Hey, not a member of Up2Share yet? Sign up, it unlocks many cool features!
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by M2-1900 (25-11-2016 22:49:32)
Running from C:\Users\M2-1900\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-25 02:28:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1808197995-3367824734-3781666586-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1808197995-3367824734-3781666586-503 - Limited - Disabled)
Guest (S-1-5-21-1808197995-3367824734-3781666586-501 - Limited - Disabled)
M2-1900 (S-1-5-21-1808197995-3367824734-3781666586-1001 - Administrator - Enabled) => C:\Users\M2-1900
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1808197995-3367824734-3781666586-1001\...\uTorrent) (Version: 3.4.9.42923 - BitTorrent Inc.)
Ad-Aware Antivirus (HKLM\...\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater) (Version: 11.12.945.9202 - Lavasoft)
AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_53a35a181eeb50486a0e091bd67ae62) (Version: 10.0 - Adobe Systems Incorporated)
amuleC (HKLM-x32\...\{19539992-061C-4E8B-9053-07B175303AF4}) (Version: 1.0.1 - amuleC)
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC)
AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.9.0001 - Asmedia Technology)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
DoNotSpy10 (HKLM-x32\...\{32D066BD-F94C-4948-8FA8-84653EE9617E}_is1) (Version: 1.1.0.0 - pXc-coding.com)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.135.1 - Intel Security)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 604.10125.2655.573 - Intel Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
M-Audio Fast Track Pro 6.1.11 (x64) (HKLM\...\{F1575328-1680-4E8D-905F-EC9646588225}) (Version: 6.1.11 - M-Audio)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PokerStars.es (HKLM-x32\...\PokerStars.es) (Version: - PokerStars.es)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
VideoPad, editor de vídeo (HKLM-x32\...\VideoPad) (Version: 4.51 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Intel (TXEIx64) System (06/16/2015 2.0.0.1067) (HKLM\...\D8F92F76480BA2859A5A580C1973B6C4B463A754) (Version: 06/16/2015 2.0.0.1067 - Intel)
Windows Driver Package - Intel System (04/22/2015 10.0.27) (HKLM\...\4F043B1523E88E66C71E75807546A6B89A149024) (Version: 04/22/2015 10.0.27 - Intel)
Windows Driver Package - Intel System (04/22/2015 10.0.27) (HKLM\...\8724115E4AD60F82721F2511493856406881F3BE) (Version: 04/22/2015 10.0.27 - Intel)
Windows Driver Package - Intel System (04/22/2015 10.0.27) (HKLM\...\C2E04C3A435271574D9636E46D2F9F5C4E51D695) (Version: 04/22/2015 10.0.27 - Intel)
Windows Driver Package - Intel System (04/22/2015 10.0.27) (HKLM\...\E554CC202B4B2F3C0AD85299B5E6F3A518C554AC) (Version: 04/22/2015 10.0.27 - Intel)
Windows Driver Package - Intel USB (04/22/2015 10.0.27) (HKLM\...\E1D5520CC7BFBEA47C3016B0D2D15C74ED578248) (Version: 04/22/2015 10.0.27 - Intel)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1808197995-3367824734-3781666586-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2A0188FE-E9AA-40F9-A223-FC4AD1EBE520} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {31DE7893-2DB5-4C70-82F0-D145880DEB89} - System32\Tasks\Prowinganemersh Schedule => C:\Program Files (x86)\Jetuknenak\couck.exe
Task: {41D8A755-D86C-4187-9C28-FAE52D4A4F25} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {6282E8EF-E7FC-4F33-A600-E6A1A7102401} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {6FB13868-3DEC-4519-8DE0-69C904A2F4A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {73E77D59-1739-46A8-8A5F-7251A0EE2516} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {8FD45653-A9C5-4F5D-8AD5-A2D921BE5093} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {974CD86F-F990-4240-9E57-2123A90C0FD4} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {A13A3DBB-AF4D-4E4D-A2DF-96E00C0DA1C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation)
Task: {A97D8CDE-47D7-48A9-A91E-5633B070593A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {AAF625D7-498B-47CE-A5BF-24E4001BA3A6} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Application\uclauncher.exe <==== ATTENTION
Task: {B2B061B0-2C8C-4C8A-82FE-4387F226BC69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {BA44026E-5515-4EE7-81AE-EB5B1F768C76} - System32\Tasks\{2DB6F411-C3F2-4F09-B087-190A0C11BD28} => pcalua.exe -a C:\Users\M2-1900\Desktop\SETUP.EXE -d C:\Users\M2-1900\Desktop
Task: {DAFA393C-014F-4DB9-A701-55D3C4A2F236} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {F2E8A111-4257-4F3E-846B-391282B35EA4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation)
Task: {FBCE1E6D-8301-4108-BB24-0CBC5C47ACD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-24] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\M2-1900\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nchsoftware.com/es/index.html
Shortcut: C:\Users\M2-1900\Desktop\Niaim\NIA\DivХ Рlus Сonvеrter.lnk -> C:\Users\M2-1900\AppData\Roaming\Browsers\exe.rehcnualretrevnocxvid.bat (No File) <===== Cyrillic
Shortcut: C:\Users\M2-1900\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Сhrоme.lnk -> C:\Users\M2-1900\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 20:14 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-18 20:22 - 2016-07-18 20:22 - 00732056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
2016-07-18 20:27 - 2016-07-18 20:27 - 00030464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00146184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00068872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 11625208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareServiceKernel.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03420880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\RCF.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 01005824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_regex-vc140-mt-1_61.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00124672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00040192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00986864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareActivation.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00623360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareApplicationUpdater.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00837872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareGamingMode.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00111336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareReset.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00134368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTime.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01049856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdater.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00901392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdaterScheduler.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01104624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIgnoreList.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00268016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareQuarantine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01630464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiMalwareEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00226048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiRootkitEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01179384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerHistory.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01377512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScanner.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00039680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_timer-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01025784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerScheduler.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01205504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 02663672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIncompatibles.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01520872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiSpam.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01457904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiPhishing.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03464440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareParentalControl.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03124472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareWebProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01327864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareEmailProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00073480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_iostreams-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01905408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNetworkProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01031912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePromo.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00467688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareFeedback.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03159808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareThreatWorkAlliance.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01313512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePinCode.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01033960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNotice.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01597680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAvcEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01170704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtectionHistory.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00535280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareStatistics.dll
2016-09-29 20:14 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-30 09:23 - 2016-06-30 09:23 - 00592384 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2016-09-25 07:42 - 2016-09-25 07:42 - 01864384 _____ () C:\Users\M2-1900\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-08-20 12:54 - 2016-10-30 17:12 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 04123896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll
2016-09-25 13:01 - 2016-09-25 13:01 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 15:42 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 15:42 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 15:42 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 15:42 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 15:42 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 15:42 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-17 08:57 - 2016-11-17 08:57 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 08:57 - 2016-11-17 08:57 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 08:57 - 2016-11-17 08:57 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 09571552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
2016-07-18 20:26 - 2016-07-18 20:26 - 00539392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 02485992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00871672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll
2016-06-30 12:24 - 2016-06-30 12:24 - 00564224 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll
2016-08-20 12:54 - 2016-10-30 15:18 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-09-25 07:42 - 2016-09-25 07:42 - 01383616 _____ () C:\Users\M2-1900\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-09-25 07:42 - 2016-09-25 07:42 - 00118976 _____ () C:\Users\M2-1900\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-10-27 12:10 - 2016-10-20 09:47 - 01819240 _____ () C:\Program Files (x86)\Fishpat\Application\libglesv2.dll
2016-10-27 12:10 - 2016-10-20 09:47 - 00093288 _____ () C:\Program Files (x86)\Fishpat\Application\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 08:24 - 2016-11-15 09:02 - 00001039 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1808197995-3367824734-3781666586-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\M2-1900\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{8e3931af-bac0-452c-88f7-6b6ee315aea0}.jpg
DNS Servers: 87.216.1.65 - 87.216.1.66
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F2CBA332-18D8-4DC9-8823-27382F415774}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A5918A24-5CEC-4EA6-87E8-070D04156091}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{CE297951-FA4B-4A12-A33E-9CD09AD19E2D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0267C25B-A3A5-4AF4-93CF-BE3D20D146E9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{6B589743-1262-4B15-8F62-B6077AE6FA55}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{CC3A4E38-82BE-474B-82DD-1BEE03BDF9DA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{E16EADE1-FD44-446F-94DD-6FDEC6B0D476}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{C7A22510-2CB0-4F48-995F-0D5D1FABFB9C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{7994123A-63B1-448C-8319-49ABF4EBBA36}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{55F3D958-74F2-43A4-828F-BC56358311F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{88DC9194-D293-439B-A7F1-01D5315E29A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A6FBC07D-9A94-46B8-B22A-A84B8786EAF5}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{26964E38-EA46-49F0-8EF2-F11521931205}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDE43F15-E8C5-4952-AEFB-247703C49A0A}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C333CDB2-12E1-4D0E-8078-EAAFFFB8DD3D}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F1848021-1010-4596-9D86-B3264DA403C6}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5540EABF-A472-4109-8CCF-6DC58833AFD4}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D1F4CF84-855A-430F-9751-8CF78AAE0484}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{547186B5-722D-4A27-92E4-F1FCD1FED2DC}] => (Allow) E:\win8.1激活工具\KMSELDI.exe
FirewallRules: [{B44849C1-5273-4447-B313-7F912059F057}] => (Allow) E:\win8.1激活工具\KMSELDI.exe
FirewallRules: [TCP Query User{8D9167B6-1EE9-41BD-AF87-84589F8E348C}C:\program files (x86)\hotjob\application\chrome.exe] => (Block) C:\program files (x86)\hotjob\application\chrome.exe
FirewallRules: [UDP Query User{17838C33-2B0A-47A4-9A71-C904427F0990}C:\program files (x86)\hotjob\application\chrome.exe] => (Block) C:\program files (x86)\hotjob\application\chrome.exe
FirewallRules: [TCP Query User{6B5C51F4-D37D-49ED-A3DB-81F324B424E0}C:\users\m2-1900\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Block) C:\users\m2-1900\appdata\roaming\utorrent\updates\3.4.9_42606.exe
FirewallRules: [UDP Query User{084C3BC8-296A-41F1-9466-A45D264F5DA4}C:\users\m2-1900\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Block) C:\users\m2-1900\appdata\roaming\utorrent\updates\3.4.9_42606.exe
FirewallRules: [{5C8CC100-4BC1-4B44-AF51-7439A0E82D6D}] => (Allow) C:\Program Files (x86)\Fishpat\Application\chrome.exe
FirewallRules: [{4800331E-90FE-4BB9-8A19-C18FC71F0089}] => (Allow) C:\WINDOWS\explorer.exe
FirewallRules: [{DDEE8093-0BF1-4FE4-B2A0-35D66A28BD4B}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{C803E91A-24F6-4C5F-86F9-DF0631F281C1}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{122DD456-EAEA-46E6-9C13-140CA6135BFB}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{4BF890BA-F797-46DF-8275-57B0D0DA4C5C}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{948849D3-49FD-4E84-AA93-67B62185AF8F}] => (Allow) C:\Users\M2-1900\AppData\Local\Temp\is-CR9T3.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{EFFDC550-1CCA-42D8-A4A6-115B863F8106}] => (Allow) C:\Users\M2-1900\AppData\Local\Temp\00006328\inst_buychannel_07.exe
FirewallRules: [{A2F5212B-AA57-48DC-89AA-F72FB5914F5E}] => (Allow) C:\Users\M2-1900\AppData\Local\Temp\00006328\inst_buychannel_07.exe
FirewallRules: [{4644E734-73CB-4604-A0EC-FDE1E1F144DF}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
FirewallRules: [{519963A6-906C-4625-96D3-1EC0FE18417C}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
FirewallRules: [{6746D451-8F4D-4689-9351-2F169E9BA9D3}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{982416AD-62FE-4A0A-9353-0A5B2EDCA96E}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{FF4BA05D-1789-47F9-ACEC-52DA8268C689}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{B0C31E0C-6A85-44CE-BDDE-76BA94B82D30}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [TCP Query User{8B3F6289-6A95-479F-A4D6-C8EF77015B9D}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{6EA3D4A7-67E4-43BF-A6E1-55CF1C8F6D01}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
==================== Restore Points =========================
24-11-2016 19:36:41 AA11
==================== Faulty Device Manager Devices =============
Name: Intel(R) Trusted Execution Engine Interface
Description: Intel(R) Trusted Execution Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: TXEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Intel(R) Pentium(R) processor N- and J-series / Intel(R) Celeron(R) processor N- and J-series AHCI - 0F23
Description: Intel(R) Pentium(R) processor N- and J-series / Intel(R) Celeron(R) processor N- and J-series AHCI - 0F23
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: storahci
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/25/2016 10:38:32 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).
Error: (11/25/2016 10:38:31 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).
Error: (11/25/2016 10:28:27 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).
Error: (11/25/2016 10:28:27 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).
Error: (11/25/2016 10:28:22 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).
Error: (11/25/2016 10:28:22 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).
Error: (11/25/2016 10:28:17 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).
Error: (11/25/2016 10:28:17 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).
Error: (11/25/2016 10:28:12 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).
Error: (11/25/2016 10:28:12 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3).
System errors:
=============
Error: (11/25/2016 09:37:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (11/25/2016 09:37:15 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Themes service depends on the following service: iThemes5. This service might not be installed.
Error: (11/25/2016 09:37:00 PM) (Source: TXEIx64) (EventID: 3) (User: )
Description: Intel(R) Trusted Execution Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x01040190, FWSTS1: 0x100A0000).
Error: (11/25/2016 09:37:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:25:29 PM on 11/25/2016 was unexpected.
Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Fast Track Pro Audio Device Monitor service terminated unexpectedly. It has done this 1 time(s).
Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2016-11-24 17:04:02.223
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2016-11-24 16:53:25.110
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2016-11-24 16:38:25.050
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2016-11-24 15:32:04.307
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2016-11-24 13:58:44.739
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2016-11-24 12:59:57.272
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2016-11-24 12:54:01.368
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2016-11-24 12:31:38.175
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2016-11-24 10:54:17.810
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
Date: 2016-11-24 10:11:37.263
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Percentage of memory in use: 54%
Total physical RAM: 4003.1 MB
Available physical RAM: 1821.34 MB
Total Virtual: 4707.1 MB
Available Virtual: 2251.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:49.56 GB) (Free:18.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Drivers) (Fixed) (Total:67.99 GB) (Free:67.82 GB) NTFS
Drive f: (INTENSO) (Fixed) (Total:3726.01 GB) (Free:1117.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 6F298025)
Partition 1: (Active) - (Size=49.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=68 GB) - (Type=OF Extended)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
==================== End of Addition.txt ============================
