Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018 Ran by stefan (12-05-2018 19:18:05) Running from C:\Users\stefan\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads Windows 10 Home Version 1709 16299.431 (X64) (2017-12-21 18:48:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-417430939-868931970-2641718055-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-417430939-868931970-2641718055-503 - Limited - Disabled) Guest (S-1-5-21-417430939-868931970-2641718055-501 - Limited - Disabled) slih (S-1-5-21-417430939-868931970-2641718055-1002 - Limited - Enabled) => C:\Users\slih stefan (S-1-5-21-417430939-868931970-2641718055-1001 - Administrator - Enabled) => C:\Users\stefan WDAGUtilityAccount (S-1-5-21-417430939-868931970-2641718055-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 6.1.2 - Atomi Systems, Inc.) Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Amazon Assistant (HKLM-x32\...\Amazon Assistant) (Version: 2.3.4 - Amazon) <==== ATTENTION AndreaMosaic 3.36.0 (HKLM-x32\...\AndreaMosaic) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Autograph (HKLM-x32\...\{943022BB-2348-4324-802A-E4F365B1AB17}) (Version: 1.4 - CVBA Kamodata) AVG (HKLM\...\AvgZen) (Version: 1.116.3.1052 - AVG Technologies) AVG Zen (HKLM\...\{219E7C4A-0902-4CD4-82B8-EF908BF3198E}) (Version: 1.116.2 - AVG Technologies) Hidden Avira (HKLM-x32\...\{40F72BC9-0C14-4122-8930-4B037EAEAD45}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{4b629f54-1d82-40c9-9979-4485bb58d155}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.169 - Avira Operations GmbH & Co. KG) Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.6.6.2922 - Avira Operations GmbH & Co. KG) Belgium e-ID middleware 4.3.2 (build 3551) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A73551}) (Version: 4.3.3551 - Belgian Government) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) calibre 64bit (HKLM\...\{F7F455F0-5D53-46F8-9D68-2CACB5F0DCFA}) (Version: 3.17.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) Connective Signing Plugins (HKLM-x32\...\{58ACA8CB-5499-4F50-88D1-4FE63A4D3920}) (Version: 2.0.3.296 - Connective) DIGIPASS Native Bridge 2.2.2 (HKLM-x32\...\{28A6E867-4D45-4023-8DD0-09FC196C2892}) (Version: 2.2.2 - VASCO Data Security) Hidden DIGIPASS Native Bridge 2.2.2 (HKU\S-1-5-21-417430939-868931970-2641718055-1002\...\{9ba9a46c-c5ee-4711-9d40-15adb327bdd0}) (Version: 2.2.2 - VASCO Data Security) FMW 1 (HKLM\...\{DC2A8E3D-D5E1-4837-A2E0-C308100AC412}) (Version: 1.143.3 - AVG Technologies) Hidden Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden iMazing 2.2.13.0 (HKLM\...\iMazing_is1) (Version: 2.2.13.0 - DigiDNA) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation) iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Kruidvat fotoservice (HKLM-x32\...\Kruidvat fotoservice) (Version: 6.2.6 - CEWE Stiftung u Co. KGaA) McAfee Safe Connect (HKLM-x32\...\{8DF95C34-C5EB-4026-9C86-E49F2A94677A}) (Version: 1.6.0.223 - McAfee, Inc) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-417430939-868931970-2641718055-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-417430939-868931970-2641718055-1002\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 60.0 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0 (x64 en-US)) (Version: 60.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.0.6697 - Mozilla) Mozilla Thunderbird 45.7.1 (x86 nl) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 nl)) (Version: 45.7.1 - Mozilla) Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Patient HealthViewer 6.1.3 (HKLM-x32\...\2683-5993-8159-9128) (Version: 6.1.3 - Nationaal Intermutualistisch College) PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden Pro Evolution Soccer 6 (HKLM-x32\...\{EBB794ED-D282-4334-92FB-254481EFF514}) (Version: 1.00.0000 - KONAMI) Hidden Pro Evolution Soccer 6 (HKLM-x32\...\InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}) (Version: 1.00.0000 - KONAMI) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7796 - Realtek Semiconductor Corp.) Skype Meetings App (HKLM-x32\...\{D20CE315-AC32-4B25-AB3A-7112A9AB6FC3}) (Version: 16.2.0.232 - Microsoft Corporation) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer) Update for Skype for Business 2016 (KB4018367) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{EFCDE8C5-CE14-4F4A-87AF-83D5E3BA2E52}) (Version: - Microsoft) Update for Skype for Business 2016 (KB4018367) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{EFCDE8C5-CE14-4F4A-87AF-83D5E3BA2E52}) (Version: - Microsoft) Update for Skype for Business 2016 (KB4018367) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{EFCDE8C5-CE14-4F4A-87AF-83D5E3BA2E52}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.) WhatsApp (HKU\S-1-5-21-417430939-868931970-2641718055-1002\...\WhatsApp) (Version: 0.2.8505 - WhatsApp) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Driver Package - Fedict SmartCard (08/08/2015 4.1.5) (HKLM\...\9F46F7AB1E3B1B5F5482EA8D97F401B04FBF7958) (Version: 08/08/2015 4.1.5 - Fedict) Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-417430939-868931970-2641718055-1002_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\slih\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-08] (Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\igfxDTCM.dll [2017-12-07] (Intel Corporation) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-08] (Avira Operations GmbH & Co. KG) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1D00AD4C-381A-4C52-A473-61871A844CB2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\RunCampaignManager2 -> No File <==== ATTENTION Task: {2E81E3E6-5B93-481F-923D-743F5549BEA2} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-12-09] (Distromatic) <==== ATTENTION Task: {30353417-9F60-4244-8C98-856EE1854120} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {342799E7-479E-4911-B9B6-05A839D133AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-15] (Piriform Ltd) Task: {3FC360F8-7CF0-422E-B5DA-96663870E84F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {4A797BE0-4C90-4240-AC72-E2D030A021B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {5F4493D1-C474-45A4-8AC7-421DF0570376} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-05-08] (Avira Operations GmbH & Co. KG) Task: {68AD1936-0EB4-430B-A7B3-5CE08346707A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {74F460A2-9D9F-4880-AEF4-4BA6DC67C493} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-12-09] (Distromatic) <==== ATTENTION Task: {8DC0086A-E4A0-4727-A118-792C65F5CADB} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OnIdle -> No File <==== ATTENTION Task: {91652ECD-4F3B-4578-8D3A-A6D7FC8C377E} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-09-22] (Avira Operations GmbH & Co. KG) Task: {ACD37D6E-163F-4EB8-91AE-80DF2DA2AD3B} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {BC073A90-CDF5-4888-BB38-1F7466E7CAB2} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Unlock -> No File <==== ATTENTION Task: {C92B73F3-8482-4307-A154-0ADA58619B8C} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\OutOfIdle -> No File <==== ATTENTION Task: {CB56CA10-17C0-497A-B1B4-28846E4A9138} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-26] (Google Inc.) Task: {D06FCF61-D422-4C2B-8442-B655AFD828ED} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-12-09] (Distromatic) <==== ATTENTION Task: {D748FAAB-403E-432B-9621-3611BF44D953} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Logon -> No File <==== ATTENTION Task: {E009B69E-67E4-454E-B858-3CA170E7F662} - \Microsoft\Windows\UNP\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Time -> No File <==== ATTENTION Task: {E567B0C3-2D62-47FC-A4F3-52C81B64E590} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-H8RUFIS-slih => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {F1A6987A-0403-450F-838D-C7FABC219240} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-26] (Google Inc.) Task: {FEE7616E-FA48-4543-BAB8-7486462AF8A1} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-12-09] (Distromatic) <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-10-05 19:17 - 2016-10-05 19:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-09-29 15:41 - 2017-09-29 15:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-02-22 23:56 - 2017-02-22 23:56 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2018-03-13 19:51 - 2018-02-22 02:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2018-03-13 19:51 - 2018-02-22 02:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll 2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll 2017-05-05 15:04 - 2017-05-05 15:04 - 000015872 _____ () C:\Users\slih\AppData\Local\Autograph\Autograph-1.4.exe 2018-05-09 08:24 - 2018-05-09 08:24 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll 2018-05-08 08:14 - 2018-05-08 08:14 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.8.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-03-15 13:18 - 2017-03-15 13:18 - 001466048 _____ () C:\Program Files\Microsoft Office\Office16\ADDINS\UmOutlookAddin.dll 2015-07-31 09:58 - 2015-07-31 09:58 - 000588968 _____ () C:\Program Files\Microsoft Office\Office16\msfad.dll 2017-02-22 23:56 - 2017-02-22 23:56 - 008911560 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-05-05 15:04 - 2017-05-05 15:04 - 000140288 _____ () C:\Users\slih\AppData\Local\Autograph\packager.dll 2016-11-28 14:56 - 2016-11-28 14:56 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2017-12-28 15:29 - 2016-07-21 11:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2017-12-28 15:29 - 2017-09-12 11:34 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2018-05-12 19:11 - 2018-05-12 19:11 - 000103683 _____ () C:\Users\stefan\AppData\Local\Temp\McAfee Vpn Service\libpkcs11-helper-1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 15:46 - 2016-09-15 11:30 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-417430939-868931970-2641718055-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-417430939-868931970-2641718055-1002\Control Panel\Desktop\\Wallpaper -> S:\fotoscreensaver\IMG_2709.JPG DNS Servers: 195.130.130.5 - 195.130.131.5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{343C220F-A099-47DB-BE2C-8328D9D91BD8}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [UDP Query User{5A0C3C52-4258-49F3-A1F2-537D0448F78A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{2546CC55-B8FF-4EAA-B03B-DC35148861FD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{75903682-E4C0-4031-AAE1-F117DDEBBA2E}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{390F693F-25A4-4309-8111-7B71BDC6DC1A}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{19334D03-8ED6-4585-8DC4-5008469C4A61}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{852C8EDE-5CD9-459D-B200-38E719681F7C}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{497F2FAB-7A10-48DF-A7F9-30C814E292E3}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{220C0DB0-1E17-4E81-BF7E-D6A76186F255}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{A793CB79-0F1F-4981-BF5E-BDA42A3180D3}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{B612B34F-E14F-41D3-835D-F400A7F14D30}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe FirewallRules: [{4119FBD7-51C1-4784-8F56-129DB29920E4}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{90863ECA-CB04-423C-8980-04EBA6B8E5A2}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe FirewallRules: [{6C91CF5D-07A5-4333-95FE-B3CC72F34B9B}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{341D7DF0-B659-4D39-A014-E1050D51ECEF}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe FirewallRules: [{41871078-9BCE-44D6-B036-005B9A17D62A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7D0713D6-7BC1-4316-9238-E73EB3CBB26A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{29B3DDB2-D202-45A2-BA65-85E675666330}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{DE2913ED-FE66-4A43-AC01-2F63DD07FA7B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{32566744-AAD3-4A13-8CD7-8000F46704B8}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{95A0DA10-890B-4BF5-8FE9-6820BA1A8367}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{1D8C0D0F-3228-422B-9DD2-411348B97DB3}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{5EA648CE-D0AE-4747-9194-FC762F0C184D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{1EF957D3-8CB5-4C73-9DF3-4F053B12306C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F923F632-0FC2-4DD2-A943-11DE70E11524}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{91D1A823-DE7F-42D4-9031-DBF3EFE0168D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D47BCA4F-105F-4828-9F03-8634235E21A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0943CAA9-0557-44A1-95EA-79B9E79C8BD5}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{F75DF5A4-AF54-4D5B-BEF9-6B9041005889}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{76A691F9-11C2-4801-9716-2E28F997F4DF}] => (Block) C:\users\slih\appdata\roaming\spotify\spotify.exe FirewallRules: [{A8C1AB68-670A-42CD-8285-D73E6F3F8076}] => (Block) C:\users\slih\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{71AB88EB-2FF1-4165-844C-B224597514DB}C:\users\slih\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\slih\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{C4748E43-8EB7-43F8-83DE-A81C560607C7}C:\users\slih\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\slih\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{D3C13EE4-D71F-4EE0-BFA8-CD9BBCC6E54D}C:\windows.old\users\slih\appdata\roaming\spotify\spotify.exe] => (Allow) C:\windows.old\users\slih\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{3204A28C-0305-4853-B2E7-06D63E116BA2}C:\windows.old\users\slih\appdata\roaming\spotify\spotify.exe] => (Allow) C:\windows.old\users\slih\appdata\roaming\spotify\spotify.exe FirewallRules: [{35632E78-7AFF-4EA2-9D85-8C83DE535707}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{031AB480-AD54-406A-80CD-408550A02794}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B75C2763-45F0-4079-8D7C-954074D4B84A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{32EB5C7D-61DE-4AB6-B72F-A591E2D6061C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [TCP Query User{275F2909-4552-40D0-B556-7B9B3F25BEBD}C:\users\slih\downloads\crypto\vertcoin-qt.exe] => (Block) C:\users\slih\downloads\crypto\vertcoin-qt.exe FirewallRules: [UDP Query User{B3DC4A05-58E3-454A-B892-CABBA875CD25}C:\users\slih\downloads\crypto\vertcoin-qt.exe] => (Block) C:\users\slih\downloads\crypto\vertcoin-qt.exe FirewallRules: [TCP Query User{33B1A3D3-5F1D-4931-A57B-603DDA5E780E}C:\users\slih\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\slih\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe FirewallRules: [UDP Query User{5DDFBFF4-1C4D-4105-9233-8C9CC58FAD5E}C:\users\slih\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe] => (Allow) C:\users\slih\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.232\pluginhost.exe FirewallRules: [{4001E26E-A066-4A11-8779-A8254BFD5E61}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{1D73602E-B541-46C3-B732-D3C8341FF64E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{8D75CA36-73B5-4076-9F6F-3A3C88B2A9EB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{E22D428B-0D68-47EF-A0AB-30DFA65470B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{4278DC63-2498-437D-B115-48CA7F39B6CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{EE3B9ED0-BE41-48F1-BF5A-9B0B0FBC8312}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{88037BF6-E021-43FF-A486-2D02B783B3BE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{7B2C5789-C6C8-465A-9299-A225ACC70500}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{7CFDC167-0199-4DCB-8960-665D7AB0969E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe FirewallRules: [{BECFEC79-5967-4798-A437-5FD4FB774A87}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.80.474.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe FirewallRules: [{A224C639-2F9E-4E40-A120-981F84F1B4B9}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Photo Viewer\Apowersoft Photo Viewer.exe FirewallRules: [{E7AB2FC8-F5FD-480B-AB1F-4BB06EC59E1E}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Photo Viewer\Apowersoft Photo Viewer.exe ==================== Restore Points ========================= 09-05-2018 14:37:39 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/12/2018 06:28:27 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 60.0.0.6697 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 12e0 Start Time: 01d3ea0e2f41043b Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 0be37fda-275d-4446-9bfe-29c10170975b Faulting package full name: Faulting package-relative application ID: Error: (05/12/2018 06:17:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 60.0.0.6697 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 241c Start Time: 01d3ea0cb3121cbb Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 5cef8594-fdd2-46ab-99ae-40ebc4e64e09 Faulting package full name: Faulting package-relative application ID: Error: (05/12/2018 06:17:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 60.0.0.6697 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1198 Start Time: 01d3ea0b7c6d4a28 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 079bd873-d195-45ab-8057-e1a4e7b062bf Faulting package full name: Faulting package-relative application ID: Error: (05/12/2018 05:46:13 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OUTLOOK.EXE version 16.0.4690.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 5dc Start Time: 01d3ea077b309dda Termination Time: 4294967295 Application Path: C:\Program Files\Microsoft Office\Office16\OUTLOOK.EXE Report Id: 39d5a226-dbcd-44c3-8ce5-987d3e821991 Faulting package full name: Faulting package-relative application ID: Error: (05/11/2018 01:52:54 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1172 Error: (05/11/2018 01:52:54 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1172 Error: (05/11/2018 01:52:54 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/10/2018 11:01:24 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. System errors: ============= Error: (05/12/2018 07:09:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/12/2018 07:09:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/12/2018 07:09:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/12/2018 07:09:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/12/2018 07:09:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/12/2018 07:09:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/12/2018 07:03:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/12/2018 07:03:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2018-05-12 19:17:58.520 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-12 19:17:58.519 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-12 19:11:08.528 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-12 19:11:08.528 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-12 19:10:54.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-12 19:10:54.024 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-12 19:09:44.374 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-12 19:09:44.372 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz Percentage of memory in use: 55% Total physical RAM: 8081.86 MB Available physical RAM: 3596.5 MB Total Virtual: 9361.86 MB Available Virtual: 3693.95 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:146.04 GB) (Free:52.32 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (System) (Fixed) (Total:1.95 GB) (Free:1.89 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (NIEUW) (CDROM) (Total:0.41 GB) (Free:0 GB) CDFS Drive f: (OSDisk) (Fixed) (Total:236.52 GB) (Free:156.62 GB) NTFS Drive s: (data) (Fixed) (Total:86.4 GB) (Free:33.66 GB) NTFS \\?\Volume{c6b0cc1d-0000-0000-0000-f08224000000}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: C6B0CC1D) Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) Partition 3: (Not Active) - (Size=86.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 9E8C147D) Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=236.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================