Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015 Ran by Usuario (2015-07-31 19:27:13) Running from C:\Users\Usuario\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3064860665-2106470997-2649600080-500 - Administrator - Disabled) Convidado (S-1-5-21-3064860665-2106470997-2649600080-501 - Limited - Disabled) Usuario (S-1-5-21-3064860665-2106470997-2649600080-1001 - Administrator - Enabled) => C:\Users\Usuario ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated) AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Avast Premier (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) BB Token Admin Tool (HKLM-x32\...\{95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}) (Version: 1.1.0 - Watchdata Technologies Pte., Ltd.) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated) clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKU\S-1-5-21-3064860665-2106470997-2649600080-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) ETDWare PS/2-X64 11.6.23.203_WHQL (HKLM\...\Elantech) (Version: 11.6.23.203 - ELAN Microelectronic Corp.) Ferramentas do Visual Studio 2005 para Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden HP Deskjet 2050 J510 series Ajuda (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard) HP Deskjet 2050 J510 series Estudo de aprimoramento de produtos (HKLM\...\{8D71EFB0-B1EF-4478-92D2-A65DB23AC460}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 2050 J510 series Software básico do dispositivo (HKLM\...\{2DCBB45E-AA03-4089-87E7-EC17E606D738}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Intel(R) Technology Access (HKLM-x32\...\{413fe921-b226-41c8-bc3c-574074ceec4d}) (Version: 1.4.4.1000 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated) Malwarebytes Anti-Malware versão 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden MergeModule_x86 (x32 Version: 9.1.00 - Sony Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.1.2 - ) Mozilla Firefox 39.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pt-BR)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer) Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayMemories Home (HKLM-x32\...\{9BC57F80-FBCF-463C-B69F-09DEC3A4612B}) (Version: 4.2.00.02052 - Sony Corporation) PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden PMB_ServiceUploader (x32 Version: 9.2.00 - Sony Corporation) Hidden Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1412.176 - Trusteer) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros) Rapport (x32 Version: 3.5.1412.176 - Trusteer) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Warsaw 1.5.1.8886 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.5.1.8886 - GAS Tecnologia) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3064860665-2106470997-2649600080-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3064860665-2106470997-2649600080-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-3064860665-2106470997-2649600080-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-3064860665-2106470997-2649600080-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3064860665-2106470997-2649600080-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3064860665-2106470997-2649600080-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3064860665-2106470997-2649600080-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 14-07-2015 12:57:27 Installed Rapport 23-07-2015 18:18:32 Ponto de Verificação Agendado 30-07-2015 16:16:02 JRT Pre-Junkware Removal ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 02:26 - 2015-07-30 16:12 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E3989F1-A917-448E-AB85-584C8456A2AE} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated) Task: {2AF1E3B2-8631-461C-BADF-A142AB13323B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] () Task: {2B6D130D-4A73-4968-9379-3A733E59FE4D} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: {366BA451-FAE4-4E95-980A-634D522A109F} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate) Task: {5C77087E-C620-4069-9424-DDD0CDA99E71} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {9007BD2F-0E8E-4504-BCFE-490E3C07662E} - System32\Tasks\Pokki => %LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe Task: {9A884A99-FE63-4D55-946F-B2E21A51D613} - System32\Tasks\avastBCLRestartS-1-5-21-3064860665-2106470997-2649600080-1001 => Chrome.exe Task: {9D1A5392-3B34-4BDD-AF75-2243E8E08EF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {CDD27CFC-933A-48A7-AC66-D5BC588DFD55} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) Task: {DAD529DA-B48E-42E2-B748-2F039054B6AC} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] () Task: {DEB21A6D-2D89-4F5E-A785-E16E57D99A34} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-19] (Avast Software s.r.o.) Task: {DFFC696E-B886-4568-8E15-1AD0D9C20E67} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] () Task: {F1F05B85-24C7-4B8B-B1CB-A00366E65023} - System32\Tasks\{32C664C5-3C97-4930-AD6C-D1EC28E62F41} => pcalua.exe -a "C:\Users\Usuario\Downloads\DiagnosticoBB (1).exe" -d C:\Users\Usuario\Downloads (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (Whitelisted) ============== 2015-07-07 11:44 - 2015-07-07 11:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll 2015-07-07 13:41 - 2015-07-07 13:41 - 01793280 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll 2015-07-07 13:41 - 2015-07-07 13:41 - 00354560 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll 2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2015-04-22 12:59 - 2015-04-22 12:59 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-04-22 12:59 - 2015-04-22 12:59 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-07-30 21:34 - 2015-07-30 21:34 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15073005\algo.dll 2015-07-31 15:15 - 2015-07-31 15:15 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073103\algo.dll 2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2015-03-21 14:18 - 2015-03-21 14:18 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-04-11 07:13 - 2012-04-11 07:13 - 00035328 _____ () C:\Windows\SYSTEM32\WatchData\Watchdata Brazil CSP v1.0\UIResB3.DLL 2012-03-29 00:39 - 2012-03-29 00:39 - 00239616 _____ () C:\Windows\SYSTEM32\WatchData\Watchdata Brazil CSP v1.0\hodll.dll 2013-11-14 09:37 - 2013-05-08 17:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2013-11-14 09:57 - 2013-02-20 21:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll 2015-07-29 19:44 - 2015-07-25 05:46 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll 2015-07-29 19:44 - 2015-07-25 05:46 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3064860665-2106470997-2649600080-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-3064860665-2106470997-2649600080-1001\...\bb.com.br -> hxxps://seg.bb.com.br ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3064860665-2106470997-2649600080-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{A4808445-5350-4904-A502-78936D18F429}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{3BFF4518-F4B6-4E1D-BF6C-A165D4F8B21C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe FirewallRules: [{7FF2A163-C17C-4D68-A970-66EF24C64390}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{5EB331FF-3F24-4532-85BE-D4946136A44A}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe FirewallRules: [{0D32DAB5-DE69-430D-955B-00722DFB5B22}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{C80705D0-A32A-4376-B75F-E00A5E3418E3}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe FirewallRules: [{0CCFA6C8-297E-47DC-9EA1-3B96C3CE40A6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{D980A466-E8D3-4815-8A20-560C990AEAAE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe FirewallRules: [{331DAD00-FBCD-4A20-A9B3-08849F530CD1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{FC764AD0-B402-496B-A447-D9363115BEB7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe FirewallRules: [{D31726FA-AA82-4EEA-ADF2-F9E69CC4BC89}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe FirewallRules: [{C0EDB26A-E8BE-4EF6-8974-CEEB28F9E25A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{4144D705-21F1-41DF-8FB1-9D18DDB3E5CD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe FirewallRules: [{CCBA4A85-C5E5-4D6C-B287-0CFAE840E1E4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{9D8229F0-19BF-40CC-A53C-5F960C1B133A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe FirewallRules: [{184E2EDE-A044-486B-B586-DDBEF4113210}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{6CDB41E4-722C-47B8-B19E-AFE774B5389E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe FirewallRules: [{C17A24BC-ABDF-40A7-AB00-8CCECDD761AF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{5DAA63DE-2B82-4B70-B214-85FE4E5BB049}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe FirewallRules: [{6F7F44D0-3EB3-443A-A418-B6D3C5066F8C}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [{7812805D-BE76-473C-9920-C71478F0E28C}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe FirewallRules: [TCP Query User{432DAEBD-4C09-4C11-80B7-F55A9B61846B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{013D61D8-1289-4052-8385-03927FA0E464}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{C7EE4184-9EA8-468F-A19E-872AAA2D8780}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe FirewallRules: [{67C409E1-6997-46FA-B0D0-9F2F54EA4706}] => (Allow) C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{D2BC1542-94ED-4F61-AFD5-CCF5B7821DB3}] => (Allow) C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{F5EFB86C-3602-485F-8098-79A9AFBAEC02}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{A8C38BC4-3776-4427-A576-91098A9D0BC7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{95867523-A508-4E41-A419-E066D0683124}] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{ECF01375-F5F8-4837-9AD0-1E0871B2A1A6}] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{3643522A-593B-40AC-BD42-82C90C028319}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE9CE614-1EEF-4772-BC21-F396A13AEC7E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{7BA35DA3-2C22-4B19-8F7F-076B2B2A6CC9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{5F32A878-C655-4DAC-A9AD-87714724D98F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{DE09F086-6215-4532-A826-E20BC8822662}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe FirewallRules: [{9C8417BE-EFD9-4B07-8D6F-30FC12476709}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe FirewallRules: [{03029884-01F5-4DF0-B5B1-3FE7D2C51D44}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{71E3862E-C84C-4E14-B5C0-96370B08EDE4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{34184772-24EF-4B3C-B3D9-B411CDE22CA0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{3FA026CD-A45F-42BF-832A-E87E9A0EFC6C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/31/2015 01:40:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (07/29/2015 06:31:29 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (07/28/2015 10:41:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (07/28/2015 06:46:03 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: Falha na geração de contexto de ativação para "asmv2:clrClassInvocation1". Erro no arquivo de manifesto ou de política asmv2:clrClassInvocation2", na linha asmv2:clrClassInvocation3. O elemento asmv2:clrClassInvocation aparece como filho do elemento urn:schemas-microsoft-com:asm.v1^entryPoint, o que não tem suporte nesta versão do Windows. Error: (07/28/2015 06:46:03 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: Falha na geração de contexto de ativação para "asmv2:clrClassInvocation1". Erro no arquivo de manifesto ou de política asmv2:clrClassInvocation2", na linha asmv2:clrClassInvocation3. O elemento asmv2:clrClassInvocation aparece como filho do elemento urn:schemas-microsoft-com:asm.v1^entryPoint, o que não tem suporte nesta versão do Windows. Error: (07/28/2015 06:46:03 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: Falha na geração de contexto de ativação para "asmv2:clrClassInvocation1". Erro no arquivo de manifesto ou de política asmv2:clrClassInvocation2", na linha asmv2:clrClassInvocation3. O elemento asmv2:clrClassInvocation aparece como filho do elemento urn:schemas-microsoft-com:asm.v1^entryPoint, o que não tem suporte nesta versão do Windows. Error: (07/28/2015 06:42:21 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: Falha na geração de contexto de ativação para "asmv2:clrClassInvocation1". Erro no arquivo de manifesto ou de política asmv2:clrClassInvocation2", na linha asmv2:clrClassInvocation3. O elemento asmv2:clrClassInvocation aparece como filho do elemento urn:schemas-microsoft-com:asm.v1^entryPoint, o que não tem suporte nesta versão do Windows. Error: (07/28/2015 06:42:21 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: Falha na geração de contexto de ativação para "asmv2:clrClassInvocation1". Erro no arquivo de manifesto ou de política asmv2:clrClassInvocation2", na linha asmv2:clrClassInvocation3. O elemento asmv2:clrClassInvocation aparece como filho do elemento urn:schemas-microsoft-com:asm.v1^entryPoint, o que não tem suporte nesta versão do Windows. Error: (07/28/2015 06:42:21 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: Falha na geração de contexto de ativação para "asmv2:clrClassInvocation1". Erro no arquivo de manifesto ou de política asmv2:clrClassInvocation2", na linha asmv2:clrClassInvocation3. O elemento asmv2:clrClassInvocation aparece como filho do elemento urn:schemas-microsoft-com:asm.v1^entryPoint, o que não tem suporte nesta versão do Windows. Error: (07/28/2015 11:45:28 AM) (Source: ESENT) (EventID: 455) (User: ) Description: taskhostex (1984) WebCacheLocal: Erro -1811 (0xfffff8ed) ao abrir o arquivo de log C:\Users\Usuario\AppData\Local\Microsoft\Windows\WebCache\V010019D.log. System errors: ============= Error: (07/31/2015 04:41:56 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Usuario\AppData\Local\Temp\catchme.sys Error: (07/31/2015 04:41:56 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Usuario\AppData\Local\Temp\catchme.sys Error: (07/31/2015 04:41:55 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Usuario\AppData\Local\Temp\catchme.sys Error: (07/31/2015 04:41:55 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Usuario\AppData\Local\Temp\catchme.sys Error: (07/31/2015 04:41:54 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Usuario\AppData\Local\Temp\catchme.sys Error: (07/31/2015 04:41:54 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Usuario\AppData\Local\Temp\catchme.sys Error: (07/31/2015 04:41:53 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Usuario\AppData\Local\Temp\catchme.sys Error: (07/31/2015 04:41:53 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Usuario\AppData\Local\Temp\catchme.sys Error: (07/31/2015 04:41:52 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Usuario\AppData\Local\Temp\catchme.sys Error: (07/31/2015 04:41:52 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Usuario\AppData\Local\Temp\catchme.sys Microsoft Office: ========================= Error: (07/31/2015 01:40:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (07/29/2015 06:31:29 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (07/28/2015 10:41:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (07/28/2015 06:46:03 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4 Error: (07/28/2015 06:46:03 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4 Error: (07/28/2015 06:46:03 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4 Error: (07/28/2015 06:42:21 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4 Error: (07/28/2015 06:42:21 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4 Error: (07/28/2015 06:42:21 PM) (Source: SideBySide) (EventID: 72) (User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4 Error: (07/28/2015 11:45:28 AM) (Source: ESENT) (EventID: 455) (User: ) Description: taskhostex1984WebCacheLocal: C:\Users\Usuario\AppData\Local\Microsoft\Windows\WebCache\V010019D.log-1811 (0xfffff8ed) CodeIntegrity: =================================== Date: 2015-07-31 16:41:56.669 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Usuario\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-31 16:41:56.526 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Usuario\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-31 16:41:55.579 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Usuario\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-31 16:41:55.434 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Usuario\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-31 16:41:54.462 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Usuario\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-31 16:41:54.339 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Usuario\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-31 16:41:53.351 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Usuario\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-31 16:41:53.220 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Usuario\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-31 16:41:52.245 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Usuario\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-07-31 16:41:52.115 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Usuario\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 43% Total physical RAM: 6024.27 MB Available physical RAM: 3425.22 MB Total Virtual: 7048.27 MB Available Virtual: 4171.91 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:369.02 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 65ADDC8A) Partition: GPT Partition Type. ==================== End of log ============================