Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015 Ran by jerson (administrator) on VIDA (25-09-2015 11:24:23) Running from C:\Users\jerson\Downloads Loaded Profiles: jerson (Available Profiles: jerson) Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Users\jerson\AppData\Local\Crsoft\crsvc.exe () C:\Users\jerson\AppData\Roaming\DNSHelper\DNSSVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (QNT) C:\Users\jerson\AppData\Roaming\NetService\netservice.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-31] (Waves Audio Ltd.) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Atheros Communications) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1896320 2015-08-19] (Banco do Brasil) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-24] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-24] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) Startup: C:\Users\jerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2015-08-27] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) GroupPolicy: Restriction - Chrome <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2F1D105C-50AE-411D-95B5-983C64BF88D6}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv3&uid=S32SJ5AF805400_ST1000LM024HN-M101MBB&tm=1442709775 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv3&uid=S32SJ5AF805400_ST1000LM024HN-M101MBB&tm=1442709775 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1119460738-191548075-3182123001-1001 -> {5E05225F-3794-4201-A4F4-7D7F38F7F63C} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-18] (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.) FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-18] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin HKU\S-1-5-21-1119460738-191548075-3182123001-1001: gastecnologia.com.br/sf/bb -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-01-13] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-1119460738-191548075-3182123001-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-01-13] (GAS Tecnologia) Chrome: ======= CHR Profile: C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11] CHR Extension: (Google Docs) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11] CHR Extension: (Google Drive) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-11] CHR Extension: (YouTube) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-11] CHR Extension: (Google Search) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-11] CHR Extension: (Planilhas do Google) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11] CHR Extension: (Documentos Google off-line) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-01] CHR Extension: (EasyCalendar) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-09-24] CHR Extension: (Protector Web – Confiável proteção contra phishing) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko [2015-09-24] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-11] CHR Extension: (Gmail) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11] CHR Profile: C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Apresentações) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-06] CHR Extension: (Google Docs) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-06] CHR Extension: (Google Drive) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-06] CHR Extension: (YouTube) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-06] CHR Extension: (Google Search) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-06] CHR Extension: (Planilhas do Google) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-06] CHR Extension: (Protector Web – Confiável proteção contra phishing) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko [2015-08-06] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-06] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06] CHR Extension: (Gmail) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-06] CHR HKU\S-1-5-21-1119460738-191548075-3182123001-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation) R2 Crashhd; C:\Users\jerson\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] () R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.) R2 DNSSVC; C:\Users\jerson\AppData\Roaming\DNSHelper\DNSSVC.exe [142792 2015-09-07] () R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-12] (GAS Tecnologia) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.) S2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed] R2 NetTcpHandler; C:\Users\jerson\AppData\Roaming\NetService\netservice.exe [211824 2015-03-20] (QNT) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia) S3 GENERICDRV; C:\Users\jerson\AppData\Roaming\PCDr\Downloads\amifldrv64.sys [15400 2015-07-03] () R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-15] (Synaptics Incorporated) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] U2 McMPFSvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-25 11:24 - 2015-09-25 11:25 - 00024938 _____ C:\Users\jerson\Downloads\FRST.txt 2015-09-25 11:23 - 2015-09-25 11:24 - 00000000 ____D C:\FRST 2015-09-25 11:22 - 2015-09-25 11:22 - 02192384 _____ (Farbar) C:\Users\jerson\Downloads\FRST64.exe 2015-09-25 11:22 - 2015-09-25 11:22 - 01695744 _____ (Farbar) C:\Users\jerson\Downloads\FRST.exe 2015-09-25 09:09 - 2015-09-25 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2015-09-24 20:42 - 2015-09-24 20:42 - 00000000 ___RD C:\Users\jerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-09-24 16:03 - 2015-09-24 16:03 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-09-24 15:56 - 2015-09-24 16:01 - 00000000 ____D C:\AdwCleaner 2015-09-24 15:55 - 2015-09-24 15:55 - 00001201 _____ C:\Users\jerson\Desktop\AdwCleaner.exe - Atalho.lnk 2015-09-24 15:52 - 2015-09-24 15:52 - 01662976 _____ C:\Users\jerson\Downloads\AdwCleaner.exe 2015-09-24 15:46 - 2015-09-24 15:46 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-09-24 14:37 - 2015-09-24 14:37 - 00000000 ____D C:\Users\jerson\AppData\Local\Crsoft 2015-09-24 14:35 - 2015-09-24 14:36 - 00000000 ____D C:\Windows\LastGood.Tmp 2015-09-24 14:22 - 2015-09-24 14:22 - 00000000 ____D C:\Users\jerson\Documents\patch-SND 2015-09-24 14:08 - 2015-09-24 14:08 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group 2015-09-24 14:07 - 2015-09-24 15:39 - 00000000 ____D C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP 2015-09-24 13:55 - 2015-09-24 19:32 - 00000000 ____D C:\Users\jerson\Documents\Add-in Express 2015-09-24 13:55 - 2015-09-24 14:06 - 00000000 ____D C:\Users\Todos os Usuários\WinZip 2015-09-24 13:55 - 2015-09-24 14:06 - 00000000 ____D C:\Users\jerson\AppData\Local\WinZip 2015-09-24 13:55 - 2015-09-24 14:06 - 00000000 ____D C:\ProgramData\WinZip 2015-09-24 13:55 - 2015-09-24 13:55 - 00002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk 2015-09-24 13:55 - 2015-09-24 13:55 - 00002307 _____ C:\Users\Public\Desktop\WinZip.lnk 2015-09-24 13:55 - 2015-09-24 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2015-09-24 13:55 - 2015-09-24 13:55 - 00000000 ____D C:\Program Files\WinZip 2015-09-24 13:53 - 2015-09-24 13:53 - 00714376 _____ (WinZip Computing, S.L.) C:\Users\jerson\Downloads\winzip19-pp.exe 2015-09-24 13:53 - 2015-09-24 13:53 - 00000000 ____D C:\Users\Todos os Usuários\UniqueId 2015-09-24 13:53 - 2015-09-24 13:53 - 00000000 ____D C:\ProgramData\UniqueId 2015-09-24 13:47 - 2015-09-24 13:47 - 57042590 _____ C:\Users\jerson\Downloads\SpyHunter.4.17.6.4336.baixedetudo.net.rar 2015-09-24 13:19 - 2015-09-24 13:22 - 00000000 ____D C:\Users\jerson\OneDrive 2015-09-24 13:12 - 2015-09-24 13:12 - 00611230 _____ C:\Users\jerson\Downloads\SpyHunter 4 Crack e Serial__15460_i1672692476_il1551093.rar 2015-09-19 21:43 - 2015-09-19 21:43 - 00000000 ____D C:\Users\jerson\AppData\Roaming\shortCutStore 2015-09-19 21:43 - 2015-09-19 21:43 - 00000000 _____ C:\autoexec.bat 2015-09-16 16:46 - 2015-09-16 16:47 - 02443776 _____ (Flash BOX) C:\Users\jerson\Downloads\Adobe_Flash_Player 2015.exe 2015-09-16 14:24 - 2015-09-16 14:24 - 02818560 _____ (Flash tolls) C:\Users\jerson\Downloads\Adobe Flash Player 2015 .exe 2015-09-16 14:24 - 2015-09-16 14:24 - 02818560 _____ (Flash tolls) C:\Users\jerson\Downloads\Adobe Flash Player 2015 (1).exe 2015-09-10 20:09 - 2015-09-10 20:09 - 00686858 _____ C:\Users\jerson\Downloads\Adobe_Flash_Player 2015_.exe 2015-09-08 21:06 - 2015-09-02 23:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-08 21:06 - 2015-09-02 23:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-08 21:06 - 2015-09-02 15:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-08 21:06 - 2015-09-02 14:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-08 21:06 - 2015-07-22 11:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-08 21:06 - 2015-07-22 10:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-08 21:06 - 2015-07-17 11:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-08 21:06 - 2015-07-17 11:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-08 21:06 - 2015-07-03 18:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-09-08 21:06 - 2015-07-03 11:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-09-08 21:06 - 2015-06-27 08:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-08 21:05 - 2015-07-13 16:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml 2015-09-08 21:05 - 2015-07-10 16:06 - 00118272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys 2015-09-08 21:05 - 2015-07-09 13:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-09-08 21:05 - 2015-06-19 14:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2015-09-08 20:54 - 2015-09-08 20:54 - 00000000 ____D C:\Users\jerson\AppData\Roaming\DNSHelper 2015-09-08 18:10 - 2015-08-26 23:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-08 18:10 - 2015-08-26 15:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-08 18:10 - 2015-08-26 15:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-08 18:10 - 2015-08-26 15:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-08 18:10 - 2015-08-26 15:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-08 18:10 - 2015-08-26 11:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-08 18:10 - 2015-08-26 11:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-08 18:10 - 2015-08-26 11:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-08 18:10 - 2015-08-26 11:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-09-08 18:10 - 2015-08-26 11:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-08 18:10 - 2015-08-26 11:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-08 18:10 - 2015-08-26 11:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-08 18:10 - 2015-08-22 15:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-08 18:10 - 2015-08-22 14:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-08 18:10 - 2015-08-22 14:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-08 18:10 - 2015-08-22 14:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-08 18:10 - 2015-08-22 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-08 18:10 - 2015-08-22 13:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-08 18:10 - 2015-08-22 13:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-08 18:10 - 2015-08-22 13:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-08 18:10 - 2015-08-22 13:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-08 18:10 - 2015-08-22 13:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-08 18:10 - 2015-07-30 14:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-08 18:10 - 2015-07-30 13:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-08 18:09 - 2015-09-01 23:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-08 18:09 - 2015-09-01 23:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-08 18:09 - 2015-09-01 23:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-08 18:09 - 2015-09-01 23:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-08 18:09 - 2015-09-01 23:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-08 18:09 - 2015-08-22 14:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-08 18:09 - 2015-08-22 14:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-08 18:09 - 2015-08-22 13:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-08 18:09 - 2015-08-22 13:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-09-08 18:09 - 2015-08-22 13:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-08 18:09 - 2015-08-22 13:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-09-08 18:09 - 2015-08-22 13:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-08 18:09 - 2015-08-22 13:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-08 18:09 - 2015-08-22 13:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-08 18:09 - 2015-08-22 13:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-08 18:09 - 2015-08-22 13:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-09-08 18:09 - 2015-08-22 13:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-09-08 18:09 - 2015-08-22 13:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-08 18:09 - 2015-08-22 13:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-08 18:09 - 2015-08-22 13:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-08 18:09 - 2015-08-22 13:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-08 18:09 - 2015-08-22 13:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-08 18:09 - 2015-08-22 12:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-08 18:09 - 2015-08-22 12:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-08 18:09 - 2015-08-03 18:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-08 18:09 - 2015-08-03 18:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-08 18:09 - 2015-08-01 11:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-08 18:09 - 2015-08-01 00:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe 2015-09-08 18:09 - 2015-08-01 00:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe 2015-09-08 18:09 - 2015-08-01 00:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-08 18:09 - 2015-08-01 00:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2015-09-08 18:09 - 2015-08-01 00:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe 2015-09-08 18:09 - 2015-07-22 11:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-08 18:09 - 2015-07-22 11:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2015-09-08 18:09 - 2015-07-22 11:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-08 18:09 - 2015-07-22 11:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2015-09-08 18:09 - 2015-07-18 15:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll 2015-09-08 18:09 - 2015-07-18 15:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll 2015-09-08 18:09 - 2015-07-18 15:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll 2015-09-08 18:09 - 2015-07-18 15:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll 2015-09-08 18:09 - 2015-07-14 00:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe 2015-09-01 17:18 - 2015-09-01 17:18 - 00529002 _____ C:\Users\jerson\Downloads\Apresentação AEEL_ Equacionamento do déficit de 2013_v25-08-2015.pptx 2015-09-01 00:04 - 2015-09-01 00:04 - 00000000 ____D C:\Users\jerson\AppData\Roaming\Sun 2015-09-01 00:04 - 2015-09-01 00:04 - 00000000 ____D C:\Users\jerson\.oracle_jre_usage 2015-08-31 22:29 - 2015-09-18 12:58 - 00000136 _____ C:\Windows\ODBC.INI 2015-08-27 10:20 - 2015-08-27 10:20 - 00000000 ____D C:\Users\jerson\Documents\Blocos de Anotações do OneNote 2015-08-26 09:38 - 2015-08-26 09:38 - 05604405 _____ C:\Users\jerson\Downloads\tratamento de dados_I.pptx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-25 11:21 - 2014-03-18 07:07 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-25 11:21 - 2014-03-18 06:29 - 00774900 _____ C:\Windows\system32\prfh0416.dat 2015-09-25 11:21 - 2014-03-18 06:29 - 00158494 _____ C:\Windows\system32\prfc0416.dat 2015-09-25 11:17 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\sru 2015-09-25 10:08 - 2014-09-10 01:59 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2015-09-25 10:08 - 2014-09-10 01:29 - 01658861 _____ C:\Windows\WindowsUpdate.log 2015-09-25 09:39 - 2015-06-11 18:06 - 00001086 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-25 09:12 - 2014-10-02 17:50 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1119460738-191548075-3182123001-1001 2015-09-25 09:10 - 2014-10-02 17:56 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{493CFB94-3AAD-4238-AD3C-6B8C2D7EE423} 2015-09-25 09:09 - 2015-06-11 18:06 - 00001082 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-24 19:55 - 2014-10-02 17:44 - 00000000 ____D C:\Users\jerson\AppData\Local\Packages 2015-09-24 16:03 - 2014-10-02 18:13 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2015-09-24 16:02 - 2013-08-22 11:46 - 00062916 _____ C:\Windows\setupact.log 2015-09-24 16:02 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-24 16:01 - 2014-10-02 17:44 - 00000000 ____D C:\Users\jerson 2015-09-24 16:01 - 2013-08-22 10:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2015-09-24 14:37 - 2015-04-26 22:24 - 00000000 ____D C:\Users\jerson\AppData\Roaming\RunDir 2015-09-24 14:36 - 2014-09-10 01:44 - 00000000 ____D C:\Program Files (x86)\Intel 2015-09-24 14:27 - 2014-03-18 02:55 - 00102360 _____ C:\Windows\PFRO.log 2015-09-24 13:28 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness 2015-09-24 13:26 - 2015-08-06 11:07 - 00085504 ___SH C:\Users\jerson\Downloads\Thumbs.db 2015-09-24 13:19 - 2015-04-15 21:04 - 00000000 ___RD C:\Users\jerson\OneDrive.old 2015-09-24 13:11 - 2014-10-07 14:36 - 00000000 ____D C:\Users\jerson\AppData\Local\CrashDumps 2015-09-23 14:17 - 2015-04-15 20:59 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-09-23 09:40 - 2015-06-11 18:09 - 00002367 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-09-23 08:49 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-09-22 00:30 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp 2015-09-19 21:54 - 2015-08-07 13:46 - 00001493 _____ C:\Users\jerson\Desktop\Pessoa 1 - Chrome.lnk 2015-09-19 19:06 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF 2015-09-17 21:34 - 2015-06-11 18:06 - 00004058 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-17 21:34 - 2015-06-11 18:06 - 00003822 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-16 12:29 - 2015-07-25 13:14 - 00037888 ___SH C:\Users\jerson\Desktop\Thumbs.db 2015-09-14 22:18 - 2015-07-17 10:57 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-09-14 22:18 - 2015-07-17 10:57 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-13 14:12 - 2014-10-02 20:34 - 00000000 ____D C:\Users\jerson\AppData\Local\Google 2015-09-12 07:45 - 2015-04-15 21:04 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1119460738-191548075-3182123001-1001 2015-09-11 14:00 - 2014-10-06 21:16 - 00000000 ____D C:\Windows\system32\MRT 2015-09-08 21:41 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache 2015-09-08 20:43 - 2013-08-22 11:44 - 00382968 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-08 20:40 - 2014-03-18 06:44 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-08 20:40 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-03 19:35 - 2014-09-10 01:57 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-09-01 00:05 - 2015-01-13 11:46 - 00000000 ____D C:\Users\Todos os Usuários\Oracle 2015-09-01 00:05 - 2015-01-13 11:46 - 00000000 ____D C:\ProgramData\Oracle 2015-09-01 00:04 - 2015-01-13 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-01 00:04 - 2015-01-13 11:46 - 00000000 ____D C:\Program Files (x86)\Java 2015-09-01 00:03 - 2015-01-13 11:46 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-08-30 18:31 - 2015-04-27 00:07 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol 2015-08-30 18:31 - 2015-04-27 00:07 - 00000286 __RSH C:\ProgramData\ntuser.pol 2015-08-30 18:20 - 2014-10-02 18:13 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2015-08-30 18:20 - 2014-10-02 18:13 - 00000000 ____D C:\ProgramData\GbPlugin 2015-08-26 18:37 - 2014-10-06 21:16 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2015-02-24 15:13 - 2015-02-24 15:13 - 0016730 _____ () C:\Users\jerson\AppData\Roaming\unins000.dat 2015-02-24 15:13 - 2015-02-24 15:13 - 0815826 _____ () C:\Users\jerson\AppData\Roaming\unins000.exe 2014-09-10 01:21 - 2014-09-10 01:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-09-10 01:43 - 2014-09-10 01:44 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2014-09-10 01:39 - 2014-09-10 01:40 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2014-09-10 01:40 - 2014-09-10 01:41 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2014-09-10 01:41 - 2014-09-10 01:43 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2014-09-10 01:39 - 2014-09-10 01:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP: ==================== C:\Users\jerson\AppData\Local\Temp\2503.exe C:\Users\jerson\AppData\Local\Temp\6074.exe C:\Users\jerson\AppData\Local\Temp\8FFD427E-F52C-37D3-608D-352F36983F31.dll C:\Users\jerson\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\jerson\AppData\Local\Temp\jre-8u51-windows-au.exe C:\Users\jerson\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\jerson\AppData\Local\Temp\jue1FD6.exe C:\Users\jerson\AppData\Local\Temp\jue345A.exe C:\Users\jerson\AppData\Local\Temp\jue8691.exe C:\Users\jerson\AppData\Local\Temp\jue87E9.exe C:\Users\jerson\AppData\Local\Temp\jueDEB5.exe C:\Users\jerson\AppData\Local\Temp\jueE7A8.exe C:\Users\jerson\AppData\Local\Temp\OfficeSetup.exe C:\Users\jerson\AppData\Local\Temp\setup32.exe C:\Users\jerson\AppData\Local\Temp\SetupHomeStudentRetail.x86.pt-BR_HomeStudentRetail_T6DVH-NMKV4-Q8DWF-HHGGP-27GKR_act_1_.exe C:\Users\jerson\AppData\Local\Temp\UninstallModule.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-15 04:51 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015 Ran by jerson (2015-09-25 11:26:01) Running from C:\Users\jerson\Downloads Windows 8.1 Single Language (X64) (2014-10-02 20:44:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1119460738-191548075-3182123001-500 - Administrator - Disabled) Convidado (S-1-5-21-1119460738-191548075-3182123001-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1119460738-191548075-3182123001-1003 - Limited - Enabled) jerson (S-1-5-21-1119460738-191548075-3182123001-1001 - Administrator - Enabled) => C:\Users\jerson ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Antivírus e antispyware da McAfee (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Antivírus e antispyware da McAfee (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Atualizações da NVIDIA 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.) Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.1 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}) (Version: 1.2.1004.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation) IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.0 - Receita Federal do Brasil) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.) Microsoft Office Home and Student 2013 - pt-br (HKLM\...\HomeStudentRetail - pt-br) (Version: 15.0.4753.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.0.2 - ) My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell) My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden NVIDIA Driver de gráficos 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden Painel de controle da NVIDIA 332.91 (Version: 332.91 - NVIDIA Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.) Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados) SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1119460738-191548075-3182123001-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1119460738-191548075-3182123001-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1119460738-191548075-3182123001-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () ==================== Restore Points ========================= 16-09-2015 20:46:18 Ponto de Verificação Agendado 22-09-2015 00:29:07 Windows Update 24-09-2015 14:07:56 Installed SpyHunter ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 10:25 - 2015-02-16 08:42 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {10793A99-7443-41EA-BACA-CCB4EF007EF7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation) Task: {11C62962-816E-4A02-8C4E-466787434FFA} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1119460738-191548075-3182123001-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {1509F537-C726-40D1-BFE8-2E6EA96295E9} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {1665A985-15F0-4414-86C2-8E300F2641B3} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-15] (Synaptics Incorporated) Task: {1914EAB0-634D-40FA-A5A3-F5EAF691FCCF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation) Task: {1CC72466-1AE1-4700-B4FA-17968D2A5642} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.) Task: {326C39F5-5C9F-4963-8033-D36239A55883} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc) Task: {4E8A9320-F98A-4E28-BEB5-57FB1E429257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.) Task: {575D4C04-42C2-4C04-AFE9-81CA7E5FD5C6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {6181AD3A-38AE-473F-8299-FF358E121820} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {7C325A8B-1E4E-4061-A312-D049D00FF4F9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.) Task: {9D59D850-01F3-47EA-888E-D3B06064FA4E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.) Task: {AA2614E1-BFE1-4DFC-89BD-88706DCD47CC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.) Task: {C5EAA7FE-ADAF-48CD-AF3E-FAC0A3A674C1} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc) Task: {D090188A-590C-40C5-896E-6E38ADFE2C74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {F806380B-085D-4E39-88D0-5B0F69893D9F} - System32\Tasks\{26D58E4B-C847-4162-A9C0-5D1737753DA1} => pcalua.exe -a C:\Users\jerson\AppData\Roaming\luckysearches\UninstallManager.exe -c -ptid=cmi Task: {FF895FEE-B03F-4DEA-949F-372139BE14D4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-04-15 20:59 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-09-24 14:37 - 2015-09-24 09:25 - 00185800 _____ () C:\Users\jerson\AppData\Local\Crsoft\crsvc.exe 2015-09-08 20:54 - 2015-09-07 08:06 - 00142792 _____ () C:\Users\jerson\AppData\Roaming\DNSHelper\DNSSVC.exe 2014-09-10 01:53 - 2014-03-24 09:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-09-10 01:44 - 2013-12-10 12:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-09-10 01:40 - 2013-03-05 00:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-02-26 14:07 - 2015-02-09 14:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2014-09-10 02:00 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-02-26 14:07 - 2014-02-18 16:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2015-09-23 09:40 - 2015-09-18 19:13 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libglesv2.dll 2015-09-23 09:40 - 2015-09-18 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libegl.dll 2015-05-18 14:27 - 2015-05-18 14:27 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-09-23 09:40 - 2015-09-18 19:13 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt AlternateDataStreams: C:\Windows\System32:E41D071A_Bb.gbp AlternateDataStreams: C:\Users\jerson\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\bb.com.br -> hxxps://seg.bb.com.br ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1119460738-191548075-3182123001-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img11.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "SmartWeb" HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk" HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{16A97211-4DA1-4167-B883-F7FE7B414A91}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe FirewallRules: [{7655EE73-CEC9-432A-AD87-E5C16AE569B1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{A979CBDB-FD98-4769-BC21-1A922B3E5FC7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{CA8453C1-B531-49DF-B5A5-8E2E4CE613BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{8DD95855-0056-4BB1-A071-8874A0B2883D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{2F82027F-C66D-4833-BDB2-4D7EDB81024B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{5909F9A8-A112-4454-B948-F96D3233BB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{56045E3C-3BFA-475C-B79B-0CF20E95BF06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{80709ABF-8931-4353-A2DB-4B4F36C7090B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{EA6292C1-8FCD-4EC1-B87B-99AEE5E56B7E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{7724A3D6-28F6-4920-8093-8208EC3FE9F4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{B1F95657-248C-4D6E-98D6-10CA5EB62E2C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{8AA947B7-6C4B-4D53-B1AB-5CE3EE60A0D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [TCP Query User{65C9985E-AE2F-4EF2-AAD0-A54E8E53F0B4}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{5545D00B-1620-4E53-872A-99CB309E9066}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [{F0FD1715-DF56-4CF6-A783-64CC9A89929D}] => (Allow) C:\Users\jerson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{6DCC3FC3-B9F0-491D-9BAB-3ABBB2AD806A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/25/2015 09:17:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: BtvStack.exe, versão: 8.0.1.314, carimbo de data/hora: 0x52cd12be Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c Código de exceção: 0xc0000142 Deslocamento da falha: 0x00000000000ec4e0 ID do processo com falha: 0xcc8 Hora de início do aplicativo com falha: 0xBtvStack.exe0 Caminho do aplicativo com falha: BtvStack.exe1 Caminho do módulo com falha: BtvStack.exe2 ID do Relatório: BtvStack.exe3 Nome completo do pacote com falha: BtvStack.exe4 ID do aplicativo relativo ao pacote com falha: BtvStack.exe5 Error: (09/25/2015 09:16:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: taskhost.exe, versão: 6.3.9600.17415, carimbo de data/hora: 0x545040f5 Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c Código de exceção: 0xc0000142 Deslocamento da falha: 0x00000000000ec4e0 ID do processo com falha: 0x13e4 Hora de início do aplicativo com falha: 0xtaskhost.exe0 Caminho do aplicativo com falha: taskhost.exe1 Caminho do módulo com falha: taskhost.exe2 ID do Relatório: taskhost.exe3 Nome completo do pacote com falha: taskhost.exe4 ID do aplicativo relativo ao pacote com falha: taskhost.exe5 Error: (09/24/2015 06:38:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (09/24/2015 05:01:59 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (09/24/2015 02:32:08 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: AUTORIDADE NT) Description: There was an error with the Windows Location Provider database Error: (09/24/2015 01:24:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: vida) Description: windows_ie_ac_0013 Error: (09/24/2015 01:24:04 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: vida) Description: oice_15_974fa576_32c1d314_30733 Error: (09/24/2015 01:23:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa OpenFiles.Windows.exe versão 1.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1290 Hora de Início: 01d0f6e549519ab4 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\62307pauljohn.RARFileOpener_1.0.0.0_neutral__7sv5v3m8wq0b2\OpenFiles.Windows.exe ID do Relatório: 929b4d0e-62d8-11e5-82ab-38b1db974814 Nome completo do pacote com falha: 62307pauljohn.RARFileOpener_1.0.0.0_neutral__7sv5v3m8wq0b2 ID do aplicativo relativo ao pacote com falha: App Error: (09/24/2015 01:23:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: vida) Description: O aplicativo 62307pauljohn.RARFileOpener_1.0.0.0_neutral__7sv5v3m8wq0b2+App não foi iniciado dentro do tempo alocado. Error: (09/24/2015 01:11:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: NvBackend.exe, versão: 11.10.11.1, carimbo de data/hora: 0x52ddc011 Nome do módulo com falha: nvspcap.dll_unloaded, versão: 11.10.11.1, carimbo de data/hora: 0x52dde0cc Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000c292 ID do processo com falha: 0x15c0 Hora de início do aplicativo com falha: 0xNvBackend.exe0 Caminho do aplicativo com falha: NvBackend.exe1 Caminho do módulo com falha: NvBackend.exe2 ID do Relatório: NvBackend.exe3 Nome completo do pacote com falha: NvBackend.exe4 ID do aplicativo relativo ao pacote com falha: NvBackend.exe5 System errors: ============= Error: (09/25/2015 09:10:42 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (09/24/2015 09:47:45 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (09/24/2015 08:06:02 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (09/24/2015 07:01:22 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (09/24/2015 04:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: %%2 Error: (09/24/2015 04:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: %%2 Error: (09/24/2015 04:03:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: %%2 Error: (09/24/2015 04:03:42 PM) (Source: DCOM) (EventID: 10016) (User: vida) Description: específico do aplicativoLocalIniciar{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}vidajersonS-1-5-21-1119460738-191548075-3182123001-1001LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (09/24/2015 04:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço My Dell Client Framework devido ao seguinte erro: %%1053 Error: (09/24/2015 04:03:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço My Dell Client Framework. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Percentage of memory in use: 29% Total physical RAM: 8095.82 MB Available physical RAM: 5704.54 MB Total Virtual: 9375.82 MB Available Virtual: 6573.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:921.33 GB) (Free:856.72 GB) NTFS Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32 Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.45 GB) NTFS Drive x: (PBR Image) (Fixed) (Total:8.79 GB) (Free:0.73 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: D8AD88CD) Partition: GPT. ==================== End of Addition.txt ============================