Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016 Ran by M2-1900 (25-11-2016 22:49:32) Running from C:\Users\M2-1900\Downloads Windows 10 Pro Version 1607 (X64) (2016-09-25 02:28:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1808197995-3367824734-3781666586-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1808197995-3367824734-3781666586-503 - Limited - Disabled) Guest (S-1-5-21-1808197995-3367824734-3781666586-501 - Limited - Disabled) M2-1900 (S-1-5-21-1808197995-3367824734-3781666586-1001 - Administrator - Enabled) => C:\Users\M2-1900 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1808197995-3367824734-3781666586-1001\...\uTorrent) (Version: 3.4.9.42923 - BitTorrent Inc.) Ad-Aware Antivirus (HKLM\...\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater) (Version: 11.12.945.9202 - Lavasoft) AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated) Adobe Photoshop CS3 (HKLM-x32\...\Adobe_53a35a181eeb50486a0e091bd67ae62) (Version: 10.0 - Adobe Systems Incorporated) amuleC (HKLM-x32\...\{19539992-061C-4E8B-9053-07B175303AF4}) (Version: 1.0.1 - amuleC) amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC) AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.9.0001 - Asmedia Technology) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) DoNotSpy10 (HKLM-x32\...\{32D066BD-F94C-4948-8FA8-84653EE9617E}_is1) (Version: 1.1.0.0 - pXc-coding.com) Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.135.1 - Intel Security) Intel(R) Chipset Device Software (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 604.10125.2655.573 - Intel Corporation) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) M-Audio Fast Track Pro 6.1.11 (x64) (HKLM\...\{F1575328-1680-4E8D-905F-EC9646588225}) (Version: 6.1.11 - M-Audio) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden PokerStars.es (HKLM-x32\...\PokerStars.es) (Version: - PokerStars.es) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.) VideoPad, editor de vídeo (HKLM-x32\...\VideoPad) (Version: 4.51 - NCH Software) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Windows Driver Package - Intel (TXEIx64) System (06/16/2015 2.0.0.1067) (HKLM\...\D8F92F76480BA2859A5A580C1973B6C4B463A754) (Version: 06/16/2015 2.0.0.1067 - Intel) Windows Driver Package - Intel System (04/22/2015 10.0.27) (HKLM\...\4F043B1523E88E66C71E75807546A6B89A149024) (Version: 04/22/2015 10.0.27 - Intel) Windows Driver Package - Intel System (04/22/2015 10.0.27) (HKLM\...\8724115E4AD60F82721F2511493856406881F3BE) (Version: 04/22/2015 10.0.27 - Intel) Windows Driver Package - Intel System (04/22/2015 10.0.27) (HKLM\...\C2E04C3A435271574D9636E46D2F9F5C4E51D695) (Version: 04/22/2015 10.0.27 - Intel) Windows Driver Package - Intel System (04/22/2015 10.0.27) (HKLM\...\E554CC202B4B2F3C0AD85299B5E6F3A518C554AC) (Version: 04/22/2015 10.0.27 - Intel) Windows Driver Package - Intel USB (04/22/2015 10.0.27) (HKLM\...\E1D5520CC7BFBEA47C3016B0D2D15C74ED578248) (Version: 04/22/2015 10.0.27 - Intel) WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1808197995-3367824734-3781666586-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2A0188FE-E9AA-40F9-A223-FC4AD1EBE520} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {31DE7893-2DB5-4C70-82F0-D145880DEB89} - System32\Tasks\Prowinganemersh Schedule => C:\Program Files (x86)\Jetuknenak\couck.exe Task: {41D8A755-D86C-4187-9C28-FAE52D4A4F25} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION Task: {6282E8EF-E7FC-4F33-A600-E6A1A7102401} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {6FB13868-3DEC-4519-8DE0-69C904A2F4A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {73E77D59-1739-46A8-8A5F-7251A0EE2516} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {8FD45653-A9C5-4F5D-8AD5-A2D921BE5093} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe Task: {974CD86F-F990-4240-9E57-2123A90C0FD4} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION Task: {A13A3DBB-AF4D-4E4D-A2DF-96E00C0DA1C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation) Task: {A97D8CDE-47D7-48A9-A91E-5633B070593A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation) Task: {AAF625D7-498B-47CE-A5BF-24E4001BA3A6} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Application\uclauncher.exe <==== ATTENTION Task: {B2B061B0-2C8C-4C8A-82FE-4387F226BC69} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {BA44026E-5515-4EE7-81AE-EB5B1F768C76} - System32\Tasks\{2DB6F411-C3F2-4F09-B087-190A0C11BD28} => pcalua.exe -a C:\Users\M2-1900\Desktop\SETUP.EXE -d C:\Users\M2-1900\Desktop Task: {DAFA393C-014F-4DB9-A701-55D3C4A2F236} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation) Task: {F2E8A111-4257-4F3E-846B-391282B35EA4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation) Task: {FBCE1E6D-8301-4108-BB24-0CBC5C47ACD6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-24] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\M2-1900\Favorites\Sitio para descargas de NCH Software.lnk -> hxxp://www.nchsoftware.com/es/index.html Shortcut: C:\Users\M2-1900\Desktop\Niaim\NIA\DivХ Рlus Сonvеrter.lnk -> C:\Users\M2-1900\AppData\Roaming\Browsers\exe.rehcnualretrevnocxvid.bat (No File) <===== Cyrillic Shortcut: C:\Users\M2-1900\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Сhrоme.lnk -> C:\Users\M2-1900\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-09-29 20:14 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-18 20:22 - 2016-07-18 20:22 - 00732056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe 2016-07-18 20:27 - 2016-07-18 20:27 - 00030464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00146184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00068872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 11625208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareServiceKernel.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 03420880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\RCF.dll 2016-07-18 20:27 - 2016-07-18 20:27 - 01005824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_regex-vc140-mt-1_61.dll 2016-07-18 20:27 - 2016-07-18 20:27 - 00124672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00040192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00986864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareActivation.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00623360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareApplicationUpdater.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00837872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareGamingMode.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00111336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareReset.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00134368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTime.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01049856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdater.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00901392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdaterScheduler.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01104624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIgnoreList.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00268016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareQuarantine.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01630464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiMalwareEngine.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00226048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiRootkitEngine.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01179384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerHistory.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01377512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScanner.dll 2016-07-18 20:27 - 2016-07-18 20:27 - 00039680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_timer-vc140-mt-1_61.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01025784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerScheduler.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01205504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtection.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 02663672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareIncompatibles.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01520872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiSpam.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01457904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiPhishing.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 03464440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareParentalControl.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 03124472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareWebProtection.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01327864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareEmailProtection.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00073480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_iostreams-vc140-mt-1_61.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01905408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNetworkProtection.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01031912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePromo.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00467688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareFeedback.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 03159808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareThreatWorkAlliance.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01313512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwarePinCode.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01033960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareNotice.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01597680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareAvcEngine.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 01170704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtectionHistory.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00535280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareStatistics.dll 2016-09-29 20:14 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-06-30 09:23 - 2016-06-30 09:23 - 00592384 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll 2016-09-25 07:42 - 2016-09-25 07:42 - 01864384 _____ () C:\Users\M2-1900\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll 2016-08-20 12:54 - 2016-10-30 17:12 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 04123896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll 2016-09-25 13:01 - 2016-09-25 13:01 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-11-09 15:42 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-09 15:42 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 15:42 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-09 15:42 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-09 15:42 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 15:42 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-11-17 08:57 - 2016-11-17 08:57 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-11-17 08:57 - 2016-11-17 08:57 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-11-17 08:57 - 2016-11-17 08:57 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 09571552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe 2016-07-18 20:26 - 2016-07-18 20:26 - 00539392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 02485992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll 2016-07-18 20:26 - 2016-07-18 20:26 - 00871672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll 2016-06-30 12:24 - 2016-06-30 12:24 - 00564224 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll 2016-08-20 12:54 - 2016-10-30 15:18 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll 2016-09-25 07:42 - 2016-09-25 07:42 - 01383616 _____ () C:\Users\M2-1900\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll 2016-09-25 07:42 - 2016-09-25 07:42 - 00118976 _____ () C:\Users\M2-1900\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll 2016-10-27 12:10 - 2016-10-20 09:47 - 01819240 _____ () C:\Program Files (x86)\Fishpat\Application\libglesv2.dll 2016-10-27 12:10 - 2016-10-20 09:47 - 00093288 _____ () C:\Program Files (x86)\Fishpat\Application\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850] AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536] AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 08:24 - 2016-11-15 09:02 - 00001039 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1808197995-3367824734-3781666586-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\M2-1900\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{8e3931af-bac0-452c-88f7-6b6ee315aea0}.jpg DNS Servers: 87.216.1.65 - 87.216.1.66 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{F2CBA332-18D8-4DC9-8823-27382F415774}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{A5918A24-5CEC-4EA6-87E8-070D04156091}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{CE297951-FA4B-4A12-A33E-9CD09AD19E2D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{0267C25B-A3A5-4AF4-93CF-BE3D20D146E9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{6B589743-1262-4B15-8F62-B6077AE6FA55}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{CC3A4E38-82BE-474B-82DD-1BEE03BDF9DA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{E16EADE1-FD44-446F-94DD-6FDEC6B0D476}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{C7A22510-2CB0-4F48-995F-0D5D1FABFB9C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{7994123A-63B1-448C-8319-49ABF4EBBA36}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{55F3D958-74F2-43A4-828F-BC56358311F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{88DC9194-D293-439B-A7F1-01D5315E29A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{A6FBC07D-9A94-46B8-B22A-A84B8786EAF5}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{26964E38-EA46-49F0-8EF2-F11521931205}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CDE43F15-E8C5-4952-AEFB-247703C49A0A}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C333CDB2-12E1-4D0E-8078-EAAFFFB8DD3D}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F1848021-1010-4596-9D86-B3264DA403C6}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5540EABF-A472-4109-8CCF-6DC58833AFD4}] => (Allow) C:\Users\M2-1900\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D1F4CF84-855A-430F-9751-8CF78AAE0484}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{547186B5-722D-4A27-92E4-F1FCD1FED2DC}] => (Allow) E:\win8.1激活工具\KMSELDI.exe FirewallRules: [{B44849C1-5273-4447-B313-7F912059F057}] => (Allow) E:\win8.1激活工具\KMSELDI.exe FirewallRules: [TCP Query User{8D9167B6-1EE9-41BD-AF87-84589F8E348C}C:\program files (x86)\hotjob\application\chrome.exe] => (Block) C:\program files (x86)\hotjob\application\chrome.exe FirewallRules: [UDP Query User{17838C33-2B0A-47A4-9A71-C904427F0990}C:\program files (x86)\hotjob\application\chrome.exe] => (Block) C:\program files (x86)\hotjob\application\chrome.exe FirewallRules: [TCP Query User{6B5C51F4-D37D-49ED-A3DB-81F324B424E0}C:\users\m2-1900\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Block) C:\users\m2-1900\appdata\roaming\utorrent\updates\3.4.9_42606.exe FirewallRules: [UDP Query User{084C3BC8-296A-41F1-9466-A45D264F5DA4}C:\users\m2-1900\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Block) C:\users\m2-1900\appdata\roaming\utorrent\updates\3.4.9_42606.exe FirewallRules: [{5C8CC100-4BC1-4B44-AF51-7439A0E82D6D}] => (Allow) C:\Program Files (x86)\Fishpat\Application\chrome.exe FirewallRules: [{4800331E-90FE-4BB9-8A19-C18FC71F0089}] => (Allow) C:\WINDOWS\explorer.exe FirewallRules: [{DDEE8093-0BF1-4FE4-B2A0-35D66A28BD4B}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{C803E91A-24F6-4C5F-86F9-DF0631F281C1}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{122DD456-EAEA-46E6-9C13-140CA6135BFB}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe FirewallRules: [{4BF890BA-F797-46DF-8275-57B0D0DA4C5C}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{948849D3-49FD-4E84-AA93-67B62185AF8F}] => (Allow) C:\Users\M2-1900\AppData\Local\Temp\is-CR9T3.tmp\download\MiniThunderPlatform.exe FirewallRules: [{EFFDC550-1CCA-42D8-A4A6-115B863F8106}] => (Allow) C:\Users\M2-1900\AppData\Local\Temp\00006328\inst_buychannel_07.exe FirewallRules: [{A2F5212B-AA57-48DC-89AA-F72FB5914F5E}] => (Allow) C:\Users\M2-1900\AppData\Local\Temp\00006328\inst_buychannel_07.exe FirewallRules: [{4644E734-73CB-4604-A0EC-FDE1E1F144DF}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe FirewallRules: [{519963A6-906C-4625-96D3-1EC0FE18417C}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe FirewallRules: [{6746D451-8F4D-4689-9351-2F169E9BA9D3}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe FirewallRules: [{982416AD-62FE-4A0A-9353-0A5B2EDCA96E}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe FirewallRules: [{FF4BA05D-1789-47F9-ACEC-52DA8268C689}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe FirewallRules: [{B0C31E0C-6A85-44CE-BDDE-76BA94B82D30}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe FirewallRules: [TCP Query User{8B3F6289-6A95-479F-A4D6-C8EF77015B9D}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe FirewallRules: [UDP Query User{6EA3D4A7-67E4-43BF-A6E1-55CF1C8F6D01}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe ==================== Restore Points ========================= 24-11-2016 19:36:41 AA11 ==================== Faulty Device Manager Devices ============= Name: Intel(R) Trusted Execution Engine Interface Description: Intel(R) Trusted Execution Engine Interface Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: TXEIx64 Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Intel(R) Pentium(R) processor N- and J-series / Intel(R) Celeron(R) processor N- and J-series AHCI - 0F23 Description: Intel(R) Pentium(R) processor N- and J-series / Intel(R) Celeron(R) processor N- and J-series AHCI - 0F23 Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: storahci Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/25/2016 10:38:32 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3). Error: (11/25/2016 10:38:31 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3). Error: (11/25/2016 10:28:27 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3). Error: (11/25/2016 10:28:27 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3). Error: (11/25/2016 10:28:22 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3). Error: (11/25/2016 10:28:22 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3). Error: (11/25/2016 10:28:17 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3). Error: (11/25/2016 10:28:17 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3). Error: (11/25/2016 10:28:12 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3). Error: (11/25/2016 10:28:12 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_OFF (error %3). System errors: ============= Error: (11/25/2016 09:37:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (11/25/2016 09:37:15 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The Themes service depends on the following service: iThemes5. This service might not be installed. Error: (11/25/2016 09:37:00 PM) (Source: TXEIx64) (EventID: 3) (User: ) Description: Intel(R) Trusted Execution Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x01040190, FWSTS1: 0x100A0000). Error: (11/25/2016 09:37:15 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:25:29 PM on ‎11/‎25/‎2016 was unexpected. Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Fast Track Pro Audio Device Monitor service terminated unexpectedly. It has done this 1 time(s). Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s). Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (11/25/2016 09:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-11-24 17:04:02.223 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-11-24 16:53:25.110 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-11-24 16:38:25.050 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-11-24 15:32:04.307 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-11-24 13:58:44.739 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-11-24 12:59:57.272 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-11-24 12:54:01.368 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-11-24 12:31:38.175 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-11-24 10:54:17.810 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-11-24 10:11:37.263 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz Percentage of memory in use: 54% Total physical RAM: 4003.1 MB Available physical RAM: 1821.34 MB Total Virtual: 4707.1 MB Available Virtual: 2251.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:49.56 GB) (Free:18.52 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: (Drivers) (Fixed) (Total:67.99 GB) (Free:67.82 GB) NTFS Drive f: (INTENSO) (Fixed) (Total:3726.01 GB) (Free:1117.02 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 6F298025) Partition 1: (Active) - (Size=49.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) Partition 3: (Not Active) - (Size=68 GB) - (Type=OF Extended) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ==================== End of Addition.txt ============================