Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015 Ran by Gustavo (2015-09-20 16:21:30) Running from C:\Users\Gustavo\Downloads Windows 10 Home (X64) (2015-09-14 18:11:29) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-3336594925-1444484530-2665733283-500 - Administrator - Disabled) Convidado (S-1-5-21-3336594925-1444484530-2665733283-501 - Limited - Disabled) DefaultAccount (S-1-5-21-3336594925-1444484530-2665733283-503 - Limited - Disabled) Gustavo (S-1-5-21-3336594925-1444484530-2665733283-1001 - Administrator - Enabled) => C:\Users\Gustavo HomeGroupUser$ (S-1-5-21-3336594925-1444484530-2665733283-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\uTorrent) (Version: 3.4.3.39944 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft) Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.2 - Broadcom Corporation) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.65.1074 - AB Team, d.o.o.) CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd) Dropbox (HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.) ELAN Touchpad 11.15.0.16_X64 (HKLM\...\Elantech) (Version: 11.15.0.16 - ELAN Microelectronic Corp.) Enterprise (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 4.77 - NCH Software) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FINAL FANTASY IV (HKLM-x32\...\Steam App 312750) (Version: - Square Enix) Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.18.4 - Androxyde) Free YouTube Downloader Converter (HKLM-x32\...\Free YouTube Downloader Converter) (Version: - Eusing Software) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation) GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.9.0.1 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.) Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.) Google SketchUp 8 (HKLM-x32\...\{6B5F92BB-4272-4A69-B39B-EED000BC6192}) (Version: 3.0.14372 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HP Officejet 4500 G510a-f Series Corporate Edition 14.0 (HKLM\...\{B584612D-3743-495A-AB28-98C44C1E2648}) (Version: 14.0 - HP) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel XDK (HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\ARP_for_prd_xdk_0.0.2323) (Version: 0.0.2323 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) InteliMap 4.0.0 (HKLM-x32\...\InteliMap) (Version: - X25 Informática) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) K-Lite Codec Pack 9.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - ) Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation) Mouse Recorder Pro 2.0.7.5 (HKLM-x32\...\{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1) (Version: - Nemex Studios) Mozilla Firefox 40.0.3 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 pt-BR)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.65 - Trusteer) Rapport (x32 Version: 3.5.1507.65 - Trusteer) Hidden Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.) Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Snappersoft USB Healer 1.4 (HKLM-x32\...\{1C9F3B97-4669-45D8-A24C-B4EF918688EC}_is1) (Version: 1.4 - Snappersoft (Pty) LTD) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.10.201507101148 - Sony Mobile Communications Inc.) Sony PC Companion 2.10.281 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.281 - Sony) Spotify (HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\Spotify) (Version: 1.0.11.134.ga37df67b - Spotify AB) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VDownloader 4.0.1201 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited) WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami) Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.8.20150402 - Xilisoft) ZHPFix 2014 (HKLM-x32\...\ZHPFix_is1) (Version: 2014 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.) ==================== Restore Points ========================= 14-09-2015 17:20:36 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 08:04 - 2015-07-10 08:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {096329C3-8FCC-462B-AE9E-C3E28DCC8599} - \SPBIW_UpdateTask_Time_323239353039313235392d2323782a32455b4134572d32 -> No File <==== ATTENTION Task: {0B404A56-E6BC-40A8-ADEE-48C9B80226B8} - System32\Tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} => C:\Program Files (x86)\WeatherTool\1.2.3.9736\InstallHelper.exe Task: {11C9082C-31DD-45C6-AB80-B449158AD489} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {20F25DEF-EC4B-419D-9161-701576149825} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {25EE23AB-7197-455F-99B6-A11C06BBF7E9} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Gustavo\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-15] () Task: {27A2513A-83E9-4C8F-9609-751CFA30367F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {2A1A5415-E3A5-4EA1-89B5-3F7A0CE96AAF} - System32\Tasks\{51A60A61-9F08-4C3D-8CA4-2E3B37B9412E} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/pt/abandoninstall?source=lightinstaller&page=tsInstall Task: {2EA9ACD5-2593-4476-A8D9-0DFE8FDEBBB1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {35092354-56E8-45D1-A81B-BA20844092CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {43C227A6-1AC9-4827-8529-3067BEA6C4E6} - System32\Tasks\PFExe => C:\Users\Gustavo\AppData\Local\PriceFountain\pricefountain.exe Task: {570F7459-0A72-49B6-9983-DF960F3BC3E8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA => C:\Users\Gustavo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-06] (Dropbox, Inc.) Task: {5D1968F0-AE08-4D25-9F1E-D7956B59C9BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated) Task: {76D8CB39-519D-4177-ABE0-70C5AD2D93B2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core => C:\Users\Gustavo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-06] (Dropbox, Inc.) Task: {89B20000-CD55-4C1C-848B-0692A21B17D8} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation) Task: {8DAD4F05-9638-425C-801F-D9E8AA215080} - \060184C3-9766-46a0-B258-F4518A0B2633 -> No File <==== ATTENTION Task: {8EA850D7-9A11-44C5-9CD0-E87BD0F4F73C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation) Task: {8FE066B4-1DD9-4557-8DCC-A3EF31AEBF81} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {9DBE27FD-F588-4BDD-98AB-77119A64C618} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {9FD770B6-2684-46BA-A1E2-917477CB37EE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {B10C4AF6-646B-4A78-B215-E56C254659AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C2FFC3A1-F524-41DB-8A9D-9E0364D19BD1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {C9655D9F-A21D-4D17-B723-E7130C25D3F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {D7A5FE58-938C-4889-B4FB-7A510F582A0E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {E16C854B-765F-4306-9BB4-37696A3C5C64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {ECB6E91C-5430-4D9C-8918-567049435D57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F0ECE623-5A84-4618-89ED-03804975EB68} - \Driver Booster SkipUAC (Gustavo) -> No File <==== ATTENTION Task: {F1A36DBD-CBCC-45C9-BAB1-959851957E0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core.job => C:\Users\Gustavo\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA.job => C:\Users\Gustavo\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Gustavo\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exeš-RunCheckUpdate C:\Users\Gustavo\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe Task: C:\WINDOWS\Tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job => C:\Program Files (x86)\WeatherTool\1.2.3.9736\InstallHelper.exen-RunCloudOPTClient C:\Program Files (x86)\WeatherTool\1.2.3.9736\CloudOPTClient\CloudOPTClient.exe ==================== Loaded Modules (Whitelisted) ============== 2015-09-14 13:45 - 2015-09-14 13:45 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-09-14 13:45 - 2015-09-14 13:45 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-09-14 13:45 - 2015-09-14 13:45 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-09-14 13:45 - 2015-09-14 13:45 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2014-05-12 06:49 - 2014-05-12 06:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2015-07-10 07:59 - 2015-07-10 07:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 07:59 - 2015-07-10 07:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2015-09-14 13:45 - 2015-09-14 13:45 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2015-09-14 13:45 - 2015-09-14 13:45 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 08:00 - 2015-07-10 13:48 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-09-14 13:45 - 2015-09-14 13:45 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-09-14 13:45 - 2015-09-14 13:45 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 08:00 - 2015-07-10 13:48 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-07-30 16:06 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe 2015-09-14 16:07 - 2015-09-14 16:08 - 08241152 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.9.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2015-09-14 16:07 - 2015-09-14 16:08 - 02238976 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.9.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2015-09-14 15:31 - 2015-09-14 15:43 - 07246336 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\candycrushsaga.exe 2015-07-21 17:02 - 2015-07-21 17:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2015-09-14 15:17 - 2015-09-14 15:17 - 00098816 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32api.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00110080 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pywintypes27.dll 2015-09-14 15:17 - 2015-09-14 15:17 - 00364544 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pythoncom27.dll 2015-09-14 15:17 - 2015-09-14 15:17 - 00045568 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_socket.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 01161216 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ssl.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00320512 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32com.shell.shell.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00713216 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_hashlib.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 01176576 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._core_.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00806400 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._gdi_.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00816128 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._windows_.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 01067008 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._controls_.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00733184 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._misc_.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00682496 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pysqlite2._sqlite.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00087552 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_ctypes.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00119808 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32file.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00108544 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32security.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00007168 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\hashobjs_ext.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00068096 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\usb_ext.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00167936 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32gui.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00018432 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32event.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00128512 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_elementtree.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00127488 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\pyexpat.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00013824 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\common.time34.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00036864 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_psutil_windows.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00038912 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32inet.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00011264 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32crypt.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00077312 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._html2.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00027136 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_multiprocessing.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00020480 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\_yappi.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00035840 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32process.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00686080 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\unicodedata.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00123392 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._wizard.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00024064 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pipe.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00010240 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\select.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00025600 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32pdh.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00525640 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\windows._lib_cacheinvalidation.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00017408 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32profile.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00022528 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\win32ts.pyd 2015-09-14 15:17 - 2015-09-14 15:17 - 00078848 _____ () C:\Users\Gustavo\AppData\Local\Temp\_MEI38162\wx._animate.pyd 2015-07-30 16:06 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll 2015-07-30 16:06 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll 2015-07-30 16:06 - 2015-06-30 16:21 - 00915968 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\deviceupdate_dll.dll 2015-07-30 16:06 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll 2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll 2015-03-23 19:19 - 2015-03-23 19:19 - 02620416 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll 2015-07-30 16:06 - 2015-04-21 13:22 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll 2015-07-15 10:45 - 2015-07-15 10:45 - 00802304 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll 2015-09-14 15:18 - 2015-09-14 15:18 - 00071168 _____ () c:\users\gustavo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbp2kmc.dll 2015-03-04 18:45 - 2015-08-05 02:26 - 00012800 _____ () C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll 2015-03-04 18:45 - 2015-08-05 02:26 - 00779776 _____ () C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 13:21 - 2015-08-05 02:26 - 00056320 _____ () C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-03-04 18:45 - 2015-08-05 02:26 - 00012288 _____ () C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll 2015-09-14 15:35 - 2015-09-14 15:47 - 01288192 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\SB_LIBEAY32.dll 2015-09-14 15:31 - 2015-09-14 15:43 - 00080384 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\libEGL.dll 2015-09-14 15:31 - 2015-09-14 15:43 - 02076672 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\libGLESv2.dll 2015-09-14 15:31 - 2015-09-14 15:43 - 00257536 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\curl.dll 2015-09-14 15:35 - 2015-09-14 15:47 - 00293888 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\SB_SSLEAY32.dll 2015-09-14 15:36 - 2015-09-14 15:47 - 00066560 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\zlib.dll 2015-09-03 20:20 - 2015-08-27 21:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll 2015-09-03 20:20 - 2015-08-27 21:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll 2015-09-20 16:21 - 2015-09-20 16:21 - 01072720 _____ () C:\Program Files (x86)\Google\Update\Install\{FD4C8731-9C8E-4AB0-A62E-CCEC7EFA5530}\45.0.2454.93_45.0.2454.85_chrome_updater.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\ProgramData\Temp:5C321E34 AlternateDataStreams: C:\Users\Gustavo\OneDrive:ms-properties AlternateDataStreams: C:\Users\Todos os Usuários\Reprise:wupeogjxldtlfudivq`qsp`26hfm AlternateDataStreams: C:\Users\Todos os Usuários\Temp:56E2E879 AlternateDataStreams: C:\Users\Todos os Usuários\Temp:5C321E34 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\bb.com.br -> hxxps://seg.bb.com.br IE trusted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\caixa.gov.br -> imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\...\100sexlinks.com -> 100sexlinks.com There are 5317 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3336594925-1444484530-2665733283-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gustavo\Pictures\imrs.php.png DNS Servers: 189.6.0.72 - 189.6.0.71 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{98A2CC75-A5D6-4BE8-BD3D-8FC4578FFB2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [UDP Query User{EC22B04B-6854-421D-8D06-B471C6D28555}C:\users\gustavo\appdata\local\intel\xdk\bin\node.exe] => (Allow) C:\users\gustavo\appdata\local\intel\xdk\bin\node.exe FirewallRules: [TCP Query User{B19AAB71-A615-4402-8529-5FD5550717E0}C:\users\gustavo\appdata\local\intel\xdk\bin\node.exe] => (Allow) C:\users\gustavo\appdata\local\intel\xdk\bin\node.exe FirewallRules: [{F872495D-C92D-4642-8774-44B8198ABB26}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{73A028B8-1E2F-4B97-95BF-EA01855E50D8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{D3B762FF-9899-4403-A268-240C6D7CC926}] => (Allow) C:\Users\Gustavo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{64ECE9A7-C2CF-4965-9FD9-ECF1EEB6B310}] => (Allow) C:\Users\Gustavo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EAC8FE4C-357C-4348-9AAB-1243969B0CFA}] => (Allow) C:\Users\Gustavo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{852AF874-DDCC-4F5A-B23F-CB65A7F1CB42}] => (Allow) C:\Users\Gustavo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EFE40654-626D-4114-AFF1-603D1E37A5CB}] => (Allow) C:\Users\Gustavo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{121AAFAB-42D8-40A4-8C90-9E00B5D76819}] => (Allow) C:\Users\Gustavo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [UDP Query User{7C9D7FAE-B92B-4AC4-A6A1-67C257B7D824}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{61F1E914-F831-4323-8068-73D18431F47D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{7FB1C85F-5042-4AE4-87FD-05FF49F9911A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{B392C163-FE1A-47C3-8AC2-DE5B0A92111A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{7ABDCB87-F9D9-4375-B8A9-909EB1B3F9A6}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{F82AEBB1-E55A-4CE0-8560-B3957E8740BB}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{1A845DF2-43E0-46EA-9FE9-1C3348207BE7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{BE94DC34-92BB-474D-B924-F75D4C52CF89}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{378D54BC-B519-4F22-9E03-0B05A18E30F3}C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe FirewallRules: [TCP Query User{15CDFA9D-539C-4456-89BC-B79E0470407B}C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\irpf2015.exe FirewallRules: [{477E86AA-503A-49ED-9F96-DC6866898F18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy IV\FF4_Launcher.exe FirewallRules: [{E5E80F83-0AE7-466E-A584-E03A644F613E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Final Fantasy IV\FF4_Launcher.exe FirewallRules: [{F18CF9A0-251E-4EF2-8439-FA4D2E880B6E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F5C5E075-BC68-4A27-AE16-CC2EFE582204}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9C13F800-3AE4-479D-90C3-A2FA14B1ED8D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8D24A0CE-1D7D-4F39-96C5-C6C3CD8294DA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{8566DF49-8707-4593-A970-19AAAD4A98DD}C:\users\gustavo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gustavo\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{A5877312-C262-46DB-BEB4-5438521AB513}C:\users\gustavo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gustavo\appdata\roaming\spotify\spotify.exe FirewallRules: [{C0758CEB-F0AA-45B1-9050-BB2D60A84C32}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{FFDACC35-1793-44F2-B92B-ED179720D4D2}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe FirewallRules: [{BC6710CF-4E30-4802-B548-C6309C688757}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{01A52113-CEB2-43F1-A63E-20BA90D4EBD8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{04DC420F-DCF6-4CDD-9992-B2AE5BF024FD}C:\users\gustavo\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gustavo\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{2DDBC506-CBC5-4776-90E4-3C89AF01E4B3}C:\users\gustavo\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gustavo\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{14BA364B-A2B6-4119-A93C-B67B42C9B6A3}] => (Allow) C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{1DB0FC07-0893-473E-A333-78C62C831909}] => (Allow) C:\Users\Gustavo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [UDP Query User{44EC1D87-E0DB-48C5-9076-72CBCEF86DCF}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{2A1B4BB7-854B-4B96-9D46-EF39AFF2C7C8}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{3EACA959-7DAF-4EE8-AFCB-68B9D5050AB3}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{7D66E69F-6F67-4ECE-82B1-1C4286F18CA7}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{55B3A377-76F8-460A-83C6-BFA3AFFAE83D}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [UDP Query User{7F07AB8B-078C-44B5-BBCE-917F8CF6CF69}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe FirewallRules: [TCP Query User{CD88FD86-A27D-4E8B-85FC-3812FDF918EF}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [UDP Query User{3253BC27-16C2-4D2A-B7A9-85C34639CA7D}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [{D29D457F-B3FB-431D-8FDD-4D1B51CE36E5}] => (Allow) C:\Users\Gustavo\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/14/2015 05:20:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error: Acesso negado. . Error: (09/14/2015 03:24:33 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa WinStore.Mobile.exe versão 2015.7.1.1 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: dc Hora de Início: 01d0ef1a88e738a3 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe ID do Relatório: d1728a32-5b0d-11e5-9bc2-74e543df0fd3 Nome completo do pacote com falha: Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: App Error: (09/14/2015 03:24:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GUSTAVO-NOTE2) Description: Falha na ativação do aplicativo Microsoft.WindowsStore_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/14/2015 03:24:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: GUSTAVO-NOTE2) Description: O aplicativo Microsoft.WindowsStore_2015.7.1.0_x64__8wekyb3d8bbwe+App não foi iniciado dentro do tempo alocado. Error: (09/14/2015 02:27:55 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x80070422, O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. . Operação: Instanciando servidor VSS Error: (09/14/2015 02:27:55 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e nome IVssCoordinatorEx2. [0x80070422, O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. ] Operação: Instanciando servidor VSS System errors: ============= Error: (09/14/2015 03:16:19 PM) (Source: DCOM) (EventID: 10016) (User: GUSTAVO-NOTE2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}gustavo-note2GustavoS-1-5-21-3336594925-1444484530-2665733283-1001LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (09/14/2015 03:16:19 PM) (Source: DCOM) (EventID: 10016) (User: GUSTAVO-NOTE2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}gustavo-note2GustavoS-1-5-21-3336594925-1444484530-2665733283-1001LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (09/14/2015 03:16:19 PM) (Source: DCOM) (EventID: 10016) (User: GUSTAVO-NOTE2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}gustavo-note2GustavoS-1-5-21-3336594925-1444484530-2665733283-1001LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (09/14/2015 03:16:19 PM) (Source: DCOM) (EventID: 10016) (User: GUSTAVO-NOTE2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}gustavo-note2GustavoS-1-5-21-3336594925-1444484530-2665733283-1001LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (09/14/2015 03:16:19 PM) (Source: DCOM) (EventID: 10016) (User: GUSTAVO-NOTE2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}gustavo-note2GustavoS-1-5-21-3336594925-1444484530-2665733283-1001LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (09/14/2015 03:16:19 PM) (Source: DCOM) (EventID: 10016) (User: GUSTAVO-NOTE2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}gustavo-note2GustavoS-1-5-21-3336594925-1444484530-2665733283-1001LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (09/14/2015 03:16:17 PM) (Source: DCOM) (EventID: 10016) (User: GUSTAVO-NOTE2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}gustavo-note2GustavoS-1-5-21-3336594925-1444484530-2665733283-1001LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (09/14/2015 03:16:16 PM) (Source: DCOM) (EventID: 10016) (User: GUSTAVO-NOTE2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}gustavo-note2GustavoS-1-5-21-3336594925-1444484530-2665733283-1001LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (09/14/2015 03:16:16 PM) (Source: DCOM) (EventID: 10016) (User: GUSTAVO-NOTE2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}gustavo-note2GustavoS-1-5-21-3336594925-1444484530-2665733283-1001LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (09/14/2015 03:16:16 PM) (Source: DCOM) (EventID: 10016) (User: GUSTAVO-NOTE2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}gustavo-note2GustavoS-1-5-21-3336594925-1444484530-2665733283-1001LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 CodeIntegrity: =================================== Date: 2015-09-14 18:56:36.747 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-14 18:56:35.826 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-14 18:56:33.548 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-14 18:56:33.282 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-14 18:56:33.114 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-14 18:56:27.345 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-14 18:56:21.679 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-14 18:56:21.553 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-14 18:56:21.365 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-14 18:56:21.223 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU B830 @ 1.80GHz Percentage of memory in use: 62% Total physical RAM: 3909.28 MB Available physical RAM: 1469.26 MB Total Virtual: 5317.28 MB Available Virtual: 2305.72 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:296.7 GB) (Free:146.98 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: C98F7C0D) Partition: GPT. ==================== End of Addition.txt ============================