Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016 Ran by karl0 (28-12-2016 20:23:20) Running from C:\Users\karl0\Downloads Windows 10 Pro Version 1511 (X64) (2016-12-17 21:23:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4267311671-3594425200-2600288286-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4267311671-3594425200-2600288286-503 - Limited - Disabled) Guest (S-1-5-21-4267311671-3594425200-2600288286-501 - Limited - Disabled) karl0 (S-1-5-21-4267311671-3594425200-2600288286-1001 - Administrator - Enabled) => C:\Users\karl0 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4267311671-3594425200-2600288286-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Nome de sua empresa:) Ansel (Version: 376.33 - NVIDIA Corporation) Hidden Atualizações da NVIDIA 23.1.0.0 (Version: 23.1.0.0 - NVIDIA Corporation) Hidden Burnout Paradise: The Ultimate Box (HKLM\...\Steam App 24740) (Version: - Criterion Games) Discord (HKU\S-1-5-21-4267311671-3594425200-2600288286-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Photos Backup (HKU\S-1-5-21-4267311671-3594425200-2600288286-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Max Payne 3 (HKLM\...\Steam App 204100) (Version: - Rockstar Studios) Microsoft OneDrive (HKU\S-1-5-21-4267311671-3594425200-2600288286-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation) NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation) NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden OpenIV (HKU\S-1-5-21-4267311671-3594425200-2600288286-1001\...\OpenIV) (Version: 2.8.703 - .black/OpenIV Team) Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios) Platform (x32 Version: 1.43 - VIA Technologies, Inc.) Hidden Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version: - Ubisoft) RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games) SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden Spotify (HKU\S-1-5-21-4267311671-3594425200-2600288286-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft) VIA Gerenciador de dispositivo de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.43 - VIA Technologies, Inc.) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4267311671-3594425200-2600288286-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\karl0\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4267311671-3594425200-2600288286-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\karl0\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B7CCA2E-94B3-4E26-A020-19C691FFBD6A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4267311671-3594425200-2600288286-1001UA => C:\Users\karl0\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-28] (Google Inc.) Task: {1923B387-6903-4847-A0DE-9391C739BBE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.) Task: {19651012-0309-4206-8249-F81BFBFACA9F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation) Task: {1A9719D3-677E-468D-B053-503C249F4338} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-12-12] (NVIDIA Corporation) Task: {2CABDD59-67EA-4028-9A2B-C20195C1B5BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4267311671-3594425200-2600288286-1001Core => C:\Users\karl0\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-28] (Google Inc.) Task: {34D6A7E6-2FC7-4FB5-B076-9042CF9B5CF5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation) Task: {6A8E98DE-4C7C-4554-8FBA-936E8F986935} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-12] (NVIDIA Corporation) Task: {99FA3CE4-05AF-41AE-91AC-BA73A58C33C3} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate] Task: {9E36EDC0-145B-435E-80C0-B407BB8FC543} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-12] (NVIDIA Corporation) Task: {D4FF254F-4C13-4919-87D1-AF5C0F627EFF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-12] (NVIDIA Corporation) Task: {D7C71ADA-26A7-416E-B0E6-74934F8D5D4B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-12] (NVIDIA Corporation) Task: {EAE5A126-8EE9-4A4D-BA32-195C1922A2F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-17] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-09-19 02:35 - 2014-09-19 02:35 - 00137584 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe 2016-12-17 19:23 - 2016-12-17 19:23 - 00026112 _____ () C:\Windows\KMS-R@1n.exe 2016-12-17 19:58 - 2016-12-12 21:36 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2016-12-17 19:58 - 2016-12-12 21:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2015-10-30 05:18 - 2015-10-30 05:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll 2016-12-17 19:57 - 2016-12-11 16:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-07-12 20:22 - 2016-07-12 20:22 - 02656408 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-07-12 20:22 - 2016-07-12 20:22 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll 2016-12-17 19:34 - 2016-12-17 19:34 - 01678560 _____ () C:\Users\karl0\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll 2016-07-12 20:12 - 2016-07-12 20:12 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 20:22 - 2016-07-12 20:22 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-12 20:22 - 2016-07-12 20:22 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2016-12-17 19:52 - 2016-12-17 19:51 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2016-12-17 19:52 - 2016-12-17 19:51 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2015-10-30 07:09 - 2015-10-30 07:09 - 00044032 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-07-12 20:22 - 2016-07-12 20:22 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-12 20:22 - 2016-07-12 20:22 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-12 20:22 - 2016-07-12 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-12 20:22 - 2016-07-12 20:22 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-12-17 19:40 - 2016-12-08 06:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-17 19:40 - 2016-12-08 06:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2014-09-19 02:35 - 2014-09-19 02:35 - 00625000 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll 2014-09-19 02:35 - 2014-09-19 02:35 - 03860848 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll 2014-09-19 02:35 - 2014-09-19 02:35 - 01587560 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll 2014-09-19 02:35 - 2014-09-19 02:35 - 06441320 _____ () C:\Program Files (x86)\AMD\OverDrive\QtGui4.dll 2014-09-19 02:35 - 2014-09-19 02:35 - 00362856 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll 2016-12-17 19:58 - 2016-12-12 21:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-12-17 19:58 - 2016-12-12 21:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2016-12-17 19:58 - 2016-12-12 21:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-12-17 19:34 - 2016-12-17 19:34 - 01244376 _____ () C:\Users\karl0\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll 2016-12-17 21:14 - 2016-12-08 13:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-12-17 21:14 - 2016-08-31 23:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-12-17 21:14 - 2016-12-20 00:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll 2016-12-17 21:13 - 2016-01-27 05:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-12-17 21:13 - 2016-01-27 05:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-12-17 21:13 - 2016-01-27 05:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-12-17 21:13 - 2016-01-27 05:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-12-17 21:13 - 2016-01-27 05:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-12-17 21:13 - 2016-08-31 23:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-12-17 21:13 - 2016-08-31 23:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-12-17 21:14 - 2016-12-20 00:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-12-17 21:13 - 2016-07-04 20:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-17 21:56 - 2016-08-24 18:49 - 01950392 _____ () C:\Users\karl0\AppData\Local\Discord\app-0.0.296\ffmpeg.dll 2016-12-17 21:56 - 2016-12-17 21:56 - 01058816 _____ () \\?\C:\Users\karl0\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node 2016-12-17 21:56 - 2016-12-17 21:56 - 03801088 _____ () \\?\C:\Users\karl0\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll 2016-12-17 21:56 - 2016-12-17 21:56 - 00894136 _____ () \\?\C:\Users\karl0\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node 2016-12-17 21:56 - 2016-12-17 21:56 - 01119416 _____ () \\?\C:\Users\karl0\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node 2016-12-17 19:58 - 2016-12-12 21:33 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2016-12-17 21:56 - 2016-08-24 18:49 - 02230456 _____ () C:\Users\karl0\AppData\Local\Discord\app-0.0.296\libglesv2.dll 2016-12-17 21:56 - 2016-08-24 18:49 - 00088760 _____ () C:\Users\karl0\AppData\Local\Discord\app-0.0.296\libegl.dll 2016-12-28 14:50 - 2016-12-28 14:50 - 00170496 _____ () \\?\C:\Users\karl0\AppData\Local\Temp\4216.tmp.node 2016-12-17 21:56 - 2016-12-17 21:56 - 02658304 _____ () \\?\C:\Users\karl0\AppData\Roaming\discord\0.0.296\modules\discord_rpc\discord_rpc.node 2016-12-17 22:51 - 2016-12-17 22:51 - 02147328 _____ () \\?\C:\Users\karl0\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node 2016-12-17 21:16 - 2016-12-05 14:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2016-12-17 21:14 - 2016-12-20 00:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll 2016-12-17 21:13 - 2015-09-24 21:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2016-12-17 19:58 - 2016-12-12 12:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-12-17 19:58 - 2016-12-12 12:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-12-17 19:58 - 2016-12-12 12:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-12-17 19:58 - 2016-12-12 12:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-12-17 19:58 - 2016-12-12 12:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-12-17 19:58 - 2016-12-12 12:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-12-17 19:58 - 2016-12-12 12:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2016-12-17 20:19 - 2016-12-12 12:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node 2015-10-30 07:09 - 2015-10-30 07:09 - 00151040 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2015-10-30 07:09 - 2015-10-30 07:09 - 18818048 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-04-08 20:35 - 2016-04-08 20:35 - 03481600 _____ () C:\Users\karl0\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 05:24 - 2015-10-30 05:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4267311671-3594425200-2600288286-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karl0\Pictures\14492356_1395894403772427_4648941484058830365_n.jpg DNS Servers: 201.82.0.68 - 201.82.0.63 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{9FE3B6BB-4672-418D-8A1C-7002F698E722}] => C:\Windows\KMS-R@1n.exe FirewallRules: [{6BDBA921-82EE-45D1-8592-D8ADC616D0CE}] => C:\Windows\KMS-R@1n.exe FirewallRules: [{234B685E-24D8-4252-8FE4-EF45008CE0C1}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{7BB62401-90AF-4A4E-98ED-218D6F362800}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{D26309A6-9C2F-4319-9232-355066588F51}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{2667D62F-639F-44B0-B799-26DC34E6C76D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{2155C6B1-D268-499C-BF0D-D2C43430BA2A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{CDCB88AB-F750-4BF0-B96D-614EEE756A6F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{5488EBEE-38FE-4E08-9FC6-7DA3E5DBEE60}C:\users\karl0\appdata\roaming\spotify\spotify.exe] => C:\users\karl0\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{1361FAB5-94E6-4C66-BE89-19B6E3BF970C}C:\users\karl0\appdata\roaming\spotify\spotify.exe] => C:\users\karl0\appdata\roaming\spotify\spotify.exe FirewallRules: [{874F553E-3414-4F61-9144-B4765E8BC28A}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F1A00AE1-3A5F-47DA-823F-BD15B8B96AF0}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F2C8E2D7-F1CE-4D8F-AD33-D11304617BE1}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1A7EA2B9-6F5E-4BB8-A48D-E2FE78522A58}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{9DEFCAF5-495D-40D2-992E-FC7CB9C4D233}] => C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{CE3036AB-B245-4CB7-9217-6F8FF97843A6}] => C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [TCP Query User{8AF12004-7CEF-48DE-90EF-AD7CAFB9958F}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [UDP Query User{5F2C8113-CF9D-4AD3-B401-E0747CA12AF9}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [TCP Query User{45AE1D8B-63C8-4573-A623-A96002F777F9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{C3729611-733B-4349-8970-6F23FB00D44B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{7C873E45-8DD0-4BB6-9FA5-E93D5DADF83A}] => C:\Users\karl0\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3E99DD69-714F-42EB-B98D-6106B2D7CEC4}] => C:\Users\karl0\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E516A876-AE7C-45A3-9787-FBB624555A3D}] => C:\Users\karl0\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{66E1906B-D6DD-438B-BE5D-B867716B7E64}] => C:\Users\karl0\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F032D16C-C3B9-47C8-BB86-AD0FE789D6C5}] => C:\Users\karl0\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7EA6214E-9C34-493C-B3B1-D5FEB818F827}] => C:\Users\karl0\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{776A52C3-40E0-49D4-BE8E-618709FAC761}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{5D9FFCF9-FEB3-445D-B912-7CB833D2B3EB}] => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{6CD9C147-F32C-48E3-9064-96B6BF9B30D9}] => C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{5BEC36CD-249C-4555-93C3-832459FC5D07}] => C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{5EFE5681-E537-4474-9F55-04EF5BBCBD73}] => C:\Program Files (x86)\Steam\steamapps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe FirewallRules: [{D37F1F8B-3490-448D-A926-ED701697098B}] => C:\Program Files (x86)\Steam\steamapps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe FirewallRules: [{706AFE52-E419-4F87-8A4F-54CB81B575B6}] => C:\Program Files (x86)\Steam\steamapps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe FirewallRules: [{D34D410E-98DC-46C5-92B0-7061E3103799}] => C:\Program Files (x86)\Steam\steamapps\common\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe ==================== Restore Points ========================= 17-12-2016 19:22:31 Windows Modules Installer 20-12-2016 23:56:16 Language Pack Removal 26-12-2016 18:16:51 DirectX instalado ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/28/2016 07:32:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: GTA5.exe, versão: 1.0.944.2, carimbo de data/hora: 0x5847f2c1 Nome do módulo com falha: GTA5.exe, versão: 1.0.944.2, carimbo de data/hora: 0x5847f2c1 Código de exceção: 0x80000003 Deslocamento da falha: 0x00000000011e7c6f ID do processo com falha: 0x2e28 Hora de início do aplicativo com falha: 0x01d261518e5b378c Caminho do aplicativo com falha: C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe Caminho do módulo com falha: C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe ID do Relatório: de528807-61bd-473f-999a-d863c9d5e2a1 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (12/28/2016 04:49:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-VNF5IBM) Description: O pacote Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe+App foi terminado porque levou muito tempo para ser suspenso. System errors: ============= Error: (12/28/2016 08:08:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID {3185A766-B338-11E4-A71E-12E3F512A338} e APPID {7006698D-2974-4091-A424-85DD0B909E23} ao usuário NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (12/28/2016 08:08:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID {3185A766-B338-11E4-A71E-12E3F512A338} e APPID {7006698D-2974-4091-A424-85DD0B909E23} ao usuário NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (12/28/2016 07:35:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID {3185A766-B338-11E4-A71E-12E3F512A338} e APPID {7006698D-2974-4091-A424-85DD0B909E23} ao usuário NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (12/28/2016 02:11:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço User Data Access_4209a foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Restart the service. Error: (12/28/2016 02:11:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço User Data Storage_4209a foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Restart the service. Error: (12/28/2016 02:11:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Contact Data_4209a foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Restart the service. Error: (12/28/2016 02:11:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Sync Host_4209a foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Restart the service. Error: (12/28/2016 02:11:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao usuário NT AUTHORITY\SYSTEM SID (S-1-5-18) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (12/28/2016 01:08:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao usuário NT AUTHORITY\SYSTEM SID (S-1-5-18) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (12/27/2016 09:38:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID {3185A766-B338-11E4-A71E-12E3F512A338} e APPID {7006698D-2974-4091-A424-85DD0B909E23} ao usuário NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. CodeIntegrity: =================================== Date: 2016-12-19 15:33:37.856 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2016-12-19 15:33:37.840 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2016-12-17 21:03:18.326 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-17 20:26:21.099 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2016-12-17 20:14:26.024 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2016-12-17 20:13:01.159 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-17 20:12:14.815 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-17 19:50:03.312 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-17 19:44:01.180 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-17 19:43:02.970 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD FX(tm)-8320 Eight-Core Processor Percentage of memory in use: 28% Total physical RAM: 12269.55 MB Available physical RAM: 8746.82 MB Total Virtual: 14125.55 MB Available Virtual: 9351.25 MB ==================== Drives ================================ Drive c: (Zeus) (Fixed) (Total:931.51 GB) (Free:552.1 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:931.51 GB) (Free:34.39 GB) NTFS Drive f: () (Fixed) (Total:931.02 GB) (Free:715.27 GB) NTFS Drive g: (CARLOS SSG) (Removable) (Total:7.6 GB) (Free:0.47 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 70BE3B22) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E10ABBF2) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: FE8D1050) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 7.6 GB) (Disk ID: 04DD5721) Partition 1: (Not Active) - (Size=7.6 GB) - (Type=0C) ==================== End of Addition.txt ============================