Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016 Ran by z00269rd (15-12-2016 19:43:40) Running from C:\Users\z00269rd\Desktop Windows 7 Enterprise Service Pack 1 (X64) (2016-10-19 15:10:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3920449121-937416148-1094057651-1001 - Limited - Enabled) Apidnely (S-1-5-21-3920449121-937416148-1094057651-500 - Administrator - Enabled) Guest (S-1-5-21-3920449121-937416148-1094057651-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden 7-zip (HKLM\...\{9A905C6C-C93F-4836-A2A4-C90444219654}) (Version: 16.0 - Igor Pavlov) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.18 - Adobe) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated) Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe) Adobe Reader XI (11.0.18) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\{2EF62794-A699-4DD7-8690-4BFAC3688498}) (Version: 12.2.1.171 - Adobe Systems, Inc) Atos Password Reset Client (HKLM\...\{795FF22C-EF8B-4EA4-B666-AED725A2C99B}) (Version: 5.0.2 - Atos IT Solutions and Services GmbH) capicom.dll (2.1.0.2) (HKLM-x32\...\{CAFF8AC3-7D23-457A-BD18-883BC224AA18}) (Version: 2.1.0.2 - Microsoft Corporation) CDBurnerXP (HKLM-x32\...\{F89EF192-0465-47C3-80BE-A2CCC2103B38}) (Version: 4.5.1.4003 - Canneverbe Limited) Citrix Receiver (HKLM-x32\...\{75AB4860-7B77-4D13-99D5-AA7508175060}) (Version: 4.4 - Citrix) Configuration Manager Client (x32 Version: 4.00.6487.2000 - Microsoft Corporation) Hidden EMET 5.5 (HKLM-x32\...\{E27E74F0-0EAD-4C5D-8F6F-1C9192D24AA5}) (Version: 5.5 - Microsoft Corporation) EMET 5.5 Config Update (x32 Version: 3.0 - ATOS) Hidden Flash Player (HKLM-x32\...\{FB9B5B7C-2B9A-4761-B9A2-7C6E2BA01777}) (Version: 23.0.0.207 - Adobe) Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.6.0.0 - FUJITSU LIMITED) Fujitsu System Extension Utility (Version: 3.6.0.0 - FUJITSU LIMITED) Hidden FujitsuShockSensorUtility (HKLM-x32\...\InstallShield_{EAD3A239-5029-4067-9071-47763DC249DD}) (Version: V7.01.01.001 - FUJITSU LIMITED) FujitsuShockSensorUtility (Version: 7.01.00.001 - FUJITSU LIMITED) Hidden Google Chrome (HKLM-x32\...\{14A4D1AE-4FA6-3F79-8BA3-AA3691641810}) (Version: 55.0.2883.87 - Google, Inc.) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Greenshot (HKLM\...\{54B87D91-6560-4C86-A5D7-2E62113868DC}) (Version: 1.2.8 - Thomas Braun, Jens Klingen and Robin Krom) HP Support Solutions Framework (HKLM-x32\...\{DCF221F2-7258-42E7-8DEE-5794DC2258CA}) (Version: 12.5.32.37 - HP Inc.) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.9.108.1 - Intel Security) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1412.3) (HKLM\...\{302600C1-6BDF-4FD1-1401-148929CC1385}) (Version: 17.0.1401.0428 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation) Internet Explorer 11 (x32 Version: 11.0 - Microsoft Corporation) Hidden Java 8 Update 111 32-bit (HKLM-x32\...\{D532EEA4-F94B-43AC-B471-E9E0DB416299}) (Version: 1.8.0.111 - Oracle Corporation) Juniper Installer Service (HKLM-x32\...\{076C671D-BFD2-4961-9D94-1DC60F4D825E}) (Version: 8.0.31475 - Juniper Networks) Juniper Installer Service 8.0 (x32 Version: 8.0.31475 - Juniper Networks, Inc.) Hidden Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks) KeePass 2.34 (HKLM-x32\...\{36F0005F-4042-4768-8736-8F95CC3B742C}) (Version: 2.34.0 - Dominik Reichl) LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.3.0 - FUJITSU LIMITED) LIFEBOOK Application Panel (Version: 8.3.3.0 - FUJITSU LIMITED) Hidden Lotus Notes 8.5.3 (HKLM-x32\...\{95246D82-99D2-4229-841E-6867C3251087}) (Version: 8.53.11258 - IBM) MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Conferencing Add-in for Microsoft Office Outlook (HKLM-x32\...\{50B6A14B-B914-47A2-ABCC-D11502F799F0}) (Version: 8.0.6362.262 - Microsoft Corporation) Microsoft Office Communicator 2007 R2 (HKLM-x32\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.268 - Microsoft Corporation) Microsoft Office Communicator 2007 R2, MUI (HKLM-x32\...\{CEECF731-3F08-4210-8073-7E87F58C01D3}) (Version: 3.5.6907.0 - Microsoft Corporation) Microsoft Office Language Pack 2007 - Dutch/Nederlands (HKLM-x32\...\OMUI.nl-nl) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Language Pack 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}) (Version: - Microsoft) Microsoft Office Language Pack 2010 - Polish/Polski (HKLM-x32\...\Office14.OMUI.pl-pl) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Live Meeting 2007 (HKLM-x32\...\{6E76B171-E4E3-4FE7-9B88-C962F106539C}) (Version: 8.0.6362.262 - Microsoft Corporation) Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable - x64 (HKLM-x32\...\{EA2AE86F-97FE-40ED-9695-337B05F31036}) (Version: 12.0.30501 - Microsoft) Mindjet MindManager Viewer 7 English (HKLM-x32\...\{8E55813F-2FA3-47E8-9AF9-31DC0B4AE3ED}) (Version: 7.1.394.0 - Mindjet LLC) Mozilla Firefox 49.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 pl)) (Version: 49.0.2 - Mozilla) Mozilla Firefox 50.0.2 (x86 pl) (HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Mozilla Firefox 50.0.2 (x86 pl)) (Version: 50.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Office Professional 2007 Plus Language Pack Dutch (HKLM-x32\...\{312B776F-72DC-4377-9251-7D7A34C4DB60}) (Version: 12.0.6215.1000 - Atos IT Solutions and Services GmbH) Online Plug-in (x32 Version: 14.4.1000.16 - Citrix Systems, Inc.) Hidden Oracle VM VirtualBox 4.2.16 (HKLM\...\{4CC3444D-7279-4E83-984F-18E9A7B2E803}) (Version: 4.2.16 - Oracle Corporation) paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) PDF-XChange PRO V6 (HKLM\...\{FDEE9B63-F8FF-459D-96D0-115138EB6C72}) (Version: 6.0.317.1 - Tracker Software Products (Canada) Ltd.) PKI Basic Client 5.8 (HKLM\...\{FA16D4C9-386C-43DB-BB55-1A7388B65B9B}) (Version: 5.3.008 - ATOS) PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.2.01.06240 - Sony Corporation) PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden PMB_ServiceUploader (x32 Version: 10.2.01 - Sony Corporation) Hidden Power Saving Utility (HKLM-x32\...\InstallShield_{CB0EA768-62F2-450E-88BC-74182237F564}) (Version: 42.0.0.0 (10.001) - FUJITSU LIMITED) Power Saving Utility (Version: 42.0.0.0 - FUJITSU LIMITED) Hidden Pulse Check Survey (HKLM-x32\...\{1738D80B-8ECB-48CB-98AC-8DDF80B4B0D4}) (Version: 1.0.0.0 - Siemens) Pulse Secure (Version: 5.2.537 - Pulse Secure, LLC) Hidden Pulse Secure 5.2 (HKLM-x32\...\Pulse Secure 5.2) (Version: 5.2.537 - Pulse Secure, LLC) Pulse Secure Host Checker (HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\PulseSecure_Host_Checker) (Version: 8.0.14.41869 - Pulse Secure, LLC) Pulse Secure Network Connect 8.0 (HKLM-x32\...\Pulse Secure Network Connect 8.0) (Version: 8.0.14.41869 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\.DEFAULT Version: 8.2.3.537 - Pulse Secure, LLC) Hidden Pulse Secure Setup Client (HKU\S-1-5-21-462691900-2967613020-3702357964-499332 Version: 8.2.3.537 - Pulse Secure, LLC) Hidden Pulse Secure Setup Client (HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Juniper_Setup_Client) (Version: 8.0.14.61455 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (Version: 2.1.1.1 - Pulse Secure, LLC) Hidden Pulse Secure Setup Client Activex Control (x32 Version: 2.1.1.1 - Pulse Secure, LLC) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.) Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10220 - Realtek Semiconductor Corp.) RealVNC Enterprise Edition SIT4.5.3 (SVR) (HKLM-x32\...\{1AAFC424-68E7-4E81-AFC8-9E09F0EC7799}) (Version: 4.5.3.0 - VNC) Schriftart code_128ttf (HKLM-x32\...\{CD906B13-633D-48E9-A949-E6454BD0AE13}) (Version: 1.0.0.0 - Ihr Firmenname) SCMS (HKLM-x32\...\{0FFBCCF4-BF71-46CC-95C5-7618E520852C}) (Version: 1.4 - SCF Core Team) Self-service Plug-in (x32 Version: 4.4.1000.13058 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0415-0000-0000000FF1CE}_Office14.OMUI.pl-pl_{11B0F533-C8CF-420C-A43C-C7F93773CA62}) (Version: - Microsoft) sh@re EMEA & LAM (HKLM\...\{B10DA38A-F50B-4B09-9096-1664062AA250}) (Version: 1.5.0.0 - Siemens AG) Shock Sensor Driver (HKLM-x32\...\InstallShield_{7ABCD56B-9C61-40FA-AB93-A8C3E2812074}) (Version: 1.01.01.003 - FUJITSU LIMITED) Shock Sensor Driver (Version: 1.01.01.003 - FUJITSU LIMITED) Hidden Siemens Corporate Forms (HKLM-x32\...\{3345D22C-4306-45D0-A290-2054FE1BD976}) (Version: 5.40.0.0 - Siemens AG) Siemens Fonts 2001 (HKLM-x32\...\{1774F124-D922-471D-8BA5-B4C198DC2644}) (Version: 1.0.0.1 - Siemens AG, I&S IT PS Erl 56) Siemens Settings for Office Standard 2010 incl. SP1 (x32 Version: 1.0.0.0 - Siemens AG) Hidden Sierra Wireless Fujitsu Mobile Broadband Driver Package (HKLM-x32\...\SWIFujitsuDrvInstaller) (Version: 5.8.1403.4096 - Sierra Wireless, Inc.) SODOCO - Siemens Office DOcument COnfidentiality tool (HKLM-x32\...\{FC106BC6-7185-4B73-B225-4017DB500A81}) (Version: 1.0.0 - Siemens) SPAM / Malware Reporting PlugIn (HKLM-x32\...\{469F302A-B64D-4DA5-9C2B-4F74D003864E}) (Version: 1.2.5.0 - Siemens) SWI Software Package Runtime (HKLM-x32\...\{7E1469E8-126D-4EB0-989C-7B4F274A1030}) (Version: 1.0.0.0 - Siemens AG) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.1 - Synaptics Incorporated) Syncplicity (HKLM\...\{69D16DAD-5ABD-4662-926E-D7F51906E156}) (Version: 4.1.0.1533 - Syncplicity, Inc.) Trend Micro OfficeScan Agent (HKLM-x32\...\OfficeScanNT) (Version: 11.0.6054 - Trend Micro Inc.) Trend Micro OfficeScan Client (x32 Version: 11.0.6054 - Trend Micro Inc.) Hidden UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.5 - uvnc bvba) Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_OMUI.nl-nl_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version: - Microsoft) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_OMUI.nl-nl_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version: - Microsoft) Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_OMUI.nl-nl_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version: - Microsoft) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VLC Media Player (HKLM-x32\...\{B1CF4737-5649-48D7-825B-DC1B4ACA8699}) (Version: 2.2.1 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-462691900-2967613020-3702357964-499332_Classes\CLSID\{0B90CAC9-5F25-3A6E-A76C-1DA7BBD83E85}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-462691900-2967613020-3702357964-499332_Classes\CLSID\{1EE8C74F-B2B4-3589-9BE6-F8D2ED7FEB09}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-462691900-2967613020-3702357964-499332_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-462691900-2967613020-3702357964-499332_Classes\CLSID\{9C027067-52D5-3B48-84A7-1B221CB2F14A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-462691900-2967613020-3702357964-499332_Classes\CLSID\{CF5BB52F-63D2-3FEF-86B2-D85C1EC6494D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-462691900-2967613020-3702357964-499332_Classes\CLSID\{DA79E460-5546-433C-BD10-D9906D9AFD0A}\InprocServer32 -> C:\Users\z00269rd\AppData\Roaming\Siemens\SODOCO - Siemens Office DOcument COnfidentiality tool\adxloader64.dll () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0C8BC3B8-CA32-4369-9252-9D8687A26FFC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-20] (Google Inc.) Task: {0CD91783-9A19-4D30-9983-574156071F9D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.) Task: {2252A937-0233-4F21-B5D3-34E7485D1B60} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {2A5D5B62-925F-4A87-934B-01C772BEAD06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.) Task: {BE77F425-7B27-4FCD-A2D7-1183356CB709} - System32\Tasks\{7AFF461B-F8C4-4615-B8ED-2719D76A14AB} => pcalua.exe -a C:\Users\z00269rd\Downloads\PMHOME_5201DL.exe -d C:\Users\z00269rd\Downloads Task: {DE11E0EC-943C-4892-8464-F110461C4AF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-20] (Google Inc.) Task: {E439D695-9D0A-47B4-B5F9-13A2E27A62BB} - System32\Tasks\Fujitsu\SSUTY\FJSSDaemon => C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe [2012-09-06] (FUJITSU LIMITED) Task: {EC8BA25A-BA17-42A2-804A-B399AAD1938F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-08-01 09:53 - 2013-08-01 09:53 - 00234976 _____ () C:\WINDOWS\system32\gmp4_2_1_64.dll 2016-10-19 16:15 - 2016-04-21 09:26 - 00216576 _____ () C:\Program Files\Siemens\UCMS\Core\UCMS.exe 2011-04-01 12:16 - 2014-12-26 17:22 - 00801792 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\sqlite3.dll 2014-03-28 10:09 - 2007-05-16 12:42 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll 2016-05-06 11:11 - 2016-05-06 11:11 - 03168216 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe 2010-04-22 22:54 - 2012-12-19 05:06 - 01300480 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\libprotobuf.dll 2015-03-31 19:08 - 2015-03-31 19:08 - 00026408 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_system-vc110-mt-1_57.dll 2015-03-31 19:08 - 2015-03-31 19:08 - 00058320 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_date_time-vc110-mt-1_57.dll 2015-03-31 19:09 - 2015-03-31 19:09 - 00686608 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\sqlite3.dll 2015-03-31 19:08 - 2015-03-31 19:08 - 00110320 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_thread-vc110-mt-1_57.dll 2015-03-31 19:08 - 2015-03-31 19:08 - 00036160 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\boost_chrono-vc110-mt-1_57.dll 2016-05-06 11:51 - 2016-05-06 11:51 - 00391128 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\dsIpc.dll 2016-05-06 11:25 - 2016-05-06 11:25 - 00350168 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\Connection Manager\ConnectionManagerService.dll 2016-05-06 10:20 - 2016-05-06 10:20 - 00050648 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\dsOpenSSL.dll 2016-05-06 11:22 - 2016-05-06 11:22 - 00243672 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\ConnectionStore\ConnectionStoreService.dll 2016-05-06 11:37 - 2016-05-06 11:37 - 00235480 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\Integration\IntegrationAccessMethod.dll 2016-05-06 11:26 - 2016-05-06 11:26 - 00497624 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\eapService\eapService.dll 2016-05-06 11:28 - 2016-05-06 11:28 - 00219096 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\8021xAccessMethod\8021xAccessMethod.dll 2016-05-06 11:13 - 2016-05-06 11:13 - 00251864 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiModelService.dll 2016-05-06 11:13 - 2016-05-06 11:13 - 00020440 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiModelServicePS.dll 2016-05-06 11:13 - 2016-05-06 11:13 - 00063448 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiPlugin.dll 2016-05-06 11:13 - 2016-05-06 11:13 - 00026584 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiPromptPluginPS.dll 2012-09-23 19:44 - 2012-09-23 19:44 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\pl_pl\acrotray.pol 2016-11-10 22:10 - 2016-11-08 21:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll 2016-11-10 22:10 - 2016-11-08 21:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll 2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2016-04-23 12:33 - 2016-04-23 12:33 - 00130560 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\pl_pl\PDFMaker\PDFMOutlookAddin.POL 2016-04-23 12:32 - 2016-04-23 12:32 - 03989216 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll 2016-04-23 12:33 - 2016-04-23 12:33 - 01426432 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\pl_PL\PDFMaker\AdobePDFMakerX.POL 2015-11-11 02:42 - 2015-11-11 02:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\aspinfo.fr -> aspinfo.fr IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\atos.net -> click2procure.atos.net IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\bmw.de -> ikom.bmw.de IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\crmondemand.com -> crmondemand.com IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\englishtown.com -> siemens.englishtown.com IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\lufthansa.com -> lufthansa.com IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\placeware.com -> placeware.com IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\sielearn.net -> connected.sielearn.net IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\siemens.com -> *.crm.eps.siemens.com IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\siemens.de -> pacserver.pg.erl.siemens.de IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\siemens.fr -> siemens.fr IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\siemens.net -> weblra.siemens.net IE trusted site: HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\socialcast.com -> hxxps://socialcast.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2016-12-15 17:08 - 00000945 ____A C:\WINDOWS\system32\Drivers\etc\hosts 217.194.36.219 ura-emea.siemens.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-462691900-2967613020-3702357964-499332\Control Panel\Desktop\\Wallpaper -> C:\Users\z00269rd\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 146.254.168.114 - 146.254.160.30 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 4) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [{18928638-3ABA-42FE-B2D4-6CBA5B262D35}] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe FirewallRules: [{6E7A10FF-E3FE-4396-B377-68588B7521E1}] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe FirewallRules: [{D34F6B21-0333-444B-B6EA-13370BCBC617}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{92CBD432-D93A-4A61-9D3C-1F364676CB4A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{D71056AE-97A6-4695-8C31-64F3A1E246ED}C:\users\z00269rd\appdata\roaming\microsoft office\live meeting 8\console\pwconsole.exe] => C:\users\z00269rd\appdata\roaming\microsoft office\live meeting 8\console\pwconsole.exe FirewallRules: [UDP Query User{7ECCCC33-EB4C-4509-A2CD-AAFF705D7F8F}C:\users\z00269rd\appdata\roaming\microsoft office\live meeting 8\console\pwconsole.exe] => C:\users\z00269rd\appdata\roaming\microsoft office\live meeting 8\console\pwconsole.exe FirewallRules: [{F1EB23F5-886D-4D56-8802-18D1C0F16C85}] => C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe FirewallRules: [{34913D21-FB70-42DB-ABF6-EDC578B44957}] => C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe FirewallRules: [{A1ECDC49-FAF6-40CA-8EC2-9E468E9869B4}] => C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe FirewallRules: [{2A78078A-BB04-40CE-B29F-3B9A738612DB}] => C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe FirewallRules: [{4944A56B-CE9D-405A-93C2-ED2EAA74E570}] => C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{17F5921C-EE17-4BDD-9349-766101AEADD1}] => C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{1E590B58-D380-44D8-B641-E98110E56298}] => C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{32E54DBF-C3A7-4884-8504-7C30D8ED7BE3}] => C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{65B4F08B-0EB3-43BE-98F4-A77A34424891}] => C:\Program Files (x86)\Java\jre1.8.0_111\bin\java.exe FirewallRules: [{E244791B-D785-4542-BCC0-335EB85CBDBD}] => LPort=24880 FirewallRules: [{C964714D-C831-46F0-82D7-52B0E0BBBAD4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 10-12-2016 11:40:13 Windows Update 10-12-2016 12:21:22 Windows Update 11-12-2016 23:59:29 Windows Update 15-12-2016 10:13:58 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/13/2016 01:17:12 PM) (Source: MsiInstaller) (EventID: 10005) (User: AD005) Description: Product: RealVNC Enterprise Edition SIT4.5.3 (SVR) -- Internal Error 2711. PATISNewFeature Error: (12/13/2016 01:16:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/13/2016 01:15:31 PM) (Source: UCMS) (EventID: 0) (User: ) Description: Error running function SetSource()Path cannot be the empty string or all whitespace. Error: (12/13/2016 01:10:33 PM) (Source: UCMS) (EventID: 0) (User: ) Description: Error running function SetSource()Wykonano próbę niedozwolonej operacji na kluczu Rejestru, który został oznaczony do usunięcia. Error: (12/13/2016 01:06:57 PM) (Source: Group Policy Registry) (EventID: 8194) (User: NT AUTHORITY) Description: Rozszerzenie po stronie klienta nie może wykonać operacji apply computer dla ustawień zasad D_M_CERT_BasicDomainSecurity.V100_Prod {F31FBEFA-137B-4A76-B27E-44FAD85654B2} w wyniku błędu o kodzie 0x80070035 The network path was not found.%apply00790275. Error: (12/13/2016 01:06:57 PM) (Source: Group Policy Services) (EventID: 8194) (User: NT AUTHORITY) Description: Rozszerzenie po stronie klienta nie może wykonać operacji apply computer dla ustawień zasad O_D_RA106_W7-ClientConfig {CDCB2993-89F6-479C-B642-C8198225140E} w wyniku błędu o kodzie 0x80070035 The network path was not found.%apply00790275. Error: (12/13/2016 01:06:57 PM) (Source: SceCli) (EventID: 1001) (User: ) Description: Propagacja zasad zabezpieczeń nie jest możliwa. Cannot access the template. Error code = 3. \\ad005.onehc.net\sysvol\ad005.onehc.net\Policies\{CDCB2993-89F6-479C-B642-C8198225140E}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. Error: (12/13/2016 01:06:57 PM) (Source: SceCli) (EventID: 1001) (User: ) Description: Propagacja zasad zabezpieczeń nie jest możliwa. Cannot access the template. Error code = 3. \\ad005.onehc.net\sysvol\ad005.onehc.net\Policies\{D281FDC3-68DF-45AD-8303-D1416665F858}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. Error: (12/13/2016 01:06:57 PM) (Source: SceCli) (EventID: 1001) (User: ) Description: Propagacja zasad zabezpieczeń nie jest możliwa. Cannot access the template. Error code = 3. \\ad005.onehc.net\sysvol\ad005.onehc.net\Policies\{8EC6CC09-6D50-42F2-A097-985735F21A64}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. Error: (12/13/2016 01:06:57 PM) (Source: SceCli) (EventID: 1001) (User: ) Description: Propagacja zasad zabezpieczeń nie jest możliwa. Cannot access the template. Error code = 3. \\ad005.onehc.net\sysvol\ad005.onehc.net\Policies\{F0378896-A618-44A7-B69A-1CC78C2497A8}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. System errors: ============= Error: (12/15/2016 07:21:15 PM) (Source: Kerberos) (EventID: 4) (User: ) Description: Klient Kerberos odebrał błąd KRB_AP_ERR_MODIFIED z serwera w99sd090. Używana nazwa docelowa: MSSQLSvc/pulsechecksurvey.siemens.com:11433. Oznacza to, że serwer docelowy nie może odszyfrować biletu dostarczonego przez klienta. Taka sytuacja może wystąpić, gdy główna nazwa serwera docelowego (SPN) jest zarejestrowana na koncie innym niż konto używane przez usługę docelową. Upewnij się, że główna nazwa serwera docelowego jest zarejestrowana wyłącznie na koncie używanym przez serwer. Ten błąd może także wystąpić, gdy usługa docelowa korzysta z innego hasła do konta usługi docelowej niż hasło centrum dystrybucji kluczy Kerberos dla konta usługi docelowej. Upewnij się, że usługa na serwerze i centrum dystrybucji kluczy są zaktualizowane pod kątem korzystania z bieżącego hasła. Jeśli nazwa serwera nie jest w pełni kwalifikowana, a domena docelowa (AD001.SIEMENS.NET) jest inna niż domena klienta (AD005.ONEHC.NET), sprawdź, czy w tych dwóch domenach nie istnieją konta serwera o identycznych nazwach lub użyj w pełni kwalifikowanej nazwy do identyfikacji serwera. Error: (12/15/2016 06:20:56 PM) (Source: Kerberos) (EventID: 4) (User: ) Description: Klient Kerberos odebrał błąd KRB_AP_ERR_MODIFIED z serwera w99sd090. Używana nazwa docelowa: MSSQLSvc/pulsechecksurvey.siemens.com:11433. Oznacza to, że serwer docelowy nie może odszyfrować biletu dostarczonego przez klienta. Taka sytuacja może wystąpić, gdy główna nazwa serwera docelowego (SPN) jest zarejestrowana na koncie innym niż konto używane przez usługę docelową. Upewnij się, że główna nazwa serwera docelowego jest zarejestrowana wyłącznie na koncie używanym przez serwer. Ten błąd może także wystąpić, gdy usługa docelowa korzysta z innego hasła do konta usługi docelowej niż hasło centrum dystrybucji kluczy Kerberos dla konta usługi docelowej. Upewnij się, że usługa na serwerze i centrum dystrybucji kluczy są zaktualizowane pod kątem korzystania z bieżącego hasła. Jeśli nazwa serwera nie jest w pełni kwalifikowana, a domena docelowa (AD001.SIEMENS.NET) jest inna niż domena klienta (AD005.ONEHC.NET), sprawdź, czy w tych dwóch domenach nie istnieją konta serwera o identycznych nazwach lub użyj w pełni kwalifikowanej nazwy do identyfikacji serwera. Error: (12/15/2016 05:33:00 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „O2Micro CCID SC Reader 0” odrzucił żądanie IOCTL 0x313520: Incorrect function.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: XX XX XX XX Error: (12/15/2016 05:32:55 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „O2Micro CCID SC Reader 0” odrzucił żądanie IOCTL 0x313520: Incorrect function.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: XX XX XX XX Error: (12/15/2016 05:32:55 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „O2Micro CCID SC Reader 0” odrzucił żądanie IOCTL 0x313520: Incorrect function.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: XX XX XX XX Error: (12/15/2016 05:32:51 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „O2Micro CCID SC Reader 0” odrzucił żądanie IOCTL 0x313520: Incorrect function.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: XX XX XX XX Error: (12/15/2016 05:20:49 PM) (Source: Kerberos) (EventID: 4) (User: ) Description: Klient Kerberos odebrał błąd KRB_AP_ERR_MODIFIED z serwera w99sd090. Używana nazwa docelowa: MSSQLSvc/pulsechecksurvey.siemens.com:11433. Oznacza to, że serwer docelowy nie może odszyfrować biletu dostarczonego przez klienta. Taka sytuacja może wystąpić, gdy główna nazwa serwera docelowego (SPN) jest zarejestrowana na koncie innym niż konto używane przez usługę docelową. Upewnij się, że główna nazwa serwera docelowego jest zarejestrowana wyłącznie na koncie używanym przez serwer. Ten błąd może także wystąpić, gdy usługa docelowa korzysta z innego hasła do konta usługi docelowej niż hasło centrum dystrybucji kluczy Kerberos dla konta usługi docelowej. Upewnij się, że usługa na serwerze i centrum dystrybucji kluczy są zaktualizowane pod kątem korzystania z bieżącego hasła. Jeśli nazwa serwera nie jest w pełni kwalifikowana, a domena docelowa (AD001.SIEMENS.NET) jest inna niż domena klienta (AD005.ONEHC.NET), sprawdź, czy w tych dwóch domenach nie istnieją konta serwera o identycznych nazwach lub użyj w pełni kwalifikowanej nazwy do identyfikacji serwera. Error: (12/15/2016 05:08:21 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „O2Micro CCID SC Reader 0” odrzucił żądanie IOCTL 0x313520: Incorrect function.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: XX XX XX XX Error: (12/15/2016 05:08:15 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „O2Micro CCID SC Reader 0” odrzucił żądanie IOCTL 0x313520: Incorrect function.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: XX XX XX XX Error: (12/15/2016 05:08:14 PM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Czytnik kart inteligentnych „O2Micro CCID SC Reader 0” odrzucił żądanie IOCTL 0x313520: Incorrect function.. Jeśli ten błąd będzie się powtarzać, może to oznaczać, że karta inteligentna lub czytnik nie działa poprawnie. Nagłówek polecenia: XX XX XX XX ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4300M CPU @ 2.60GHz Percentage of memory in use: 42% Total physical RAM: 8089.91 MB Available physical RAM: 4665.14 MB Total Virtual: 16178 MB Available Virtual: 11919.21 MB ==================== Drives ================================ Drive c: (SYSTEM) (Fixed) (Total:465.26 GB) (Free:353.4 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Removable) (Total:7.16 GB) (Free:7.16 GB) FAT32 Drive o: (HOME_FS) (Network) (Total:1710.24 GB) (Free:366.38 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BC1578BF) Partition 1: (Active) - (Size=512 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 13DD6CF4) Partition 1: (Active) - (Size=7.2 GB) - (Type=0B) ==================== End of Addition.txt ============================