Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017 Ran by Nasser (20-11-2017 07:08:47) Running from C:\Users\Nasser\Downloads Windows 10 Home Version 1607 14393.321 (X64) (2016-10-09 07:32:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-2838503418-137235398-234371728-500 - Administrator - Disabled) Convidado (S-1-5-21-2838503418-137235398-234371728-501 - Limited - Disabled) DefaultAccount (S-1-5-21-2838503418-137235398-234371728-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2838503418-137235398-234371728-1003 - Limited - Enabled) Nasser (S-1-5-21-2838503418-137235398-234371728-1001 - Administrator - Enabled) => C:\Users\Nasser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated) Arquivo do WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros) Bejeweled 3 (HKLM-x32\...\WTA-fbb588f6-099a-4ed1-b621-5ecfd53db529) (Version: 3.0.2.59 - WildTangent) Hidden DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.) Enchanted Cavern 2 (HKLM-x32\...\WTA-74b59216-fb60-422b-ab7f-8bc4ac143888) (Version: 2.2.0.110 - WildTangent) Hidden Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.) Ferramentas de Verificação do Microsoft Office 2013 - Português (HKLM-x32\...\{90150000-001F-0816-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.) Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden HP Officejet 6500 E710n-z Software básico do dispositivo (HKLM\...\{F139CF62-D4D8-4B74-B8A3-873ED3AD32E0}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation) King Oddball (HKLM-x32\...\WTA-f15b17eb-8010-458d-992f-1401668c8c53) (Version: 3.0.2.48 - WildTangent) Hidden Magic Academy (HKLM-x32\...\WTA-7e5033bb-0bd1-437c-935c-ed0f6a8c4736) (Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Artifacts (HKLM-x32\...\WTA-19deda32-bc91-49a8-8294-26d0a304adbc) (Version: 2.2.0.110 - WildTangent) Hidden Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2838503418-137235398-234371728-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MPC-HC 1.7.9 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.9 - MPC-HC Team) My Kingdom for the Princess 3 (HKLM-x32\...\WTA-136e17bc-a117-47fa-b983-f85f8d5bf413) (Version: 2.2.0.110 - WildTangent) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Peggle Nights (HKLM-x32\...\WTA-de199027-97c3-49ef-aff1-9d984e7e0b9d) (Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-fa511ded-c859-4d7d-9792-073da13aca00) (Version: 3.0.2.59 - WildTangent) Hidden Polar Bowler (HKLM-x32\...\WTA-c5069a51-6eeb-44f7-b508-06ce89756e78) (Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.) Replay Media Splitter 2.2.1409.56 (HKLM-x32\...\Replay_Media_Splitter_1.2) (Version: 2.2.1409.56 - Applian Technologies Inc.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Subtitle Edit 3.4.12 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.12.1 - Nikse) Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated) TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation) TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.06.6403 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.3.6401 - Toshiba Corporation) TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION) TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.20C - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{35895085-63FF-4661-B5B4-817E36A91C56}) (Version: 2.6.16.0 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation) TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH) Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0816-0000-0000000FF1CE}_Office15.PROPLUS_{2516A853-ABDE-4BEA-8343-B33C036A9BBE}) (Version: - Microsoft) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.4 - Compal) Hidden Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.4 - Compal) Hidden Virtual Villagers 5 - New Believers (HKLM-x32\...\WTA-a4af01ec-b918-4b8c-b1bb-bec217d3615f) (Version: 3.0.2.32 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.9 - WildTangent) Hidden Youda Jewel Shop (HKLM-x32\...\WTA-5d39340c-0086-488c-a9fd-33bec1b3a885) (Version: 3.0.2.51 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2838503418-137235398-234371728-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google) ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> No File ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2009-06-02] () ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2009-08-16] () ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> No File ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google) ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2009-06-02] () ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2009-08-16] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-08-31] (Intel Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2009-06-02] () ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2009-08-16] () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0A617E22-19AC-4718-8775-541BFFFA5DBA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation) Task: {13914097-67DF-478E-A9A7-6689A9E402FB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Nasser\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {1A2CE993-A86A-497F-BC9D-6384C8EB125C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {2006819F-62F9-4214-8506-7E9BBAE4F65A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {2CF8E8BC-04C1-489A-A079-1DDF7113D2DD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {47FD3D4F-EAD0-4803-B1A4-C5C8B49B15F4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation) Task: {4B760CAF-F09B-470B-AFEB-D8F50EC83F01} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-26] (Realtek Semiconductor) Task: {4DE757AF-8C84-4C3A-9243-C27031B9B89F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {54DA896B-8F6D-47CB-9B4C-966BB9285954} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {54F5FB6D-0CAA-47E5-8539-F633F06F5442} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {560925A4-B41D-4D93-9E89-2789B3922E37} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {66902B2A-7AC8-490B-85BA-DBDFF72E6BF0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {6FBDFC8F-4ACC-4E14-87DC-A6C188E233A5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {70945085-6BDF-4091-A6C3-C6816C59E604} - \WPD\SqmUpload_S-1-5-21-2838503418-137235398-234371728-1001 -> No File <==== ATTENTION Task: {7234FD18-3BDF-49AD-89F2-40A4E97C4AE0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {83C529EC-956E-4321-8D7D-3FCDC5FC3CB2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {884045FF-CFC4-4463-82ED-D0F6A95B9DC0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {A0CA9AAF-A81D-412E-8810-44E167103467} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated) Task: {A2AAC0E1-DA3F-4D05-A6FB-C95C6B992C3D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {A330AD14-25A9-471E-8CB0-19EF24059DD6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {A76D4617-C937-4412-963A-8C119D44085A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {AD35C78C-76F8-4A25-A329-B328E4E9AA7C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-26] () Task: {B1A26B36-974F-41AA-87AF-ACC95F6D1FB1} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH) Task: {C231F671-A252-4E37-BF5E-C4BEF01C01F5} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [2015-05-27] () Task: {D15CE372-AF4A-4465-930D-A20063D08518} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {D2DFFE24-033A-43AB-9697-2A35FC9B9907} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {D75890A0-12A0-4A91-8413-CE2D8FE8BA79} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation) Task: {E6761D47-96EC-445F-B01C-3418ADE8B2F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-05-27 11:46 - 2015-05-27 11:46 - 000019960 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2016-07-16 11:42 - 2016-07-16 11:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-10-09 07:20 - 2016-10-09 07:20 - 002681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-07-16 11:42 - 2016-07-16 11:42 - 000130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2016-10-09 07:20 - 2016-10-09 07:20 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-10-12 14:55 - 2016-10-05 09:35 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-10-12 14:57 - 2016-10-05 09:21 - 009760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-10-12 14:57 - 2016-10-05 09:13 - 001401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-10-12 14:56 - 2016-10-05 09:13 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-10-12 14:57 - 2016-10-05 09:13 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-10-12 14:57 - 2016-10-05 09:14 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2012-07-19 02:38 - 2012-07-19 02:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2017-11-14 06:22 - 2017-11-10 09:57 - 002871640 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swiftshader\libglesv2.dll 2017-11-14 06:22 - 2017-11-10 09:57 - 000138072 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\swiftshader\libegl.dll 2016-10-09 07:21 - 2016-10-09 07:21 - 003388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2838503418-137235398-234371728-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nasser\Pictures\Belém Portugal.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{45FAAAF3-67E4-4A99-8FCA-EF41A1EFBFD3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{A5569341-BADB-44BA-9EBD-765EBE9B0293}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{BBFEB02A-64BA-45EC-8104-9673AFCBBDCE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{93843766-5168-4E10-81BA-762AA72349B8}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{867459EB-C060-4F2D-91EE-31F3FFF63709}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe FirewallRules: [{CAA250D9-EC6A-402E-921B-DD4F1FEBB7D0}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe FirewallRules: [{9B92447D-0894-4C55-914E-DD4713B40B3A}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe FirewallRules: [{1ED1E206-3612-41BC-AF97-1056862F430F}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{CE5E177F-0799-4CA4-851E-4177FC81991F}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{B03B1AA8-54C1-4271-95D4-282C5870642C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{F48F384F-C25E-4D96-A20C-35D8B9784B12}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 27-10-2017 13:50:46 Operação de Restauro 06-11-2017 14:32:30 Ponto de Verificação Agendado 15-11-2017 08:09:05 Ponto de Verificação Agendado ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/20/2017 05:44:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Casa) Description: A ativação da aplicação Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI falhou com o erro: -2147024865. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (11/20/2017 05:44:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Casa) Description: A ativação da aplicação Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI falhou com o erro: -2144927142. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (11/20/2017 03:30:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Casa) Description: A ativação da aplicação Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (11/18/2017 09:20:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Casa) Description: A ativação da aplicação Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (11/18/2017 09:20:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Casa) Description: A ativação da aplicação Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (11/17/2017 05:42:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Casa) Description: A ativação da aplicação Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI falhou com o erro: -2147023169. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (11/17/2017 05:42:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Casa) Description: A ativação da aplicação Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI falhou com o erro: -2144927142. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (11/17/2017 05:40:09 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa explorer.exe versão 10.0.14393.206 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo de Segurança e Manutenção. ID do Processo: 1f14 Hora de Início: 01d35f64dca3fe59 Hora de Cessação: 0 Caminho da Aplicação: C:\Windows\explorer.exe ID do Relatório: b248c3bd-cb59-11e7-82c8-f0761c86e537 Nome completo do pacote com falha: ID da aplicação relativa ao pacote com falha: Error: (11/16/2017 02:04:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Casa) Description: A ativação da aplicação Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI falhou com o erro: -2144927142. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. Error: (11/16/2017 01:37:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Casa) Description: A ativação da aplicação Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App falhou com o erro: -2144927142. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais. System errors: ============= Error: (11/20/2017 05:44:02 AM) (Source: DCOM) (EventID: 10001) (User: Casa) Description: Não foi possível iniciar um Servidor DCOM: CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca como Indisponível/Indisponível. O erro: "31" Ocorreu ao iniciar este comando: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca Error: (11/20/2017 05:40:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (11/20/2017 03:30:40 AM) (Source: DCOM) (EventID: 10010) (User: Casa) Description: O servidor App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca não foi registado no DCOM dentro do tempo limite necessário. Error: (11/20/2017 02:52:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (11/19/2017 07:52:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (11/19/2017 04:58:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (11/19/2017 01:14:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (11/19/2017 11:28:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (11/19/2017 08:57:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. Error: (11/19/2017 05:33:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes. CodeIntegrity: =================================== Date: 2017-11-19 08:01:40.943 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-17 07:35:52.330 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-15 09:30:48.775 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-14 07:55:04.474 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-05 07:56:37.083 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-04 08:55:54.268 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-11-01 08:27:57.902 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-30 08:49:37.186 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-29 08:00:10.689 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-27 15:56:54.733 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz Percentage of memory in use: 56% Total physical RAM: 3981.93 MB Available physical RAM: 1739.55 MB Total Virtual: 5374.93 MB Available Virtual: 2763.84 MB ==================== Drives ================================ Drive c: (TI31378500A) (Fixed) (Total:918.83 GB) (Free:528.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================