Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-07-2017 Ran by Rotondo (07-07-2017 20:15:37) Running from C:\Users\Rotondo\Downloads Windows 7 Professional Service Pack 1 (X64) (2016-09-20 00:46:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2004584970-2745669029-663263948-500 - Administrator - Disabled) Guest (S-1-5-21-2004584970-2745669029-663263948-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2004584970-2745669029-663263948-1002 - Limited - Enabled) Rotondo (S-1-5-21-2004584970-2745669029-663263948-1001 - Administrator - Enabled) => C:\Users\Rotondo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.) µTorrent (HKU\S-1-5-21-2004584970-2745669029-663263948-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) AuthenTec WinBio FingerPrint Software 64-bit (HKLM\...\{F888B1E9-64E3-479D-91DB-2D9193C39535}) (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden Betfair Poker (HKU\S-1-5-21-2004584970-2745669029-663263948-1001\...\Betfair Poker) (Version: 1.1.1.33 - Betfair Poker) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{0C518F4B-8D5A-47A6-A1E2-B3F371486118}) (Version: 15.2.1.3 - Broadcom Corporation) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden Constructor (HKLM-x32\...\1207658826_is1) (Version: 2.1.0.11 - GOG.com) Custom (HKLM\...\{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}) (Version: 01.00.00.002 - Wave Systems Corp.) Hidden D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.) Dell Data Protection Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd) DellAccess (HKLM\...\{20A4AA32-B3FF-4A0B-853C-ACDDCD6CB344}) (Version: 01.03.00.078 - Wave Systems Corp.) Hidden DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.124 - Dell Inc.) EMBASSY Client Core (HKLM\...\{7EC46A4C-E659-418E-A65A-BD7FC82D4C48}) (Version: 01.03.00.123 - Wave Systems Corp.) Hidden ERAS Connector (HKLM\...\{D46BCA58-0AF7-4455-8017-34CE3FEEE808}) (Version: 02.09.05.0335 - Wave Systems Corp) Hidden Gemalto (HKLM\...\{91CE5F03-3A2A-4268-935A-04944F058AE9}) (Version: 01.64.01.0010 - Wave Systems Corp) Hidden GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.1 - Gemalto) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation) Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden K-Lite Mega Codec Pack 12.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.6.0 - KLCP) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.8229.2073 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2004584970-2745669029-663263948-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla) NordicBet (HKLM-x32\...\nordicbet (Poker)) (Version: 16.6.2.11243 - ) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team) O2Micro OZ776 SCR Driver (HKLM\...\{9F9DF365-C354-468F-A174-82660FB13C5C}) (Version: 2.1.4.223GS - O2Micro) Hidden O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{9F9DF365-C354-468F-A174-82660FB13C5C}) (Version: 2.1.4.223GS - O2Micro) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.4.13.6637 - Electronic Arts, Inc.) PBA Driver-x64 (HKLM\...\{DF5B5BEC-BA44-4669-98C8-2A691C5EA428}) (Version: 1.0.1.8 - Dell Inc.) Hidden PKR (HKLM-x32\...\PKR) (Version: - PKR Ltd) Poker at bet365 (HKU\S-1-5-21-2004584970-2745669029-663263948-1001\...\bet365poker) (Version: 1.1.1.32 - Poker at bet365) PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.9.1 - Popcorn Time) <==== ATTENTION Preboot Manager (HKLM\...\{59ACD2BB-FC62-4427-81D2-618CF81A2A32}) (Version: 03.05.00.043 - Wave Systems Corp.) Hidden Private Information Manager (HKLM\...\{A90F92B7-3C3F-4AEF-B281-31DD17BB73CA}) (Version: 07.03.00.032 - Wave Systems Corp.) Hidden Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.112 - Trusteer) Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.112 - Trusteer) Hidden Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.) SI TSS (HKLM\...\{A2309A2F-4BEB-45C8-92E1-84D430AC15AD}) (Version: 2.1.41 - Security Innovation) Hidden SPBA (WBF) 5.9 (HKLM\...\{DD317AA5-F0EF-480F-9501-507712B5E0B6}) (Version: 5.9.7.7232 - Authentec Inc.) Hidden ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics) Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.) Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.) Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts) toolkit32for64bit (HKLM-x32\...\{CB63285D-990D-4207-AE31-000025626917}) (Version: 7.70.13.0001 - Wave Systems Corp) Hidden Trusted Drive Manager (HKLM\...\{236EBEF4-8DE5-4E0E-8FD0-27D94F772FF0}) (Version: 5.0.2.24 - Wave Systems Corp.) Hidden Warsaw 1.16.1.45 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.16.1.45 - GAS Tecnologia) Wave Crypto Runtime 2.0.9.0 x64 (HKLM\...\{5F160A36-29D0-4AE0-986C-671A564BC0D4}) (Version: 02.00.09.0000 - Wave Systems Corp) Hidden Wave Crypto Runtime 2.0.9.0 x86 (HKLM-x32\...\{29D07FB4-A026-4E1F-B9A2-8C9EC0E2FEBB}) (Version: 02.00.09.0000 - Wave Systems Corp) Hidden Wave Infrastructure Installer (HKLM\...\{90DB5C39-360F-4187-9D56-E3B013CEEF73}) (Version: 07.70.13.0001 - Wave Systems Corp) Hidden Wave Support Software Installer (HKLM\...\{86A9BBDF-9B6D-4E3D-810E-23C9079C6217}) (Version: 05.15.00.024 - Wave Systems Corp) Hidden WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2410 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2004584970-2745669029-663263948-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Rotondo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll () ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.) ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.) ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-18] () ContextMenuHandlers01: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation) ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google) ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ContextMenuHandlers02: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation) ContextMenuHandlers04: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation) ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google) ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-02-01] (Intel Corporation) ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {078E20C0-8B27-4B72-BF57-2058AF4824D2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {0E84CADC-5AA0-4556-8B34-6296383C12C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-19] (Adobe Systems Incorporated) Task: {219F9975-0C10-4127-B4C3-C51641CEFCA1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-05] () Task: {6B4F0D45-72DE-4BBA-898D-01768C4F31F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-02] (Google Inc.) Task: {8F90DFCD-C753-4A10-B0B1-88ABE9DABED5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-05] () Task: {B476FFDC-DD5F-4DC3-8D6D-16B7C7D38749} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation) Task: {CF25C108-B2E2-4681-AE5D-E44B1B16AA59} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-11-22] () Task: {D64C1F3F-F921-4467-A76E-32C7A04D8C7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-02] (Google Inc.) Task: {DA086163-851E-4FEE-AA3C-E08138AA4ED3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-05] (Microsoft Corporation) Task: {EDF7FFC0-7F1C-4820-AD43-FD8DD91333F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation) Task: {F384C601-083A-4A40-B68E-18A0B410CF9C} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-05-11 08:42 - 2012-05-11 08:42 - 01643520 _____ () C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe 2016-12-13 08:20 - 2016-12-13 08:20 - 00959168 _____ () C:\Users\Rotondo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2013-03-11 09:05 - 2013-03-11 09:05 - 00231792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe 2013-03-11 09:04 - 2013-03-11 09:04 - 00039280 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll 2012-05-11 08:47 - 2012-05-11 08:47 - 00003072 _____ () C:\Program Files (x86)\Security Innovation\SI TSS\bin\TspPopup_ENU.dll 2014-01-30 22:19 - 2012-02-01 18:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2017-06-26 19:50 - 2017-06-23 00:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll 2017-06-26 19:50 - 2017-06-23 00:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll 2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2017-07-07 20:03 - 2017-07-07 20:03 - 00098816 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32api.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00110080 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\pywintypes27.dll 2017-07-07 20:03 - 2017-07-07 20:03 - 00364544 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\pythoncom27.dll 2017-07-07 20:03 - 2017-07-07 20:03 - 00320512 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32com.shell.shell.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00914432 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\_hashlib.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 01176576 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\wx._core_.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00806400 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\wx._gdi_.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00816128 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\wx._windows_.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 01067008 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\wx._controls_.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00733184 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\wx._misc_.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00682496 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\pysqlite2._sqlite.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00088064 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\_ctypes.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00686080 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\unicodedata.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00119808 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32file.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00108544 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32security.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00007168 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\hashobjs_ext.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00017920 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\thumbnails_ext.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00088064 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\usb_ext.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00012800 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\common.time34.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00018432 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32event.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00167936 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32gui.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00046080 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\_socket.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 01303552 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\_ssl.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00128512 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\_elementtree.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00127488 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\pyexpat.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00038912 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32inet.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00036864 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\_psutil_windows.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00524248 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\windows._lib_cacheinvalidation.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00011264 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32crypt.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00123392 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\wx._wizard.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00077312 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\wx._html2.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00027648 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\_multiprocessing.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00020480 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\_yappi.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00035840 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32process.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00078848 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\wx._animate.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00024064 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32pipe.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00010240 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\select.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00025600 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32pdh.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00017408 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32profile.pyd 2017-07-07 20:03 - 2017-07-07 20:03 - 00022528 ____R () C:\Users\Rotondo\AppData\Local\Temp\_MEI32922\win32ts.pyd 2014-01-30 17:09 - 2014-01-30 17:09 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\fcf5465f0920c8bf04336df45ccf82fd\IsdiInterop.ni.dll 2014-01-30 17:07 - 2012-05-30 12:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-01-30 17:02 - 2013-09-12 18:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:07366D21_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:07366D21_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [2286] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2004584970-2745669029-663263948-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-2004584970-2745669029-663263948-1001\...\bb.com.br -> aapj.bb.com.br IE trusted site: HKU\S-1-5-21-2004584970-2745669029-663263948-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-2004584970-2745669029-663263948-1001\...\gastecnologia.com.br -> cloud.gastecnologia.com.br IE trusted site: HKU\S-1-5-21-2004584970-2745669029-663263948-1001\...\hola.org -> hxxp://hola.org ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:34 - 2016-10-16 18:57 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2004584970-2745669029-663263948-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rotondo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 181.213.132.2 - 181.213.132.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{69A71E0B-41EB-407E-8B4F-D6325A3BCF6E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{50380664-C862-4841-B60A-14129C2A23BB}] => (Allow) LPort=2869 FirewallRules: [{E25A274C-1E88-4E60-B39E-CDA3D4A17864}] => (Allow) LPort=1900 FirewallRules: [{244408C3-90B4-43F2-A6BE-756C836B253C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{6AFC4445-C950-4616-A18A-03F5E3A3A930}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{4DA14FB7-CB2F-47B6-8885-4F75832C67A6}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{3C2ED783-0B10-4EA0-AA78-85B070D5A314}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{90FCEDFD-8854-4D63-96B8-627C119A9E4A}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{EE9F0046-41B1-457C-B768-3B6A1A4DB8E8}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{3FECCD4D-FFB6-438B-A1D0-EC20A6685EC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{70AE1FF9-075C-40B9-8D5E-0AD162F564B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CDFF6E16-BDF4-4265-AF53-754BADCE56C3}] => (Allow) C:\Users\Rotondo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{391CB47C-7CDD-4AD6-8B4B-A34541F6B9C2}] => (Allow) C:\Users\Rotondo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FAB73E8C-1A4D-47FA-AEE3-E52F1965EB7A}] => (Allow) C:\Users\Rotondo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D99AFCDB-FB10-403E-95B8-A0F7A2899646}] => (Allow) C:\Users\Rotondo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3D52212D-492C-4B9D-B94E-5361DFD833EB}] => (Allow) C:\Users\Rotondo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0602EEDD-EF19-4827-99E7-49B422CA6EDE}] => (Allow) C:\Users\Rotondo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6BD136AF-F43C-43F2-A1B0-5909AB4A8018}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B8E96444-944F-495D-A911-29B245F18925}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{021B7FBD-E37F-4D43-B1F5-652051BD58E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F5635FFD-F1F7-41C0-820A-BDF24B991B8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1B17251B-C424-4039-950A-304B00AB37C4}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe FirewallRules: [{D6CB83B2-B74B-4607-9550-33C9A6506D5E}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe FirewallRules: [TCP Query User{510F8578-9F5B-4056-AFE9-7241F2315897}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [UDP Query User{74487116-2BBD-417C-B21B-60CBA6B3E4F6}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [TCP Query User{E636B340-2659-4EAF-8967-47E3FDD150E8}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe FirewallRules: [UDP Query User{AA77CD45-DFF0-49BA-B342-3EF2E402B309}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe FirewallRules: [{5BD0AA28-81BA-4677-B353-313DD9148C6E}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{A2E3EBA5-9CF8-42BA-B541-DEA5B7F7BDED}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{853290B5-C74D-4449-B469-366E93B49795}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{1C2D7859-EB37-49F1-88DD-30645D610B8A}C:\users\rotondo\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\rotondo\appdata\roaming\utorrent\updates\3.5.0_43916.exe FirewallRules: [UDP Query User{46A9C2C6-697C-442E-B461-837EF627E021}C:\users\rotondo\appdata\roaming\utorrent\updates\3.5.0_43916.exe] => (Allow) C:\users\rotondo\appdata\roaming\utorrent\updates\3.5.0_43916.exe ==================== Restore Points ========================= 20-06-2017 20:35:32 Windows Update 06-07-2017 15:33:27 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 06-07-2017 15:34:32 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 ==================== Faulty Device Manager Devices ============= Name: Warsaw - Driver (PP) Description: Warsaw - Driver (PP) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsddpp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/07/2017 08:14:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FRST64.exe, version: 7.7.2017.0, time stamp: 0x595fe66a Faulting module name: FRST64.exe, version: 7.7.2017.0, time stamp: 0x595fe66a Exception code: 0xc0000005 Fault offset: 0x0000000000026519 Faulting process id: 0xbc8 Faulting application start time: 0x01d2f776603bbf3a Faulting application path: C:\Users\Rotondo\Downloads\FRST64.exe Faulting module path: C:\Users\Rotondo\Downloads\FRST64.exe Report Id: 0f2373a3-636a-11e7-a3bf-b00594f97e69 Error: (07/07/2017 08:04:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/07/2017 08:04:07 PM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: ) Description: Unable to initialize the DellSmartSettingsSys.dll. Error number = 0xa0000008 Error: (07/07/2017 08:20:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/07/2017 08:20:32 AM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: ) Description: Unable to initialize the DellSmartSettingsSys.dll. Error number = 0xa0000008 Error: (07/06/2017 11:00:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/06/2017 11:00:13 PM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: ) Description: Unable to initialize the DellSmartSettingsSys.dll. Error number = 0xa0000008 Error: (07/06/2017 10:06:43 PM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: ) Description: There was an error while trying to query for present UWB Devices Error: (07/06/2017 10:06:29 PM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: ) Description: There was an error while trying to query for present bluetooth Devices Error: (07/06/2017 10:06:14 PM) (Source: DellFeatureEnhancementPack) (EventID: 0) (User: ) Description: There was an error while trying to query for present WWAN Devices System errors: ============= Error: (07/07/2017 08:04:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: wsddfac Error: (07/07/2017 08:04:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Update service service failed to start due to the following error: Access is denied. Error: (07/07/2017 08:04:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (07/07/2017 08:04:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (07/07/2017 09:06:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.247.532.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13903.0&avdelta=1.247.532.0&asdelta=1.247.532.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.13903.0 Error code: 0x80072f8f Error description: A security error occurred Error: (07/07/2017 09:06:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.247.532.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.13903.0&avdelta=1.247.532.0&asdelta=1.247.532.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.13903.0 Error code: 0x80072f8f Error description: A security error occurred Error: (07/07/2017 09:06:36 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.247.532.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.13903.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error: (07/07/2017 08:21:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DFEPService service. Error: (07/07/2017 08:21:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DFEPService service. Error: (07/07/2017 08:20:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: wsddfac ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz Percentage of memory in use: 61% Total physical RAM: 8065.18 MB Available physical RAM: 3117.26 MB Total Virtual: 16128.53 MB Available Virtual: 10382.21 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:331.71 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 588FBEEC) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================