Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2017 Ran by DoAsnoPC (12-01-2017 08:30:30) Running from C:\Users\DoAsnoPC\Downloads Windows 10 Pro Version 1607 (X64) (2016-11-20 03:02:30) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-274241934-1915277421-3324831707-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-274241934-1915277421-3324831707-503 - Limited - Disabled) DoAsnoPC (S-1-5-21-274241934-1915277421-3324831707-1001 - Administrator - Enabled) => C:\Users\DoAsnoPC Guest (S-1-5-21-274241934-1915277421-3324831707-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.7571.2075 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Spotify (HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.1.8 - Synaptics Incorporated) Unity Web Player (HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS) Warsaw 1.14.2.35 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.14.2.35 - GAS Tecnologia) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-274241934-1915277421-3324831707-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {14E3B94F-2A1D-4B75-B2F5-9D53631C2009} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation) Task: {305B3C47-ED8F-4D32-BAE1-15BC85731659} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {6C5FA22C-6AA3-4F72-8EE6-750410E37584} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate] Task: {93280949-72AF-4D80-A8D4-DD573D2F216E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-22] (Google Inc.) Task: {9FABCE50-0889-40D8-B29B-99AF8916183A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation) Task: {C293A71F-DB7B-4101-860C-80F9EE2E3916} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-22] (Google Inc.) Task: {D0E38571-D3D1-4E03-9271-51558CB00658} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation) Task: {D29BE7BE-80A4-4C1F-BFE7-DD77B99E263E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation) Task: {D56B6898-01CB-4CD9-B907-5981D1E5A52E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-28] (Realtek Semiconductor) Task: {F1DBC84E-D5E1-469D-A838-5C6D5193A589} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\DoAsnoPC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 17:12 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 17:12 - 2016-12-09 07:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-12-17 09:40 - 2016-12-17 09:40 - 01678560 _____ () C:\Users\DoAsnoPC\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll 2016-10-22 14:46 - 2016-12-04 00:04 - 08924872 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-11-20 04:14 - 2016-11-20 04:14 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-12-14 17:13 - 2016-12-09 06:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-21 20:46 - 2016-11-02 07:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-21 20:46 - 2016-11-02 07:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-21 20:46 - 2016-11-02 07:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-21 20:46 - 2016-11-02 07:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-21 20:46 - 2016-11-02 07:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-12-14 11:56 - 2016-12-14 11:57 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-12-14 11:56 - 2016-12-14 11:57 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-12-14 11:56 - 2016-12-14 11:57 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-12-14 11:56 - 2016-12-14 11:57 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll 2016-12-15 07:30 - 2016-12-08 05:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-15 07:30 - 2016-12-08 05:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2017-01-11 15:43 - 2017-01-11 15:43 - 31167576 _____ () C:\Users\DoAsnoPC\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll 2016-10-22 12:26 - 2016-10-22 12:26 - 00005120 _____ () C:\WINDOWS\KMS-R@1nHook.exe 2016-10-22 12:26 - 2016-10-22 12:26 - 00004096 _____ () C:\WINDOWS\KMS-R@1nHook.dll 2017-01-11 16:28 - 2016-12-13 14:17 - 03243616 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll 2017-01-12 08:18 - 2017-01-12 08:18 - 00098816 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32api.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00110080 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pywintypes27.dll 2017-01-12 08:18 - 2017-01-12 08:18 - 00364544 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pythoncom27.dll 2017-01-12 08:18 - 2017-01-12 08:18 - 00320512 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32com.shell.shell.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00914432 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_hashlib.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 01176576 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._core_.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00806400 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._gdi_.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00816128 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._windows_.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 01067008 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._controls_.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00733184 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._misc_.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00682496 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pysqlite2._sqlite.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00088064 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_ctypes.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00686080 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\unicodedata.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00119808 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32file.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00108544 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32security.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00007168 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\hashobjs_ext.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00017920 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\thumbnails_ext.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00088064 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\usb_ext.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00012800 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\common.time34.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00018432 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32event.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00167936 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32gui.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00046080 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_socket.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 01303552 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_ssl.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00128512 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_elementtree.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00127488 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\pyexpat.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00038912 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32inet.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00036864 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_psutil_windows.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00524248 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\windows._lib_cacheinvalidation.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00011264 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32crypt.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00123392 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._wizard.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00077312 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._html2.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00027648 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_multiprocessing.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00020480 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\_yappi.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00035840 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32process.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00078848 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\wx._animate.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00024064 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32pipe.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00010240 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\select.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00025600 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32pdh.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00017408 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32profile.pyd 2017-01-12 08:18 - 2017-01-12 08:18 - 00022528 ____R () C:\Users\DoAsnoPC\AppData\Local\Temp\_MEI64762\win32ts.pyd 2016-10-27 15:32 - 2016-12-26 17:54 - 51777648 _____ () C:\Users\DoAsnoPC\AppData\Roaming\Spotify\libcef.dll 2016-10-28 16:33 - 2016-12-26 17:54 - 00110192 _____ () C:\Users\DoAsnoPC\AppData\Roaming\Spotify\SpotifyWinRT.dll 2016-10-27 15:32 - 2016-12-26 17:54 - 01803888 _____ () C:\Users\DoAsnoPC\AppData\Roaming\Spotify\libglesv2.dll 2016-10-27 15:32 - 2016-12-26 17:54 - 00086128 _____ () C:\Users\DoAsnoPC\AppData\Roaming\Spotify\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [2770] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\bancobrasil.com.br -> hxxps://www14.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\banese.b.br -> www.banese.b.br IE trusted site: HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\banese.com.br -> egov.banese.com.br IE trusted site: HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\banesecard.com.br -> www.banesecard.com.br IE trusted site: HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\bb.com.br -> hxxps://seg.bb.com.br IE trusted site: HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\se.gov.br -> portaldoservidor.se.gov.br ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 04:24 - 2016-11-03 21:06 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-274241934-1915277421-3324831707-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DoAsnoPC\Pictures\Creativity Wallpaper Brain.jpg DNS Servers: 192.168.25.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "WindowsDefender" HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-274241934-1915277421-3324831707-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{C3FBEBFC-6B51-41D9-B69B-E2B869C3F1F2}] => C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{DBB23873-809C-4750-B0C7-06FA78EF2DC7}] => LPort=1688 FirewallRules: [{5346E9C1-F1E9-4AE5-B4A3-B45316729825}] => C:\Users\DoAsnoPC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{08C6A213-E06B-49A3-AD4F-B73D17240B62}] => C:\Users\DoAsnoPC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3226B77C-93BE-471F-9B6E-E5B6ED0858BE}] => C:\Users\DoAsnoPC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DE89D16E-8318-4AE0-89F9-932D21C226D5}] => C:\Users\DoAsnoPC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{AF20878D-9FC5-4F2E-964C-817624CAF823}] => C:\Users\DoAsnoPC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2ECCA274-34A5-48F3-8E21-338EBC02C5AA}] => C:\Users\DoAsnoPC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [UDP Query User{301B68F7-064C-470B-8948-7B398D179A20}C:\users\doasnopc\appdata\roaming\spotify\spotify.exe] => C:\users\doasnopc\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{BFC031BE-0768-405E-BA47-C5E2DB1863E8}C:\users\doasnopc\appdata\roaming\spotify\spotify.exe] => C:\users\doasnopc\appdata\roaming\spotify\spotify.exe FirewallRules: [{3F340643-40C2-414F-9C43-012BFCF37E39}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{21EC2A81-DA35-4AC8-BE7C-9DDDAD47C8C1}] => C:\Windows\KMS-R@1n.exe FirewallRules: [{8620A153-073C-4ABA-B65C-C71793135A3E}] => C:\Windows\KMS-R@1n.exe FirewallRules: [{03B8DFE7-9346-4D2D-9F32-B73A03D19FE6}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{4756BF9A-E701-49D8-96CE-6C5B9D4FE615}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{BF1C80E9-B804-4264-AE1F-85EC19BB3A66}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{BC55639D-CFE5-4D13-8B53-57907043641C}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{F5B6CA8E-6B7F-4A56-BFD3-5F3352EEB302}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/12/2017 08:23:45 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (01/12/2017 08:16:41 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/12/2017 08:16:39 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (01/12/2017 08:16:38 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (01/12/2017 08:16:38 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/12/2017 08:16:37 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/12/2017 08:16:37 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/12/2017 08:16:37 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/12/2017 08:06:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-90OM0O5) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (01/12/2017 08:06:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-90OM0O5) Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (01/12/2017 08:16:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Gbpddreg svc service failed to start due to the following error: The system cannot find the file specified. Error: (01/12/2017 08:16:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Gbpddreg svc service failed to start due to the following error: The system cannot find the file specified. Error: (01/12/2017 08:16:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Gbpddreg svc service failed to start due to the following error: The system cannot find the file specified. Error: (01/12/2017 08:15:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Gbpddreg svc service failed to start due to the following error: The system cannot find the file specified. Error: (01/12/2017 08:15:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/12/2017 08:15:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The KMS-R@1n service terminated unexpectedly. It has done this 1 time(s). Error: (01/12/2017 08:13:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/12/2017 08:13:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (01/12/2017 08:10:35 AM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (01/12/2017 08:10:32 AM) (Source: disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz Percentage of memory in use: 69% Total physical RAM: 3969.84 MB Available physical RAM: 1222.05 MB Total Virtual: 4673.84 MB Available Virtual: 1726 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:68.36 GB) (Free:11.23 GB) NTFS Drive e: () (Fixed) (Total:377.87 GB) (Free:337.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 495E94E3) Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=377.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================