Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-08-2015 02 Ran by PAULO (2015-08-25 19:38:00) Running from C:\Users\PAULO\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3024616143-3309111996-383524719-500 - Administrator - Disabled) Convidado (S-1-5-21-3024616143-3309111996-383524719-501 - Limited - Disabled) DefaultAccount (S-1-5-21-3024616143-3309111996-383524719-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3024616143-3309111996-383524719-1005 - Limited - Enabled) PAULO (S-1-5-21-3024616143-3309111996-383524719-1001 - Administrator - Enabled) => C:\Users\PAULO ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3024616143-3309111996-383524719-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) 7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Atualizações da NVIDIA 2.5.12.11 (Version: 2.5.12.11 - NVIDIA Corporation) Hidden Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software) BMW M3 Challenge (HKLM-x32\...\{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1) (Version: BMW M3 Challenge v1.0.0.0 - 10TACLE STUDIOS AG) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) COMODO Programs Manager (HKLM\...\{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}) (Version: 1.3_build_30 - COMODO) DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc) Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games) Darksiders II (HKLM-x32\...\Steam App 50650) (Version: - Vigil Games) DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - Nombre de su organización) Devil May Cry 4 (HKLM-x32\...\Steam App 45700) (Version: - Capcom) DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team) DriverEasy 4.9.5 (HKLM\...\DriverEasy_is1) (Version: 4.9.5.0 - Easeware) DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - ) EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.8.0.0 - Electronic Arts) Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software) FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.5.116.602 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden i-Menu version 4.0.8 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.0.8 - AOC) Instalação do DivX (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3910 - Intel Corporation) Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) K-Lite Mega Codec Pack 11.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.3.0 - ) KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - ) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Lords Of The Fallen (HKLM-x32\...\Steam App 265300) (Version: - CI Games) Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 40.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 pt-BR)) (Version: 40.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla) My Lockbox 3.5 (HKLM\...\My Lockbox_is1) (Version: 3.5 - ) NVIDIA Áudio Virtual Miracast 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.62 - NVIDIA Corporation) NVIDIA Driver de áudio HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA Driver de controle do 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA Driver de gráficos 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation) NVIDIA Driver do 3D Vision 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.60 - NVIDIA Corporation) NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Painel de controle da NVIDIA 355.60 (Version: 355.60 - NVIDIA Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Software de dispositivo do Chipset Intel® (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUS_{B36586AD-3256-47B6-8AE7-FA0D8727D7C2}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.30 - VSO-Software SARL) Warsaw 1.8.0.10356 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia) Xerox WorkCentre 3045B (HKLM-x32\...\InstallShield_{645082D0-144F-42A1-B7CD-1419DC7BA06D}) (Version: 1.006.00 - Xerox) Xerox WorkCentre 3045B (x32 Version: 1.006.00 - Xerox) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\PAULO\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\PAULO\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\PAULO\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\PAULO\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\PAULO\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\PAULO\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\PAULO\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\PAULO\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\PAULO\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3024616143-3309111996-383524719-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\PAULO\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 23-08-2015 11:40:16 Installed Chipset_Win7_8_8.1_10_10.1.1.8.zip by DriverEasy 25-08-2015 00:01:05 avast! antivirus system restore point ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 10:25 - 2015-07-30 18:38 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation) Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation) Task: {0ED49012-824F-4237-89CB-3D770CA8DDE9} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-QUARTO-PAULO PC-QUARTO => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2015-06-26] (Microsoft Corporation) Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {1A33D4AA-4B9B-4216-A2CE-B825B77D307C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {238E391B-77A6-423C-A4BC-1C884FC57542} - System32\Tasks\{B3F96D29-1135-4038-BDB6-C39434087B93} => pcalua.exe -a C:\Users\PAULO\Desktop\CPM_SETUP_1.3.2.30_xp_vista_server2003_win7.exe -d C:\Users\PAULO\Desktop Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation) Task: {53081C05-9A26-4E08-93CB-AE8174081B91} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated) Task: {6610E1F5-15A9-4339-BEA6-9FFF8DDA4DC8} - System32\Tasks\{6D13DCED-2294-4FF9-B29D-DEE76E2D5F07} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends\" Task: {6ACE2B94-257B-42C7-B35C-154D4A69E437} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.) Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance Task: {78F8091B-9C69-482C-AD59-2680695137AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {89FE7362-F53F-40EE-BD11-431F1B69B82C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {8C883DAF-766B-44A8-8A49-E820AC89FC62} - System32\Tasks\{84016D63-C0E3-421E-8B71-9D9343BBB46C} => pcalua.exe -a C:\PROGRA~2\WSE_AS~1\\uninstall.exe Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-06] (Microsoft Corporation) Task: {9454773F-2DF2-4305-AAEE-338C020A82E3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-25] (AVAST Software) Task: {96AFF688-61A2-4B26-B6FE-B7FCDDE067E9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {9A7D896A-EB28-4D91-B43A-3C6C660EC9DB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {A06F675D-626C-4ECB-AFC8-69788F1B3FFE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager Task: {ACB50037-CC28-4269-900A-680F0786D716} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {B3173518-F6B6-43DD-BCFE-43720A94B87D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {B88DA3DB-C6F9-4721-ADDE-ACD93D682603} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {BD7C5B4A-39D9-4987-95C1-AE79CAA1463E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {C475EC89-EF57-49FB-B5C0-B375D2F39F54} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] () Task: {C4EE5AE9-95F1-4745-A1A8-6D399855B0E7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-11] (Microsoft Corporation) Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {C5FB748C-1E7F-4F49-8A4F-D9C11085BB85} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation) Task: {C8996A91-1654-43F9-BF71-49C361DD1006} - System32\Tasks\Driver Booster SkipUAC (PAULO) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {C9F536A7-B843-4A51-B716-ADF957FDBDCB} - System32\Tasks\{841843E4-782A-4933-BC62-E1311650F293} => pcalua.exe -a C:\Users\PAULO\Desktop\CSC_3.0.172695.53_xp_vista_server2003_server2008_win7.exe -d C:\Users\PAULO\Desktop Task: {CF7DAF55-2C3A-45B2-BCF0-9B99F5412F2A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {D742F6B7-2251-46A9-965A-D03E287BDABD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {D934EF78-6B25-4CF8-8C1A-BAD71ED14471} - System32\Tasks\{E066C28C-6946-49DE-8BF2-1FA302394993} => pcalua.exe -a "C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe" -d "C:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86" Task: {DC0F2990-F938-4FF0-ADAE-7E23CAB64988} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-07-21] () Task: {E5E7662B-C2E3-4153-B05C-A7BC20149B5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.) Task: {F3AAFB9E-E774-4F28-8061-133DA0862673} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F7D75242-2DCE-40C1-8BF4-4C5A585EEED8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-07-10 08:00 - 2015-07-10 08:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-08-06 19:39 - 2015-08-06 19:39 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-06-04 12:37 - 2015-08-07 01:27 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-03-09 14:34 - 2012-03-09 14:34 - 00022528 _____ () C:\WINDOWS\System32\xrhr3aLM.DLL 2011-09-05 12:11 - 2011-09-05 12:11 - 00116032 _____ () C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe 2015-08-18 21:25 - 2015-08-11 06:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2012-01-03 10:04 - 2012-01-03 10:04 - 00095744 _____ () C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe 2015-08-06 22:40 - 2015-07-30 03:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-08-06 22:40 - 2015-07-30 03:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-07-10 07:59 - 2015-07-10 07:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-08-11 19:43 - 2015-08-02 22:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 08:00 - 2015-07-10 13:49 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-18 21:26 - 2015-08-11 05:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-11 19:43 - 2015-08-02 22:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-17 14:34 - 2015-07-17 14:34 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll 2012-01-03 10:04 - 2012-01-03 10:04 - 00247296 _____ () C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe 2012-01-03 10:04 - 2012-01-03 10:04 - 00227840 _____ () C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmwj.exe 2012-01-03 10:05 - 2012-01-03 10:05 - 04476928 _____ () C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe 2015-08-25 00:03 - 2015-08-25 00:03 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-08-25 00:03 - 2015-08-25 00:03 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-08-25 14:54 - 2015-08-25 14:54 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15082501\algo.dll 2015-03-31 00:47 - 2015-07-24 01:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-08-25 00:03 - 2015-08-25 00:03 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 AlternateDataStreams: C:\Users\PAULO\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3024616143-3309111996-383524719-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-3024616143-3309111996-383524719-1001\...\bb.com.br -> hxxps://seg.bb.com.br IE trusted site: HKU\S-1-5-21-3024616143-3309111996-383524719-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3024616143-3309111996-383524719-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "mylbx" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{BEDF8AD2-F793-4B15-A475-DF17030499B1}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{9160FFE4-74ED-466F-A777-7784A47C8453}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{1C0189E6-1B17-4947-A8B1-1ECC95C587B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{58B5291B-4149-400C-AEC0-9D9B6D636014}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{C933F2DD-F4C6-475B-8BDE-CD717C7AC4DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{B27C2E1A-1A3F-403E-A580-25EEFB342791}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{43993F34-A928-4407-B733-4A869E9FE30C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darksiders 2\Darksiders2.exe FirewallRules: [{F61FDE08-D3CF-4625-A695-A0D81C7A245C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darksiders 2\Darksiders2.exe FirewallRules: [{1FC4FC10-A97B-444F-A95D-1DF281BA3398}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A42A53C7-FBAD-42BB-8C9B-1D5587774512}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DE00A264-7973-4A18-8CFE-886FDFA982A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darksiders\DarksidersPC.exe FirewallRules: [{8B40A1D4-E648-4C05-A4D1-B392F6599822}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darksiders\DarksidersPC.exe FirewallRules: [{8DE55BA0-D9DC-4104-A85C-C8D6DFC2F6B6}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [{0CB39068-1ECB-42D3-9D75-F9A27915C79C}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [{E314AE35-3916-4AA9-8D33-618C40F7B295}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{DEB34A9C-11A4-48FD-BB4F-75BF182F65A0}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{CE71AC71-6F1F-484D-B13F-7E9A52BF4A97}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{CCF2D37D-DE27-4771-BB36-3DB2DD66B810}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{F1FDC53C-9006-4EB9-BC90-CC69DDBB253F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{3B7DE8E9-97EB-41B2-B113-CD30C54D65D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{9DB0FCE5-AB20-4236-9028-2BA540C284D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{702330B3-0A01-4D65-88C5-046CEAAF1889}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{E690B223-2C4D-4967-999F-57CF9060C129}] => (Allow) LPort=1688 FirewallRules: [{782C72A2-BE22-4DB9-B676-934F6EF9A510}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{C1C6E1E2-57AC-4D8C-82B3-C0D32461B39A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{3074D75B-DBF7-46F7-B985-0ABA84827E42}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{615A85CB-D898-4FE7-BD63-C2FEE6368595}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{9391BE92-5E67-41A9-9A6B-CA4AA0E7D218}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{83F44A12-C3CE-4EB4-8D9A-A69B3B105B52}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{32643DDC-BF4B-40FC-B30B-5F80889E2964}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{DA8613DE-463D-42BB-A52C-BD5AEB61FA60}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{67BDE6B2-9800-4E7B-897F-BF8BE845E54C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{47F86E19-4EC7-4228-B003-442559D48CFD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{36D0CD8C-FDDA-4393-952C-FFCD624104AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{6FB7F45E-ADDC-4607-9E96-4F72FDE202AE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3F9566A3-6A62-494A-916E-CFC0D2AC006D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{C7A6D6AA-BDBD-4FD4-9B99-DDA5C550E09A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{A0925A00-F981-41D0-B3E3-EEECF50DE434}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{8F490827-67A1-4B9E-AE4D-E9280300BF27}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B8598DA6-45C1-4ABA-9E23-F9AA4D3A18A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Devil May Cry 4\DevilMayCry4_DX9.exe FirewallRules: [{3A555917-D28B-4826-AE8D-D66A75145F01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Devil May Cry 4\DevilMayCry4_DX9.exe FirewallRules: [{A2EFC2F8-41D6-4D1C-8580-49326187F871}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Devil May Cry 4\DevilMayCry4_DX10.exe FirewallRules: [{586327BA-2F47-4799-BD69-75A200DC18FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Devil May Cry 4\DevilMayCry4_DX10.exe FirewallRules: [{9A654E14-9315-478E-8694-9C34F78CAC14}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AD6FE3D1-4189-4FBA-AD89-69AD6E6F2523}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{804B0338-926F-47C7-BDA0-449FB71BB864}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{856673CF-D2B9-407B-9950-117E8D3EA80E}] => (Allow) C:\Users\PAULO\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{65E4EE44-6A97-431B-AFF9-E18EE9D32941}] => (Allow) C:\Users\PAULO\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{366123C2-96EB-40D4-A04A-DC6AACB7A757}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3BCEED32-4F66-4E6C-96D0-7E67695853FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{926B7D92-A421-49CD-AB4B-84CFFBF38125}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F93BF829-0872-4DB7-8BEE-ECAC0BCC85DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B89BA75B-1A7B-4D59-9A4B-D2133243F6BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe FirewallRules: [{A307C75E-2AE3-4B58-9753-EA84B94D8DB7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe FirewallRules: [{7581D6B7-8758-4858-8212-F821836031D9}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [{022B8AB5-6177-4DFA-A607-BC2D0105BCA4}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe FirewallRules: [{CAE8950E-FE1C-4E57-B9FD-92A24C483436}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe FirewallRules: [{2014C5A2-B96F-4C5C-9D47-9A83FACB664C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe FirewallRules: [TCP Query User{08FDA30C-1C8B-45D9-8E6B-4CB645BFA62D}C:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) C:\program files (x86)\origin games\fifa 15\fifa15.exe FirewallRules: [UDP Query User{A77185E7-D767-4B5D-A73D-79AB9319741F}C:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) C:\program files (x86)\origin games\fifa 15\fifa15.exe FirewallRules: [{15E58A70-0067-44F7-BFEA-889E05B4B006}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe FirewallRules: [{2B9FBD58-0D53-42CC-BBA6-86E446C746A7}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 14\Game\fifa14.exe FirewallRules: [{A0AC4A89-E03F-4B51-9ADF-064F3E495B24}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/25/2015 07:19:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: OHub.exe, versão: 16.0.6106.2350, carimbo de data/hora: 0x55c40ea1 Nome do módulo com falha: Mso30Imm.dll, versão: 16.0.6014.1000, carimbo de data/hora: 0x55a5783f Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000012b70 ID do processo com falha: 0x1c70 Hora de início do aplicativo com falha: 0xOHub.exe0 Caminho do aplicativo com falha: OHub.exe1 Caminho do módulo com falha: OHub.exe2 ID do Relatório: OHub.exe3 Nome completo do pacote com falha: OHub.exe4 ID do aplicativo relativo ao pacote com falha: OHub.exe5 Error: (08/25/2015 07:18:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: Service_KMS.exe, versão: 11.0.0.0, carimbo de data/hora: 0x52a8d15d Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0x00000000 Deslocamento da falha: 0x00007fff8a030668 ID do processo com falha: 0x938 Hora de início do aplicativo com falha: 0xService_KMS.exe0 Caminho do aplicativo com falha: Service_KMS.exe1 Caminho do módulo com falha: Service_KMS.exe2 ID do Relatório: Service_KMS.exe3 Nome completo do pacote com falha: Service_KMS.exe4 ID do aplicativo relativo ao pacote com falha: Service_KMS.exe5 Error: (08/25/2015 03:45:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-QUARTO) Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (08/25/2015 02:59:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: jucheck.exe, versão: 2.8.60.27, carimbo de data/hora: 0x55c116b1 Nome do módulo com falha: jucheck.exe, versão: 2.8.60.27, carimbo de data/hora: 0x55c116b1 Código de exceção: 0x40000015 Deslocamento da falha: 0x00052d24 ID do processo com falha: 0x7c0 Hora de início do aplicativo com falha: 0xjucheck.exe0 Caminho do aplicativo com falha: jucheck.exe1 Caminho do módulo com falha: jucheck.exe2 ID do Relatório: jucheck.exe3 Nome completo do pacote com falha: jucheck.exe4 ID do aplicativo relativo ao pacote com falha: jucheck.exe5 Error: (08/25/2015 02:53:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: Service_KMS.exe, versão: 11.0.0.0, carimbo de data/hora: 0x52a8d15d Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0x00000000 Deslocamento da falha: 0x00007ff8095f0668 ID do processo com falha: 0x878 Hora de início do aplicativo com falha: 0xService_KMS.exe0 Caminho do aplicativo com falha: Service_KMS.exe1 Caminho do módulo com falha: Service_KMS.exe2 ID do Relatório: Service_KMS.exe3 Nome completo do pacote com falha: Service_KMS.exe4 ID do aplicativo relativo ao pacote com falha: Service_KMS.exe5 Error: (08/25/2015 01:28:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-QUARTO) Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (08/25/2015 01:27:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ShellExperienceHost.exe, versão: 10.0.10240.16425, carimbo de data/hora: 0x55bec5f5 Nome do módulo com falha: StartUI.dll, versão: 10.0.10240.16431, carimbo de data/hora: 0x55c9bb30 Código de exceção: 0x80000003 Deslocamento da falha: 0x00000000001c028f ID do processo com falha: 0x1308 Hora de início do aplicativo com falha: 0xShellExperienceHost.exe0 Caminho do aplicativo com falha: ShellExperienceHost.exe1 Caminho do módulo com falha: ShellExperienceHost.exe2 ID do Relatório: ShellExperienceHost.exe3 Nome completo do pacote com falha: ShellExperienceHost.exe4 ID do aplicativo relativo ao pacote com falha: ShellExperienceHost.exe5 Error: (08/25/2015 12:01:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error: Acesso negado. . Error: (08/24/2015 11:29:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: OHub.exe, versão: 16.0.6106.2350, carimbo de data/hora: 0x55c40ea1 Nome do módulo com falha: Mso30Imm.dll, versão: 16.0.6014.1000, carimbo de data/hora: 0x55a5783f Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000012b70 ID do processo com falha: 0xcfc Hora de início do aplicativo com falha: 0xOHub.exe0 Caminho do aplicativo com falha: OHub.exe1 Caminho do módulo com falha: OHub.exe2 ID do Relatório: OHub.exe3 Nome completo do pacote com falha: OHub.exe4 ID do aplicativo relativo ao pacote com falha: OHub.exe5 Error: (08/24/2015 11:27:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: Service_KMS.exe, versão: 11.0.0.0, carimbo de data/hora: 0x52a8d15d Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0x00000000 Deslocamento da falha: 0x00007ff8a3a10668 ID do processo com falha: 0xa3c Hora de início do aplicativo com falha: 0xService_KMS.exe0 Caminho do aplicativo com falha: Service_KMS.exe1 Caminho do módulo com falha: Service_KMS.exe2 ID do Relatório: Service_KMS.exe3 Nome completo do pacote com falha: Service_KMS.exe4 ID do aplicativo relativo ao pacote com falha: Service_KMS.exe5 System errors: ============= Error: (08/25/2015 07:20:55 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (08/25/2015 07:19:44 PM) (Source: DCOM) (EventID: 10016) (User: PC-QUARTO) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PC-QUARTOPAULOS-1-5-21-3024616143-3309111996-383524719-1001LocalHost (Usando LRPC)Microsoft.WindowsStore_2015.8.12.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157 Error: (08/25/2015 07:18:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Service KMSELDI foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (08/25/2015 07:17:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço KMS Server Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (08/25/2015 07:17:01 PM) (Source: NetBT) (EventID: 4307) (User: ) Description: Falha na inicialização porque o transporte não abriu os Endereços iniciais. Error: (08/25/2015 07:17:01 PM) (Source: NetBT) (EventID: 4307) (User: ) Description: Falha na inicialização porque o transporte não abriu os Endereços iniciais. Error: (08/25/2015 03:45:22 PM) (Source: DCOM) (EventID: 10010) (User: PC-QUARTO) Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca Error: (08/25/2015 03:45:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Acesso a Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (08/25/2015 03:45:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Armazenamento de Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (08/25/2015 03:45:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Dados de Contato_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Microsoft Office: ========================= Error: (08/25/2015 07:19:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: OHub.exe16.0.6106.235055c40ea1Mso30Imm.dll16.0.6014.100055a5783fc00000050000000000012b701c7001d0df8422b78feeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbwe\OHub.exeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbwe\Mso30Imm.dll0b07a2f5-9753-49d9-8359-a31786c7b7e4Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub Error: (08/25/2015 07:18:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007fff8a03066893801d0df83c9be3233C:\Program Files\KMSpico\Service_KMS.exeunknown60576afb-cd3e-4476-8d80-b74853a49758 Error: (08/25/2015 03:45:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-QUARTO) Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141 Error: (08/25/2015 02:59:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: jucheck.exe2.8.60.2755c116b1jucheck.exe2.8.60.2755c116b14000001500052d247c001d0df5fcc74a4f5C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeb62775e0-ad6f-48cf-b489-4480e6b385b2 Error: (08/25/2015 02:53:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff8095f066887801d0df5ec18bf717C:\Program Files\KMSpico\Service_KMS.exeunknown7b2d5d03-3c3e-4e59-9c3a-fe347ec05d73 Error: (08/25/2015 01:28:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-QUARTO) Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141 Error: (08/25/2015 01:27:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: ShellExperienceHost.exe10.0.10240.1642555bec5f5StartUI.dll10.0.10240.1643155c9bb308000000300000000001c028f130801d0dedd99acfda1C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll2337e746-6021-4f43-8dd9-d904e55603bcMicrosoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp Error: (08/25/2015 12:01:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error: Acesso negado. Error: (08/24/2015 11:29:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: OHub.exe16.0.6106.235055c40ea1Mso30Imm.dll16.0.6014.100055a5783fc00000050000000000012b70cfc01d0dedde90de822C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbwe\OHub.exeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbwe\Mso30Imm.dllb9acc6cc-00c3-486d-b126-809aa6e42b0dMicrosoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub Error: (08/24/2015 11:27:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff8a3a10668a3c01d0dedd7453e150C:\Program Files\KMSpico\Service_KMS.exeunknowncb758555-d60f-4014-b742-d3f6a00a35ad CodeIntegrity: =================================== Date: 2015-08-24 23:29:46.516 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-08-24 23:29:46.489 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-08-24 23:29:46.462 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-08-24 23:29:46.436 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe that did not meet the Windows signing level requirements. Date: 2015-08-24 22:16:39.519 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-24 22:16:39.487 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-24 22:16:39.455 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-24 22:16:36.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-24 22:16:36.488 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-08-24 22:16:36.455 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3340 CPU @ 3.10GHz Percentage of memory in use: 19% Total physical RAM: 12251.46 MB Available physical RAM: 9894.1 MB Total Virtual: 14107.46 MB Available Virtual: 11501.59 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.12 GB) (Free:718.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 000DB11A) Partition: GPT. ==================== End of Addition.txt ============================