Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015 Ran by Magnon Palhares (2015-09-01 11:19:15) Running from C:\Users\Magnon Palhares\Downloads\FRST64 Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1406914358-753058891-3609360365-500 - Administrator - Disabled) Convidado (S-1-5-21-1406914358-753058891-3609360365-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1406914358-753058891-3609360365-503 - Limited - Disabled) Magnon Palhares (S-1-5-21-1406914358-753058891-3609360365-1001 - Administrator - Enabled) => C:\Users\Magnon Palhares ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden ELAN Touchpad 11.15.0.14_X64 (HKLM\...\Elantech) (Version: 11.15.0.14 - ELAN Microelectronic Corp.) EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation) Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.) Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) System Explorer 3.8.9 (HKLM-x32\...\System Explorer_is1) (Version: - Mister Group) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Magnon Palhares\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Magnon Palhares\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Magnon Palhares\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Magnon Palhares\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Magnon Palhares\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Magnon Palhares\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Magnon Palhares\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Magnon Palhares\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Magnon Palhares\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1406914358-753058891-3609360365-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Magnon Palhares\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 26-08-2015 10:29:04 Instalador de Módulos do Windows 30-08-2015 19:42:27 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 08:04 - 2015-07-10 08:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation) Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation) Task: {0D1D881C-01C6-4BEA-9EA8-A56FC674F8D0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-26] (Dropbox, Inc.) Task: {170E0863-1A92-4EBC-83E5-16B57DC266B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.) Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {301A97CA-0F05-4A7A-B385-BBFB93655594} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.) Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation) Task: {54EF06CC-95C2-4D58-AF1E-4807CEA61EA0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-26] (Dropbox, Inc.) Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance Task: {86D506C1-5A25-4606-8B99-45B4A3AC5E7B} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-14] (Microsoft Corporation) Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager Task: {C1A1CAB2-1F22-431E-AE06-A3316CFD05FD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-28] (Microsoft Corporation) Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-08-26 10:45 - 2015-07-14 23:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll 2015-08-26 10:45 - 2015-08-11 06:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll 2015-08-30 19:41 - 2015-08-18 04:56 - 02498808 _____ () C:\Windows\system32\CoreUIComponents.dll 2015-08-26 10:19 - 2015-08-26 10:19 - 00396688 _____ () C:\Windows\system32\igfxTray.exe 2015-08-30 19:41 - 2015-08-18 04:56 - 02498808 _____ () C:\Windows\System32\CoreUIComponents.dll 2015-07-10 07:59 - 2015-07-10 07:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-08-26 10:46 - 2015-08-02 22:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 08:00 - 2015-07-10 13:49 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-26 10:46 - 2015-08-11 05:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-26 10:46 - 2015-08-02 22:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-09-01 10:34 - 2015-09-01 10:34 - 00098816 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32api.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00110080 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\pywintypes27.dll 2015-09-01 10:34 - 2015-09-01 10:34 - 00364544 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\pythoncom27.dll 2015-09-01 10:34 - 2015-09-01 10:34 - 00045568 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\_socket.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 01161216 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\_ssl.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00320512 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32com.shell.shell.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00713216 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\_hashlib.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 01176576 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\wx._core_.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00806400 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\wx._gdi_.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00816128 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\wx._windows_.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 01067008 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\wx._controls_.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00733184 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\wx._misc_.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00682496 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\pysqlite2._sqlite.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00087552 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\_ctypes.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00119808 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32file.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00108544 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32security.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00007168 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\hashobjs_ext.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00068096 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\usb_ext.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00167936 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32gui.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00018432 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32event.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00128512 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\_elementtree.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00127488 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\pyexpat.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00013824 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\common.time34.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00036864 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\_psutil_windows.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00038912 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32inet.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00011264 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32crypt.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00077312 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\wx._html2.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00027136 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\_multiprocessing.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00020480 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\_yappi.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00035840 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32process.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00686080 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\unicodedata.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00123392 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\wx._wizard.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00024064 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32pipe.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00010240 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\select.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00025600 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32pdh.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00525640 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\windows._lib_cacheinvalidation.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00017408 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32profile.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00022528 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\win32ts.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00078848 _____ () C:\Users\Magnon Palhares\AppData\Local\Temp\_MEI21922\wx._animate.pyd 2015-09-01 10:34 - 2015-09-01 10:34 - 00071168 _____ () c:\Users\Magnon Palhares\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8gwryj.dll 2015-08-26 13:52 - 2015-08-05 02:26 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-08-26 13:52 - 2015-08-05 02:26 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-08-26 13:52 - 2015-08-05 02:26 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-08-26 13:52 - 2015-08-05 02:26 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-08-25 20:19 - 2015-08-18 02:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll 2015-08-25 20:19 - 2015-08-18 02:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1406914358-753058891-3609360365-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1406914358-753058891-3609360365-1001\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-1406914358-753058891-3609360365-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1406914358-753058891-3609360365-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_ED4575ADE4E0B791CB6C123B0C043BC0" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{9FCE3D3D-B78F-4D0A-AAB3-AD70876BBCE1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9AE6922F-3247-4123-9B58-7CFAAA023B06}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{DF0C9D51-A117-4D9F-8931-91BCF56E4784}] => (Allow) LPort=2869 FirewallRules: [{CABEB3EF-3D3E-4A14-B43C-3AF89DD5D031}] => (Allow) LPort=1900 FirewallRules: [{B655C59F-716B-4A9D-9B5C-31BCB2BB6DEF}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe FirewallRules: [{C521E06E-47A3-49E7-A8DA-A47FC75D170D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe FirewallRules: [{E4E6C095-2159-412B-BFCE-22985A9A59C9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Faulty Device Manager Devices ============= Name: Controlador de barramento SM Description: Controlador de barramento SM Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/01/2015 10:37:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: OHub.exe, versão: 16.0.6121.2376, carimbo de data/hora: 0x55d7a527 Nome do módulo com falha: Mso30Imm.dll, versão: 16.0.6118.1000, carimbo de data/hora: 0x55d39fcf Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000012535 ID do processo com falha: 0x1af4 Hora de início do aplicativo com falha: 0xOHub.exe0 Caminho do aplicativo com falha: OHub.exe1 Caminho do módulo com falha: OHub.exe2 ID do Relatório: OHub.exe3 Nome completo do pacote com falha: OHub.exe4 ID do aplicativo relativo ao pacote com falha: OHub.exe5 Error: (08/31/2015 11:02:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: OHub.exe, versão: 16.0.6121.2376, carimbo de data/hora: 0x55d7a527 Nome do módulo com falha: Mso30Imm.dll, versão: 16.0.6118.1000, carimbo de data/hora: 0x55d39fcf Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000012535 ID do processo com falha: 0x137c Hora de início do aplicativo com falha: 0xOHub.exe0 Caminho do aplicativo com falha: OHub.exe1 Caminho do módulo com falha: OHub.exe2 ID do Relatório: OHub.exe3 Nome completo do pacote com falha: OHub.exe4 ID do aplicativo relativo ao pacote com falha: OHub.exe5 Error: (08/31/2015 08:54:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ΛΙΟΝΤΆΡΙ-LEÃO) Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (08/31/2015 02:57:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ΛΙΟΝΤΆΡΙ-LEÃO) Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (08/31/2015 01:57:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: OHub.exe, versão: 16.0.6121.2376, carimbo de data/hora: 0x55d7a527 Nome do módulo com falha: Mso30Imm.dll, versão: 16.0.6118.1000, carimbo de data/hora: 0x55d39fcf Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000012535 ID do processo com falha: 0xa5c Hora de início do aplicativo com falha: 0xOHub.exe0 Caminho do aplicativo com falha: OHub.exe1 Caminho do módulo com falha: OHub.exe2 ID do Relatório: OHub.exe3 Nome completo do pacote com falha: OHub.exe4 ID do aplicativo relativo ao pacote com falha: OHub.exe5 Error: (08/31/2015 10:22:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: OHub.exe, versão: 16.0.6121.2376, carimbo de data/hora: 0x55d7a527 Nome do módulo com falha: Mso30Imm.dll, versão: 16.0.6118.1000, carimbo de data/hora: 0x55d39fcf Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000012535 ID do processo com falha: 0x990 Hora de início do aplicativo com falha: 0xOHub.exe0 Caminho do aplicativo com falha: OHub.exe1 Caminho do módulo com falha: OHub.exe2 ID do Relatório: OHub.exe3 Nome completo do pacote com falha: OHub.exe4 ID do aplicativo relativo ao pacote com falha: OHub.exe5 Error: (08/30/2015 08:36:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: LogonUI.exe, versão: 10.0.10240.16384, carimbo de data/hora: 0x559f398c Nome do módulo com falha: Windows.UI.Logon.dll, versão: 10.0.10240.16431, carimbo de data/hora: 0x55c9bb28 Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000145466 ID do processo com falha: 0x3d8 Hora de início do aplicativo com falha: 0xLogonUI.exe0 Caminho do aplicativo com falha: LogonUI.exe1 Caminho do módulo com falha: LogonUI.exe2 ID do Relatório: LogonUI.exe3 Nome completo do pacote com falha: LogonUI.exe4 ID do aplicativo relativo ao pacote com falha: LogonUI.exe5 Error: (08/30/2015 07:42:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error: Acesso negado. . Error: (08/29/2015 04:17:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: OHub.exe, versão: 16.0.6121.2376, carimbo de data/hora: 0x55d7a527 Nome do módulo com falha: Mso30Imm.dll, versão: 16.0.6118.1000, carimbo de data/hora: 0x55d39fcf Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000012535 ID do processo com falha: 0x170c Hora de início do aplicativo com falha: 0xOHub.exe0 Caminho do aplicativo com falha: OHub.exe1 Caminho do módulo com falha: OHub.exe2 ID do Relatório: OHub.exe3 Nome completo do pacote com falha: OHub.exe4 ID do aplicativo relativo ao pacote com falha: OHub.exe5 Error: (08/28/2015 04:14:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ΛΙΟΝΤΆΡΙ-LEÃO) Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. System errors: ============= Error: (09/01/2015 12:48:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (08/31/2015 08:54:40 PM) (Source: DCOM) (EventID: 10010) (User: ΛΙΟΝΤΆΡΙ-LEÃO) Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca Error: (08/31/2015 08:54:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_Session2 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (08/31/2015 07:19:39 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 10. O estado de erro do Windows SChannel é 10. Error: (08/31/2015 07:19:34 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 10. O estado de erro do Windows SChannel é 10. Error: (08/31/2015 07:19:26 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 10. O estado de erro do Windows SChannel é 10. Error: (08/31/2015 07:19:23 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 10. O estado de erro do Windows SChannel é 10. Error: (08/31/2015 07:19:22 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 10. O estado de erro do Windows SChannel é 10. Error: (08/31/2015 07:19:22 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 10. O estado de erro do Windows SChannel é 10. Error: (08/31/2015 07:19:21 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 10. O estado de erro do Windows SChannel é 10. Microsoft Office: ========================= Error: (09/01/2015 10:37:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: OHub.exe16.0.6121.237655d7a527Mso30Imm.dll16.0.6118.100055d39fcfc000000500000000000125351af401d0e4bb5af1c22eC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\OHub.exeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\Mso30Imm.dlla4e95cda-45f4-4524-9ca5-05bb14e26369Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub Error: (08/31/2015 11:02:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: OHub.exe16.0.6121.237655d7a527Mso30Imm.dll16.0.6118.100055d39fcfc00000050000000000012535137c01d0e45a311382bcC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\OHub.exeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\Mso30Imm.dllb9425517-b2fa-4915-9ab8-48efe0d32927Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub Error: (08/31/2015 08:54:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ΛΙΟΝΤΆΡΙ-LEÃO) Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141 Error: (08/31/2015 02:57:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ΛΙΟΝΤΆΡΙ-LEÃO) Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141 Error: (08/31/2015 01:57:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: OHub.exe16.0.6121.237655d7a527Mso30Imm.dll16.0.6118.100055d39fcfc00000050000000000012535a5c01d0e40e0dbb6ee6C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\OHub.exeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\Mso30Imm.dll477b8343-364f-4a45-831a-4cf2f021578dMicrosoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub Error: (08/31/2015 10:22:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: OHub.exe16.0.6121.237655d7a527Mso30Imm.dll16.0.6118.100055d39fcfc0000005000000000001253599001d0e3f021af7896C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\OHub.exeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\Mso30Imm.dll59c67d6f-c177-4e8e-b45b-31a4afa64999Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub Error: (08/30/2015 08:36:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: LogonUI.exe10.0.10240.16384559f398cWindows.UI.Logon.dll10.0.10240.1643155c9bb28c000000500000000001454663d801d0e3733a0403ecC:\Windows\system32\LogonUI.exeC:\Windows\system32\Windows.UI.Logon.dll95cc48d1-d1c8-4fb1-8652-d79dbb55e6da Error: (08/30/2015 07:42:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error: Acesso negado. Error: (08/29/2015 04:17:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: OHub.exe16.0.6121.237655d7a527Mso30Imm.dll16.0.6118.100055d39fcfc00000050000000000012535170c01d0e28f5efe8a79C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\OHub.exeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\Mso30Imm.dll87300529-15e4-4cad-931b-53384d1f0716Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub Error: (08/28/2015 04:14:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ΛΙΟΝΤΆΡΙ-LEÃO) Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 52% Total physical RAM: 3980.36 MB Available physical RAM: 1885.16 MB Total Virtual: 5388.36 MB Available Virtual: 2888.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.27 GB) (Free:427.89 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4D5DE3F9) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================