Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01 Ran by ZIVIANI (2016-04-17 15:47:34) Running from C:\Users\ZIVIANI\Desktop Windows Server 2016 Technical Preview 4 (X64) (2015-11-28 18:06:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4219469387-1262884220-599662508-500 - Administrator - Enabled) => C:\Users\Administrator amanda (S-1-5-21-4219469387-1262884220-599662508-1003 - Limited - Enabled) => C:\Users\amanda DefaultAccount (S-1-5-21-4219469387-1262884220-599662508-503 - Limited - Disabled) Guest (S-1-5-21-4219469387-1262884220-599662508-501 - Limited - Disabled) ZIVIANI (S-1-5-21-4219469387-1262884220-599662508-1000 - Administrator - Enabled) => C:\Users\ZIVIANI ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\uTorrent) (Version: 3.4.6.41079 - BitTorrent Inc.) 7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov) Active@ File Recovery 15 (HKLM\...\{177608F6-F029-4301-B176-15BA7C605B73}_is1) (Version: 15 - LSoft Technologies Inc) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Aplicativo Itaú (HKLM-x32\...\{F88F4F33-A3C7-4B34-AFEA-944E29A95F62}) (Version: 1.0.58 - Banco Itaú) Audacity 1.3.2 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.) clrmamepro (HKLM-x32\...\clrmamepro) (Version: 4.00.28.0 - Roman Scherzer) CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\CopyTrans Suite) (Version: 4.004 - WindSolutions) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform) DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.3.0.3 - DiskInternals Research) Duplicate File Detective 6 (HKLM\...\{E8285D18-D247-4EE8-9977-05CF8B3B8D39}) (Version: 6.0.72 - Key Metric Software) EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS) Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden GitHub (HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\5f7eb300e2ea4ebf) (Version: 3.0.12.0 - GitHub, Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.18) (Version: 9.18 - Artifex Software Inc.) GridinSoft Anti-Malware (HKLM-x32\...\GridinSoft Anti-Malware) (Version: 3.0.32 - GridinSoft LLC) HCWP Web Components (HKLM-x32\...\{8EB3B359-A38C-448A-B2A6-54AE434776CA}_is1) (Version: - ) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.) Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.10.0 - Intel) Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.2 - Receita Federal do Brasil) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden K-Lite Mega Codec Pack 12.0.1 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.0.1 - KLCP) Kodi (HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\Kodi) (Version: - XBMC-Foundation) LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.3 - LG Electronics) LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.11.3.0 - LG Electronics) LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere) Magic MP3 Tagger 2.2.6 (HKLM-x32\...\uniquemagicmp3taggerappid_is1) (Version: - Mathias Kunter) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.6741.2021 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1013 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1013 - Microsoft Corporation) Hidden Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software) Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation) OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1015 - Passmark Software) PCB Artist Version 3.1 (HKLM-x32\...\{284A25AA-96B4-449D-BBA0-D0C97A5E213E}) (Version: 3.1 - Advanced Circuits) Python 3.2 pygame-1.9.2a0 (HKLM-x32\...\{265E2F1D-0025-45DF-B83B-8320466108A8}) (Version: 1.9.2 - Pete Shinners, Rene Dudfield, Marcus von Appen, Bob Pendleton, others...) Python 3.2.3 (HKLM-x32\...\{789C9644-9F82-44d3-B4CA-AC31F46F5882}) (Version: 3.2.3150 - Python Software Foundation) QPST 2.7 (HKLM-x32\...\{8035964D-75EB-4463-91DC-3F02EE9CF103}) (Version: 2.7.378 - Qualcomm) Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) RomCenter 3.7.1 (HKLM-x32\...\romcenter_is1) (Version: 3.7.1 - Eric Bole-Feysot) Scribus 1.4.6 (64bit) (HKLM\...\Scribus 1.4.6) (Version: 1.4.6 - The Scribus Team) SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - ) Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform) STCServ (Version: 3.0.0.1783 - Intel Corporation) Hidden SunEyes 1.2.4.552 (HKLM-x32\...\{BE59011C-CE48-45DC-9345-73D5C20C0EBB}_is1) (Version: - *) TecViewer (HKLM-x32\...\{17E2B502-C1C1-41C5-BAE4-707841DC948C}) (Version: 2.00.10.50 - company) Warsaw 1.8.0.10356 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinSCP 5.8.2 beta (HKLM-x32\...\winscp3_is1) (Version: 5.8.2 beta - Martin Prikryl) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4219469387-1262884220-599662508-1000_Classes\CLSID\{D7D3CA0B-DD16-ADAF-39E4-66FD70ED6DE02}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-4219469387-1262884220-599662508-1000_Classes\CLSID\{DB342E32-06DC-9BE7-849D-FE79405BDB865}\InprocServer32 -> 0x20085A6A5397D10120085A6A5397D101010000000100000000000000 => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {045A8CB3-2A60-4AF8-95AD-96D771D7FA86} - \AutoKMS -> No File <==== ATTENTION Task: {0FC11D3A-930A-4DC6-8967-CEB9314557EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-01] (Microsoft Corporation) Task: {119EF32B-CAAB-413E-BEB4-3891677FB3B8} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure Task: {12B1616C-ED73-4D35-8A35-FFC8DEC2C315} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: {2DA59BD4-7381-4EF8-AF0A-DDBA8ECFAC08} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation) Task: {3D693006-6BB6-4EBB-B993-73FDC24B4446} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-01] (Microsoft Corporation) Task: {5183DB18-F24F-4A07-A1F4-2D3FD533AC9A} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => Cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2) Task: {53CFEADB-A4DA-4E20-BBA5-F82BBEF5CC7D} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2015-10-30] (Microsoft Corporation) Task: {567E494A-A866-41B8-A6BA-BF1A76F572B4} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [2016-04-08] (GridinSoft LLC) Task: {6A17C162-C424-44CD-8EB1-B28C36D56BEB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-04-14] (Microsoft Corporation) Task: {72A11D91-69A7-4DFA-8843-117A71DA479B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation) Task: {75E71983-636E-4FD0-BA31-80D8AA9ABEE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-17] (Google Inc.) Task: {75F4BB02-A1D1-4272-8741-A2234B6659FD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {9307C3DE-0091-4F1E-9BCF-DDD04A156DB2} - System32\Tasks\Opera scheduled Autoupdate 1448972278 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software) Task: {96F64268-278B-4DD1-B300-D6814785D544} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-17] (Google Inc.) Task: {BCF4DDCC-D1A0-4C93-9349-F1E95545FA34} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish Task: {CE8A54D9-5E13-41F4-A9B1-BDAD59E962CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-03-20] (Microsoft Corporation) Task: {D8E91C39-21CA-4634-9599-B44B4FFE28C6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-07] (Adobe Systems Incorporated) Task: {D91A698B-0B68-4097-8751-E10E7C633D86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated) Task: {F10B9808-7176-4E59-A2F6-D3642E5F3513} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-03-02] () Task: {F92F3769-4266-4AA5-9102-756B5122CF32} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 05:18 - 2015-10-30 05:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll 2016-04-12 22:39 - 2016-03-29 07:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-02-23 00:52 - 2016-03-20 13:10 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2016-04-12 22:39 - 2016-03-29 07:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll 2014-05-01 11:13 - 2014-05-01 11:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll 2015-04-15 17:13 - 2015-04-15 17:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2015-12-18 09:50 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-04-12 22:37 - 2016-04-02 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-04-12 22:38 - 2016-04-02 00:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-04-12 22:38 - 2016-04-01 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-04-12 22:38 - 2016-04-01 23:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-04-12 22:38 - 2016-04-02 00:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-10-30 05:18 - 2015-10-30 05:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll 2016-04-14 19:45 - 2016-04-14 19:45 - 63830568 _____ () C:\Program Files (x86)\Opera\36.0.2130.65\opera.dll 2016-04-14 19:45 - 2016-04-14 19:44 - 02134568 _____ () C:\Program Files (x86)\Opera\36.0.2130.65\libglesv2.dll 2016-04-14 19:45 - 2016-04-14 19:44 - 00082472 _____ () C:\Program Files (x86)\Opera\36.0.2130.65\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\.DS_Store:AFP_AfpInfo [122] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:2CBA444C_Uni.gbp [2] AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo [122] AlternateDataStreams: C:\ProgramData\Temp:9E00596C [380] AlternateDataStreams: C:\Users\ZIVIANI\.DS_Store:AFP_AfpInfo [122] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\google.com -> www.google.com IE trusted site: HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\google.com.br -> www.google.com.br IE trusted site: HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\itau.b.br -> www.itau.b.br IE trusted site: HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\itau.com.br -> hxxps://bankline.itau.com.br IE trusted site: HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\itau.com.br -> bankline.itau.com.br IE trusted site: HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br IE trusted site: HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 05:22 - 2016-04-10 21:36 - 00001345 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 lge.com 127.0.0.1 csmg.lgmobile.com 127.0.0.1 lgmobile.com 127.0.0.1 gdms.lge.com 127.0.0.1 csmgdl.lgmobile.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4219469387-1262884220-599662508-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0_desktop_experience.jpg DNS Servers: 187.122.127.34 - 187.122.127.58 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "IntelConnectCenter" HKLM\...\StartupApproved\Run: => "cpuminer" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "IDSCCOMMA4" HKLM\...\StartupApproved\Run32: => "LightGate" HKLM\...\StartupApproved\Run32: => "HomePageHelper" HKLM\...\StartupApproved\Run32: => "CGL Start" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "PCLink" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_EBC39D87A4E3C34230D37B2EB786E1E6" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "msiql" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "CGL Start" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "Pritc" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "svchost0" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "testLive" HKU\S-1-5-21-4219469387-1262884220-599662508-1000\...\StartupApproved\Run: => "taskhost" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SLBM-MUX-IN-TCP] => (Allow) %SystemRoot%\system32\MuxSvcHost.exe FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe FirewallRules: [WindowsServerBackup-wbengine-In-TCP-NoScope] => (Allow) %systemroot%\system32\wbengine.exe FirewallRules: [{47E92DA5-D2E3-46C5-99D6-75705D4C614F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{F229F649-4F32-4DA8-8953-C529840A01C1}] => (Allow) LPort=2869 FirewallRules: [{9A056E38-A0E2-4F49-8345-39427840E59F}] => (Allow) LPort=1900 FirewallRules: [{8823F757-E7F6-49FC-82EF-A3FAD0E5E641}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{F770F233-72AB-4725-BFCF-BB9714BD1C89}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{6BCD1124-AE03-4636-9675-F01F21D1F0F3}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe FirewallRules: [{2B0DADA4-A4CF-48D9-B830-5105AA2BCCD5}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe FirewallRules: [{A897EA99-8097-4235-941D-5667582EFB23}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe FirewallRules: [{B7706DEF-A886-4CAE-95B3-C42D9B09C0D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{2557B27B-7509-4202-9AEA-F70535FAACF7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{C0C0AC2B-CE07-4B71-8187-746AAE2B7825}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{5C3DF157-35E0-4AFA-8E17-58C519359ED7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{41C2938C-AC22-424A-BE62-6C4F76C595E5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{1EBE1534-143A-4E22-A3B1-E6E75D83B00A}] => (Allow) C:\Users\ZIVIANI\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{225C28B1-E001-4DE5-B517-ED596024A994}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe FirewallRules: [{B1BA7BAC-542C-4572-B1C0-AB414A29825E}] => (Allow) C:\Users\ZIVIANI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{45D2D2C0-E804-4D09-8014-072341CA5095}] => (Allow) C:\Users\ZIVIANI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{09A1BA41-E09F-4F29-A72B-A064243A3132}] => (Allow) C:\Users\ZIVIANI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{21A74EA5-E2B2-428F-A45D-56F4E6EFD418}] => (Allow) C:\Users\ZIVIANI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7C4CBB18-1973-4E2F-A1BF-A54598127C0B}] => (Allow) C:\Users\ZIVIANI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{427CC717-7F23-43F2-84C7-F158DFB3AB27}] => (Allow) C:\Users\ZIVIANI\AppData\Roaming\uTorrent\uTorrent.exe ==================== Restore Points ========================= 01-04-2016 15:36:29 Scheduled Checkpoint 08-04-2016 22:15:31 Scheduled Checkpoint 14-04-2016 03:02:38 Windows Update 14-04-2016 03:04:35 Windows Update 15-04-2016 12:53:42 Removed SDFormatter. ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/17/2016 03:27:16 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/17/2016 03:21:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/17/2016 03:21:13 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/17/2016 02:17:37 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/17/2016 11:03:03 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/17/2016 11:01:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program dllhost.exe version 10.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 16b8 Start Time: 01d198ae1c201f88 Termination Time: 4294967295 Application Path: C:\Windows\System32\dllhost.exe Report Id: e4e13c46-04a4-11e6-8a05-f4ce462717ac Faulting package full name: Faulting package-relative application ID: Error: (04/17/2016 11:01:32 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program dllhost.exe version 10.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 908 Start Time: 01d198b04e1703bf Termination Time: 4294967295 Application Path: C:\Windows\System32\dllhost.exe Report Id: e0772115-04a4-11e6-8a05-f4ce462717ac Faulting package full name: Faulting package-relative application ID: Error: (04/17/2016 10:05:53 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/17/2016 10:05:49 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (04/17/2016 10:05:48 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. System errors: ============= Error: (04/17/2016 03:09:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ClickToRunSvc service failed to start due to the following error: %%1053 Error: (04/17/2016 03:09:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc service to connect. Error: (04/17/2016 03:09:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The GoogleChromeUpService service failed to start due to the following error: %%2 Error: (04/17/2016 03:04:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_23fff2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/17/2016 03:04:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/17/2016 03:01:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (04/17/2016 03:01:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Serviço Clique para Executar do Microsoft Office service terminated unexpectedly. It has done this 3 time(s). Error: (04/17/2016 03:01:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (04/17/2016 03:01:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Common Connectivity Framework service terminated unexpectedly. It has done this 1 time(s). Error: (04/17/2016 03:01:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-04-17 15:44:57.312 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 15:25:06.572 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 15:16:36.270 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 14:55:13.737 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 14:16:16.442 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 12:23:37.112 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 10:51:05.381 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 10:30:12.538 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 10:11:47.691 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-04-17 10:01:48.288 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz Percentage of memory in use: 27% Total physical RAM: 8183.23 MB Available physical RAM: 5905.02 MB Total Virtual: 9463.23 MB Available Virtual: 7175.16 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.27 GB) (Free:364.05 GB) NTFS Drive e: (EXTERNO) (Fixed) (Total:931.27 GB) (Free:648.68 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AE9C372C) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: CB602740) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C) ==================== End of Addition.txt ============================