Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016 Ran by Caetano (2016-01-19 14:31:55) Running from D:\Users\Caetano\Desktop Windows 10 Pro (X64) (2015-12-23 13:45:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1014537539-2695994088-2108778008-500 - Administrator - Disabled) Caetano (S-1-5-21-1014537539-2695994088-2108778008-1000 - Administrator - Enabled) => D:\Users\Caetano DefaultAccount (S-1-5-21-1014537539-2695994088-2108778008-503 - Limited - Disabled) Guest (S-1-5-21-1014537539-2695994088-2108778008-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1014537539-2695994088-2108778008-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) GMATPrep (HKLM-x32\...\GMATPrep 2.3.322) (Version: 2.3.322 - Graduate Management Admission Council (GMAC)) Google Chrome (HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation) IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.0 - Receita Federal do Brasil) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab) Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - ) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pt-BR)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation) NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation) NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time) PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-003B-0000-0000-0000000FF1CE}_Office15.PRJPROR_{115B7592-B71D-4C27-AB34-34268FB199CA}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.2.0.14250 - Sony Corporation) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.2.0.15020 - Sony Corporation) VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.2.0.15020 - Sony Corporation) VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.1.0.13200 - Sony Corporation) VidyoWeb - 1.1.1.00075 (HKLM-x32\...\{B6CA2BDD-D30F-4426-A5C6-767BAD8FF02F}) (Version: 1.1.1.00075 - Vidyo, Inc.) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) Warsaw 1.11.0.42826 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.0.42826 - GAS Tecnologia) WebCam Companion (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: - ) Windows Driver Package - Atheros Communications Inc. (athr) Net (02/12/2010 9.0.0.125) (HKLM\...\62D2521666DCF9EBEC983E0344A3DEE15CF2C6D3) (Version: 02/12/2010 9.0.0.125 - Atheros Communications Inc.) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) X-Plane 10 Global - 64 Bit (HKLM-x32\...\Steam App 292180) (Version: - Laminar Research) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> D:\Users\Caetano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll => No File CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> D:\Users\Caetano\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll => No File CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> D:\Users\Caetano\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> D:\Users\Caetano\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0041BDAC-BBB5-4362-B2E7-BC71E3086DC8} - System32\Tasks\Adobe Acrobat Update Task => D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {03F09925-6C07-4EBC-88B1-C3C0363750EC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => D:\Windows\ehome\mcupdate.exe Task: {07EE8A23-9808-4B9E-967C-707A9D8C82FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {09B3399E-69B8-4BC8-A84A-0E7E4679658E} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => D:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-01-20] (Sony Corporation) Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {17505B6F-3541-497C-8D1A-B30F9409A544} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => D:\Windows\ehome\mcupdate.exe Task: {18A6C544-CBD8-40D6-A57A-C0EF715D8B31} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => D:\Windows\ehome\ehPrivJob.exe Task: {1A8CB5ED-D01A-4480-86E5-CDE4D4DFDAF3} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => D:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-01-20] (Sony Corporation) Task: {24F52321-3131-400C-B42C-B39E33BB8CE2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => D:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {2650A2A9-E032-4DAB-8998-0E45F3371AA5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => D:\Windows\ehome\ehPrivJob.exe Task: {26F3E1FD-C64E-4A97-BC37-82D0BDE4ABE9} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => D:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2010-01-20] (Sony Corporation) Task: {27A9E23E-1A5C-4DC7-BB96-8F74F13EA50F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => D:\Windows\ehome\ehPrivJob.exe Task: {2ECA202E-4B08-44FD-B287-D5F262CB63B3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => D:\Windows\ehome\mcupdate.exe Task: {31CAB992-9BBE-4FDC-9F91-E62DFEE86EA8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => D:\Windows\ehome\ehrec.exe Task: {32A5F204-8D4A-4C3D-B4EA-855B000D8A9D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3409C17B-F091-466D-8C4C-1D9B35FD5CAC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => D:\Windows\ehome\ehPrivJob.exe Task: {359DA2E4-D76B-4AE8-B372-5AEEBD450926} - System32\Tasks\AdobeAAMUpdater-1.0-Caetano-PC-Caetano => D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated) Task: {3632D93F-FECC-4412-8161-0E7E6DA0AC11} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {40C67CA3-CE89-4873-B2FE-DE03AE12DB65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => D:\Windows\ehome\ehPrivJob.exe Task: {443551E0-5B5D-45B3-9D23-6628C1501B79} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {454E03C0-C8D2-402E-B93F-07C36E9715A8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => D:\Windows\ehome\ehPrivJob.exe Task: {458B47A0-4ACD-498A-915E-C91690A48A6B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => D:\Windows\ehome\mcupdate.exe Task: {5359B02C-E54D-442C-9E7C-E81A02CEF15F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => D:\Windows\ehome\MCUpdate.exe Task: {57BA7565-F1EE-4BB2-A666-1CE884A1EA26} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => D:\Windows\ehome\mcupdate.exe Task: {58E7A071-FE80-468D-BBB2-11FAE4E0A50D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => D:\Windows\ehome\mcupdate.exe Task: {5C7F4257-CCDC-49DC-867E-F91BD4993B90} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => D:\Windows\ehome\ehPrivJob.exe Task: {6BECDCC5-E5DD-4025-9A42-F236FBC7D0D7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000UA => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.) Task: {7D386109-4A56-473E-AE4F-A38D7B1BBDBE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {7DC9330F-1CE5-40CB-94D5-27A0FED80072} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => D:\WINDOWS\system32\MRT.exe [2016-01-17] (Microsoft Corporation) Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe Task: {87CB2D65-5224-4481-9FCC-242019E2C12F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {8C1C4E8F-0903-4249-B29C-487F7E13C1E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {9395EB0B-2EEF-4D54-BC29-8C5985F111F6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => D:\Windows\ehome\ehPrivJob.exe Task: {950A4493-D957-4A60-AC66-7CAEC95DB839} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {A0B4F51C-5690-496E-9A78-0421C7C1C1C4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => D:\Windows\ehome\mcupdate.exe Task: {A829CCF2-11BB-4A90-B24D-3D06DF9730D1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => D:\Windows\ehome\ehPrivJob.exe Task: {A88E1FC2-D23D-4E62-9E77-FE2243615D74} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => D:\Windows\ehome\ehPrivJob.exe Task: {A9E65A22-56E1-4630-B9FE-21B14BD43CAF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {B693409A-915D-4471-988E-6694A7F7E60E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {C06AB0E1-A4A8-40AC-ABEE-A526A6CF180E} - System32\Tasks\AutoPico Daily Restart => D:\Program Files\KMSpico\AutoPico.exe [2014-03-02] () Task: {CD134041-FB81-4F46-BBD9-EFF181C7A6B1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => D:\Windows\ehome\ehPrivJob.exe Task: {CF0B319C-0056-49D4-AA0F-F201138921CD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => D:\Windows\ehome\ehPrivJob.exe Task: {CF1B524B-65FC-4EA1-A4BE-C294C6D57DBE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => D:\Windows\ehome\ehPrivJob.exe Task: {D849ACF8-1395-4F2E-94F0-380C18B0ABCC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000Core => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.) Task: {DACD4789-69AC-4E6C-AD7A-98DEFE0087B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe Task: {F01A67C3-4996-4937-B2C0-1066F858EA5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {FEC565A8-33C7-4F41-8F7C-088FD9B11DCA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000Core.job => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe Task: D:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1014537539-2695994088-2108778008-1000UA.job => D:\Users\Caetano\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () D:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-23 10:18 - 2015-10-13 14:26 - 00125616 _____ () D:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-12-23 15:06 - 2015-12-23 15:06 - 02653816 _____ () D:\WINDOWS\system32\CoreUIComponents.dll 2015-12-23 15:06 - 2015-12-23 15:06 - 02653816 _____ () D:\WINDOWS\System32\CoreUIComponents.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () D:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2015-12-23 12:20 - 2015-12-23 12:24 - 00144384 _____ () D:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-12-23 17:08 - 2015-12-07 01:14 - 00093696 _____ () D:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-12-23 17:08 - 2015-12-07 01:00 - 00472064 _____ () D:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-12-23 17:08 - 2015-12-07 01:00 - 00674816 _____ () D:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2016-01-12 22:40 - 2016-01-04 22:29 - 07992832 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-12 22:40 - 2016-01-04 22:23 - 00591360 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-12 22:40 - 2016-01-04 22:24 - 02483200 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-12 22:39 - 2016-01-04 22:26 - 04089856 _____ () D:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-12-09 17:34 - 2015-12-09 17:34 - 00012800 _____ () D:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2015-12-09 17:34 - 2015-12-09 17:34 - 11542016 _____ () D:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2015-11-20 15:22 - 2015-11-20 15:24 - 00258560 _____ () D:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2015-02-22 05:16 - 2010-03-02 21:22 - 00013824 _____ () D:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll 2015-02-22 05:16 - 2010-03-02 21:22 - 00013312 _____ () D:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll 2015-02-23 21:32 - 2009-11-20 16:19 - 00058880 _____ () D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-12-23 12:20 - 2015-12-23 12:24 - 00141312 _____ () D:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2015-12-23 12:20 - 2015-12-23 12:24 - 21845504 _____ () D:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-03-30 13:34 - 2015-03-28 00:45 - 00011920 _____ () D:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-03-17 02:34 - 2015-03-17 02:34 - 00010240 _____ () D:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pt_br\acrotray.ptb 2016-01-15 13:04 - 2016-01-12 13:35 - 01590088 _____ () D:\Users\Caetano\AppData\Local\Google\Chrome\Application\47.0.2526.111\libglesv2.dll 2016-01-15 13:04 - 2016-01-12 13:35 - 00087880 _____ () D:\Users\Caetano\AppData\Local\Google\Chrome\Application\47.0.2526.111\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: D:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt AlternateDataStreams: D:\WINDOWS\System32:8D142330_Cef.gbp AlternateDataStreams: D:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\...\caixa.gov.br -> imagem.caixa.gov.br ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:34 - 2016-01-08 15:31 - 00001023 ____N D:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 activate.adobe.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1014537539-2695994088-2108778008-1000\Control Panel\Desktop\\Wallpaper -> D:\Users\Caetano\Pictures\Private-library.jpg DNS Servers: 192.168.100.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{2AD179C4-0963-4C14-8465-664997E72D5D}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B8CD8FDD-7A3E-48BF-923F-6EB7EAB6108A}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C7A9C7E8-2DC4-4AB6-89FF-47D7D26CD3A0}] => (Allow) D:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{1EDFFCE0-BCCD-4AD5-9C65-FDB49CD95D13}] => (Allow) D:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{8D0568CB-C53F-4974-8C48-946BC4400227}] => (Allow) D:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{AE441EC2-5A55-4F62-8152-FC9AE82D3562}] => (Allow) D:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{587D7B1B-7F93-4AFC-B811-C5DF39BDD370}] => (Allow) D:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{B7BC1B36-50ED-4829-A616-DEF5F5EDBDB5}] => (Allow) D:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [UDP Query User{7339DEF2-2794-4B21-ACB9-DAEDBC06AECB}D:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) D:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [TCP Query User{E64E31AE-6B6D-42C1-84B9-01A97A371288}D:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) D:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{78F86DD1-B1C5-4D07-9C86-5B3C450423EF}D:\users\caetano\appdata\local\popcorn time\nw.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\nw.exe FirewallRules: [TCP Query User{40D7B613-8AAD-4E69-B56C-E1189269AD96}D:\users\caetano\appdata\local\popcorn time\nw.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{522DC74B-D93B-42A2-AAAC-0BD5C20DD838}D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [TCP Query User{A1B13C16-D69B-4593-8EA8-B835AD40D47D}D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) D:\users\caetano\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{C3B258E4-24AE-42C4-A9FE-A8339C615B97}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B605DEE4-E3A8-4DAE-BDD3-6E3F602DF450}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{ED9C74A8-D57B-4FA0-A344-AFE233F1984A}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{50408B47-5D60-42C4-8663-EAF681A31B6A}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{07134A5A-2030-4E06-A9A9-EC05945B4776}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{29AE14AC-C06F-4EE2-885A-1D621012EA7D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{1346DE78-7A24-4346-9D16-62DC100EE1A4}] => (Allow) D:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{40D4D65B-DB97-4938-BA89-232423C6AA5F}] => (Allow) D:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{04B4749F-D93F-4626-B38E-01AA258ED464}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{E08C39C0-DF9E-48B0-8CF4-C0546B670203}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{478C1408-54CA-46CB-8C27-B86798473622}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{41C9474C-1F91-4EE1-8AD5-E2FCAD458353}] => (Allow) D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{F5E1F2AC-E54E-4C2F-84CC-C001300EBDCA}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4BEB1D42-060C-47FE-9FDB-CDC86478B44B}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D7E34B56-DDDF-4773-901D-84B9739CAC9B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [{23E478A3-B01E-4A06-BC8B-9D68416D5C64}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe FirewallRules: [TCP Query User{9DBD24FB-1AD5-4DCC-8DB7-527FAEE1B01B}D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [UDP Query User{38C6A95A-9961-43BC-85EB-DF2BD2CF6AB7}D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [{A0BA9A2E-C8DD-4860-B250-B9D00C24766F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane.exe FirewallRules: [{25BE1FC1-D9FB-4B62-B196-8D2014B33D11}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane.exe FirewallRules: [{3CAEFE79-699F-469E-B6F9-B091EBA7977B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane-32bit.exe FirewallRules: [{B9A64788-ACE2-4640-847F-FCC80A4073DD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\X-Plane-32bit.exe FirewallRules: [{71887608-59B6-4594-B78C-A0E9E5ED1322}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Airfoil-Maker.exe FirewallRules: [{DFC2E672-6571-45A7-9DD1-F9BE7B95C4D8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Airfoil-Maker.exe FirewallRules: [{BA33D9CE-3AC6-4772-AD07-30F5266721D6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Plane-Maker.exe FirewallRules: [{EB81B44C-69D4-4EF0-BBFC-D8F3A790D4C4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\X-Plane 10\Plane-Maker.exe FirewallRules: [{544FB29C-D122-40D5-9533-0B91B037F97E}] => (Allow) D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{85A614CD-CF40-4A6B-AC2B-FEA72B926475}] => (Allow) D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5B7BE32C-758E-4F81-B3B5-B210A8314424}] => (Allow) D:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{919C44EA-8ABF-45DA-B156-C3A8E511E458}] => (Allow) D:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{61338B4F-AB75-4148-B7D0-B005F8626CEA}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{D8632584-983D-4EBF-9D05-81BBB857D9CD}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{683626A1-9262-410B-A118-7BA59B2BF787}D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{82AA2781-E3F2-404B-A88F-6FA73C38D019}D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{60E27F8A-890D-4CF4-9065-76D4C2DBD6E5}D:\users\caetano\appdata\roaming\spotify\spotify.exe] => (Allow) D:\users\caetano\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{2AA887C4-DE39-4154-9EBE-BE39A0185055}D:\users\caetano\appdata\roaming\spotify\spotify.exe] => (Allow) D:\users\caetano\appdata\roaming\spotify\spotify.exe FirewallRules: [{5591D6E1-7F70-4F54-B76A-7BB5234BB53C}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{8B535619-274B-4D07-98E6-3DBED2F56A06}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{A9CEE8F2-C5CE-44F1-BD0B-5236BFA471A8}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{E3865D2D-8097-49BF-AAC6-ACEEEBB81A55}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{66CD4650-9A88-44F9-A63A-B74A2E03824C}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{BDDE50E3-DE06-4EF2-A960-07D5658265D6}] => (Allow) D:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{AF31071D-D56D-422B-A140-F029814EC839}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{05A48E50-1D59-4DFE-B3B5-2707F5222625}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{C65AF969-2F83-49A8-A6C2-8491FAAE6CB9}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{F9A12D6A-D6E7-4D66-B7EA-9C2650D744B2}] => (Allow) D:\Program Files\KMSpico\AutoPico.exe ==================== Restore Points ========================= 17-01-2016 10:57:44 Windows Update ==================== Faulty Device Manager Devices ============= Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/19/2016 10:21:33 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [0] Error: (01/19/2016 05:03:22 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program uTorrent.exe version 3.4.5.41372 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2ad8 Start Time: 01d1528fa46142f0 Termination Time: 60000 Application Path: D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe Report Id: ee4fae07-be82-11e5-9bed-f07bcbcfc6ca Faulting package full name: Faulting package-relative application ID: Error: (01/19/2016 05:02:04 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program uTorrent.exe version 3.4.5.41372 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 182c Start Time: 01d1528f2f832881 Termination Time: 60000 Application Path: D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe Report Id: bf87b610-be82-11e5-9bed-f07bcbcfc6ca Faulting package full name: Faulting package-relative application ID: Error: (01/19/2016 04:59:23 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program uTorrent.exe version 3.4.5.41372 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1990 Start Time: 01d1528e52747914 Termination Time: 60000 Application Path: D:\Users\Caetano\AppData\Roaming\uTorrent\uTorrent.exe Report Id: 58cce5d2-be82-11e5-9bed-f07bcbcfc6ca Faulting package full name: Faulting package-relative application ID: Error: (01/18/2016 10:18:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: regedit.exe, version: 10.0.10586.0, time stamp: 0x5632d798 Faulting module name: COMCTL32.dll, version: 6.10.10586.0, time stamp: 0x5632d2ce Exception code: 0xc00000fd Fault offset: 0x00000000000037a7 Faulting process id: 0x1ea8 Faulting application start time: 0xregedit.exe0 Faulting application path: regedit.exe1 Faulting module path: regedit.exe2 Report Id: regedit.exe3 Faulting package full name: regedit.exe4 Faulting package-relative application ID: regedit.exe5 Error: (01/18/2016 10:00:00 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [6] Error: (01/18/2016 09:25:57 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [0] Error: (01/17/2016 08:37:20 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [6] Error: (01/17/2016 02:22:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: nvstreamsvc.exe, version: 4.1.1944.2762, time stamp: 0x5515f674 Faulting module name: nvstreamsvc.exe, version: 4.1.1944.2762, time stamp: 0x5515f674 Exception code: 0xc0000005 Fault offset: 0x0000000000687672 Faulting process id: 0x2318 Faulting application start time: 0xnvstreamsvc.exe0 Faulting application path: nvstreamsvc.exe1 Faulting module path: nvstreamsvc.exe2 Report Id: nvstreamsvc.exe3 Faulting package full name: nvstreamsvc.exe4 Faulting package-relative application ID: nvstreamsvc.exe5 Error: (01/17/2016 02:22:01 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed continue stopping. [6] System errors: ============= Error: (01/19/2016 11:16:20 AM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer RODRIGO-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1A788F94-7CA5-420D-8DD8-9A9E8F2D5154}. The master browser is stopping or an election is being forced. Error: (01/19/2016 11:16:19 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (01/19/2016 11:16:18 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (01/19/2016 11:16:18 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (01/19/2016 11:16:18 AM) (Source: NetBT) (EventID: 4319) (User: ) Description: A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. Error: (01/19/2016 05:53:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_54926f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (01/19/2016 04:22:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 8 0x0 0x0 Error: (01/19/2016 04:22:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 2 0xdeaddeed 0xeeec Error: (01/19/2016 04:22:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 1 0xc 0x4 Error: (01/18/2016 10:44:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_26102 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-01-19 04:31:45.823 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-19 04:31:45.535 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-19 04:19:55.399 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-15 12:26:25.073 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-14 20:17:54.145 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-14 20:17:54.078 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-14 20:17:53.916 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-14 20:17:53.669 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-14 16:15:29.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-13 21:31:47.169 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz Percentage of memory in use: 51% Total physical RAM: 4014.07 MB Available physical RAM: 1966.59 MB Total Virtual: 8110.07 MB Available Virtual: 5665.97 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:259.61 GB) (Free:259.46 GB) NTFS Drive d: (Vinicius) (Fixed) (Total:205.62 GB) (Free:47.51 GB) NTFS Drive g: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A6D81BE1) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=259.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=205.6 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt ============================