Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018 Ran by unS (25-07-2018 15:21:39) Running from C:\Users\unS\Downloads\Programs Windows 10 Home Single Language Version 1709 16299.547 (X64) (2018-06-29 18:48:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1300843712-1118716619-14719485-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1300843712-1118716619-14719485-503 - Limited - Disabled) Guest (S-1-5-21-1300843712-1118716619-14719485-501 - Limited - Disabled) unS (S-1-5-21-1300843712-1118716619-14719485-1001 - Administrator - Enabled) => C:\Users\unS WDAGUtilityAccount (S-1-5-21-1300843712-1118716619-14719485-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Free (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Free (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510af_Help (HKLM-x32\...\{C175D5B0-ED04-42C9-B23F-D8BD406173E7}) (Version: 1.00.0000 - Hewlett-Packard) Hidden 4500G510af (HKLM-x32\...\{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (HKLM-x32\...\{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform) Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden Google Chrome (HKLM\...\{6BE8C6A1-54E8-312E-A876-FF27463F3324}) (Version: 67.0.3396.99 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4944 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonek Inc.) Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Kaspersky Software Updater (HKLM-x32\...\{EB3EB252-23C8-4E03-89DA-3D9BC479BB69}) (Version: 2.0.1.65 - Kaspersky Lab) Hidden Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{EB3EB252-23C8-4E03-89DA-3D9BC479BB69}) (Version: 2.0.1.65 - Kaspersky Lab) Kodi (HKU\S-1-5-21-1300843712-1118716619-14719485-1001\...\Kodi) (Version: - XBMC-Foundation) Lenovo App Explorer (HKU\S-1-5-21-1300843712-1118716619-14719485-1001\...\Host App Service) (Version: 0.273.2.777 - SweetLabs for Lenovo) <==== ATTENTION Lenovo Calliope USB Keyboard (HKLM\...\{520AA862-0064-4B41-B777-1FAFC1AD1293}) (Version: 1.12 - Lenovo) LINE (HKU\S-1-5-21-1300843712-1118716619-14719485-1001\...\LINE) (Version: 5.8.0.1706 - LINE Corporation) MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 7.4.1 - MP3 Rocket Inc) Nero 12 Full Repack (HKLM\...\NMMS12) (Version: - ) NLTV (HKLM-x32\...\NLTV) (Version: - ) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) OpenOffice 4.1.5 (HKLM-x32\...\{6649DD88-354B-40C3-94D1-11178CF5CCB2}) (Version: 4.15.9789 - Apache Software Foundation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.5.1009.180130 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.24.1208.2017 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.) Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0021 - REALTEK Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer) Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{479E8CC7-CD68-4EB4-BB04-34A5C2C74102}) (Version: 2.46.0.0 - Microsoft Corporation) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-07-03] (AO Kaspersky Lab) ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-07-03] (AO Kaspersky Lab) ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-07-03] (AO Kaspersky Lab) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a58de0cf5f3e9dca\igfxDTCM.dll [2018-04-09] (Intel Corporation) ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-07-03] (AO Kaspersky Lab) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {23E7A971-068D-403E-B6FE-9DDE17D2FE59} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\unS\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {2C694571-9A53-4A26-8476-325263B82B20} - System32\Tasks\App Explorer => C:\Users\unS\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-05-30] (SweetLabs, Inc) <==== ATTENTION Task: {2F801A46-9AFF-488F-8D1B-5D985CA59A3A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {309DD376-449A-4FEC-BBE8-E51744CEF65A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f093c146-e87f-48d8-a645-12f89b0c5c5a => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited) Task: {549761D9-B14F-4AAC-839F-82F1E390FE36} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\72607715-8b7d-418e-b296-db6c42d6e0ca => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited) Task: {886EBFA2-3168-4360-922F-DF6DC784F882} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JOOST-unS Joost => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {8927C7C7-21BB-4882-AB3F-F34A7F750D45} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {8F7F7344-DCB1-454A-9BB4-55186D8E575C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\66b04d7a-d8ad-4f37-bf5a-bf2b94ba73e9 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited) Task: {944FB553-43B5-494C-B5C7-D2EF9023AC60} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {97238F29-691B-4751-81D1-C83678E78D89} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8b4dd2d7-fa06-49cf-988a-be7d4239b565 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited) Task: {A126C418-6C70-42FC-926B-1ABAE9C62286} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-29] (Google Inc.) Task: {BCACB419-B319-433E-8044-FDEAD2BEE796} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-29] (Google Inc.) Task: {C7FDC14F-8364-442B-B325-999F0E698AA7} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {D37460AA-2293-4DB4-9EDD-5B76C3C45248} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {E1CE242C-9EEF-46E6-BA55-3B0EBE7D51C8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited) Task: {E3C90307-3F72-4483-BF19-D99827E344D3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd) Task: {E4ADD915-0C31-40D5-BCCC-F24411170051} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe [2018-07-16] (Microsoft Corporation) Task: {EF3D128D-0744-4294-96A8-A3D731ED2C54} - \anydesk -> No File <==== ATTENTION Task: {F219196E-303B-4BB7-B60F-DFA634E94498} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd) Task: {FD03AD73-2D47-4B4A-A41F-015ED07BF623} - System32\Tasks\Opera scheduled Autoupdate 1530444341 => C:\Users\unS\AppData\Local\Programs\Opera\launcher.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-05-23 11:28 - 2018-02-08 14:23 - 000261544 _____ () C:\Windows\system32\dolbyaposvc\DAX3API.exe 2018-05-23 11:28 - 2018-02-08 14:23 - 000304552 _____ () C:\Windows\system32\dolbyaposvc\TuningFileParser.dll 2017-09-29 20:41 - 2017-09-29 20:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll 2018-05-23 11:28 - 2018-02-08 14:23 - 000529320 _____ () C:\Windows\system32\dolbyaposvc\CaptureStreamMonitor.dll 2018-07-11 15:51 - 2018-06-29 15:00 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2018-07-11 15:51 - 2018-06-29 14:57 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-07-17 07:53 - 2018-07-17 07:54 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-07-17 07:53 - 2018-07-17 07:54 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-07-17 07:53 - 2018-07-17 07:54 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-07-17 07:53 - 2018-07-17 07:54 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll 2018-07-17 07:53 - 2018-07-17 07:54 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-06-29 20:25 - 2018-06-29 20:25 - 000088888 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\zlib1.dll 2018-07-10 08:01 - 2018-07-10 08:03 - 001356088 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\libxml2.dll 2018-07-03 13:29 - 2018-07-03 13:29 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\kpcengine.2.3.dll 2018-04-23 17:40 - 2018-04-23 17:40 - 000332104 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\dblite.dll 2018-04-23 17:34 - 2018-04-23 17:34 - 000418512 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\ipm_service.dll 2018-02-20 00:49 - 2018-02-20 00:49 - 001604240 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2018-04-26 15:24 - 2018-04-26 15:24 - 045077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libcef.dll 2018-04-26 15:24 - 2018-04-26 15:24 - 001650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libglesv2.dll 2018-04-26 15:24 - 2018-04-26 15:24 - 000082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-1300843712-1118716619-14719485-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1300843712-1118716619-14719485-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 20:46 - 2018-07-02 07:02 - 000002103 _____ C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1300843712-1118716619-14719485-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\unS\Pictures\Joost privé\2011 juni Broers\P1000791.JPG DNS Servers: 203.144.206.29 - 203.144.206.49 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F5B727C2-33FA-4469-9684-C63555572897}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{F38B63DD-89CB-4ADD-A9F1-F4A334A1A1B2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{38DC2241-DB36-4A0D-9146-202BC2A39912}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A4D7C977-566E-4A5F-86EC-ED0180BD7456}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E31D55ED-5DDD-4ECD-A92C-93B5A87FABD0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4AD93E9A-ACB3-4B35-A3E6-E00A1F742A6A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{B30FF296-777B-4A35-8474-E69B909177B4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{038C3803-3B59-4492-A3B4-7556DA181E16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{9858CCC5-BB6E-4442-9F22-C883543DAC98}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{FEA8998C-AEFD-4EB4-854B-3288108ED281}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{4ABE7BC4-CC26-42C2-B064-53D45303CEFA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [TCP Query User{0AF42A64-29DF-4057-9C08-9C83B602F996}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{02066564-B4EA-43AE-983F-610FE175FABF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [TCP Query User{8ABB95EB-8799-4907-8E35-6F33590B37AE}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe FirewallRules: [UDP Query User{1E3B8F42-DA89-401F-A5CB-8A6512D44484}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe FirewallRules: [{3AE8BB69-5599-4BE6-B245-771162D034C3}] => (Block) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe FirewallRules: [{C9DD0E3E-2B31-4788-B507-FFB1FC778685}] => (Block) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe FirewallRules: [{E79CC67F-88DE-4BEB-8709-1F285C166D8E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe FirewallRules: [{D88B6479-3CA1-4F46-B898-47A98632BF36}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe FirewallRules: [{454BD73C-1978-442C-BEE9-ABC7AC45AFDA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe FirewallRules: [{0375F0DA-A8DD-4077-B82F-4161FE13F78F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe FirewallRules: [{09E84CBA-3ABA-4AB4-A2C3-867CFAFB616F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe FirewallRules: [{DD99696B-9C19-4E41-8A69-647701D74FE3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe FirewallRules: [{21A3598D-694A-4AC0-850C-3C743BD592BD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe FirewallRules: [{E1ADF2AD-441E-4F2C-9B20-864AE4A6FF42}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe FirewallRules: [{2D1FD347-832C-41F9-A60D-08E981DF4BD1}] => (Allow) C:\Users\unS\AppData\Local\Temp\7zS1C48\HPDiagnosticCoreUI.exe FirewallRules: [{0A2DF278-2A67-4C93-94D7-91DDD5DE2A6C}] => (Allow) C:\Users\unS\AppData\Local\Temp\7zS1C48\HPDiagnosticCoreUI.exe ==================== Restore Points ========================= 13-07-2018 12:01:24 Windows Update 22-07-2018 21:08:16 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/25/2018 03:03:45 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (07/25/2018 03:03:44 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (07/25/2018 03:03:44 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (07/25/2018 03:03:44 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (07/25/2018 03:03:44 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (07/25/2018 03:03:44 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ESENT" in DLL "C:\Windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (07/25/2018 03:03:44 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (07/25/2018 02:59:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ShellExperienceHost.exe version 10.0.16299.492 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2c54 Start Time: 01d423ed4b6bd50c Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Report Id: 64f6703b-f486-4d90-8c41-a6bc269ddd43 Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.492_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App System errors: ============= Error: (07/25/2018 03:13:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/25/2018 03:03:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/25/2018 02:58:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/25/2018 02:58:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/25/2018 02:58:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/25/2018 02:58:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/25/2018 02:58:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/25/2018 02:58:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-07-10 13:04:11.352 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.271.314.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15000.2 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2018-07-10 13:04:11.351 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.271.314.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15000.2 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2018-07-10 13:04:11.351 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.271.314.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15000.2 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2018-07-10 13:04:11.345 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.271.314.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15000.2 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2018-07-10 13:04:11.345 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.271.314.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15000.2 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =================================== Date: 2018-07-15 16:37:57.195 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-07-15 16:37:57.014 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-07-15 16:37:45.963 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-07-15 16:37:45.781 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-07-15 16:34:45.076 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-07-15 16:34:44.518 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-07-15 16:34:32.652 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-07-15 16:34:32.484 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-8100T CPU @ 3.10GHz Percentage of memory in use: 66% Total physical RAM: 3951.71 MB Available physical RAM: 1327.92 MB Total Virtual: 5295.71 MB Available Virtual: 2177.58 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:516.09 GB) (Free:341.9 GB) NTFS Drive d: (New Volume) (Fixed) (Total:414.06 GB) (Free:413.4 GB) NTFS \\?\Volume{373ba63c-974f-4fd6-adb7-9c3a449c9be7}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 \\?\Volume{83d98d9a-e2a1-4524-af72-0e435fa3553b}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: F35BAB55) Partition: GPT. ==================== End of Addition.txt ============================