:35.524 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 07:38:44.705 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-24 19:21:09.582 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 22:44:41.635 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 14:46:18.087 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz Percentage of memory in use: 48% Total physical RAM: 3981.74 MB Available physical RAM: 2037.42 MB Total Virtual: 4685.74 MB Available Virtual: 2403.19 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:232.93 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DATA) (Fixed) (Total:398.07 GB) (Free:394.37 GB) NTFS Drive e: (FEHCDROM2) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 568814A2) Partition: GPT. ==================== End of Addition.txt ============================