cybercarsten | 12.09.2015 15:36 | Windows 8 / Firefox russische Po-ups behindern normales Surfen Hallo liebes Trojaner-Board Team,
der Windows 8 Laptop meiner Frau hat ein uebles (sorry, brasilianische Tastatur) Adware-Problem. Im Sekundenabstand erscheinen Pop-ups oder neue Fenster, meist von russischen Absendern. Alle Versuche mit Pop-up-Blockern, Ad-Blockern und Malwarebytes haben nicht wirklich geholfen. Ich habe die ueblichen Scans durchgefuehrt und poste sie hier:
Malwarebytes von heute: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/09/2015
Scan Time: 10:03
Logfile: MWB20150912.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.09.12.02
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Monica
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356644
Time Elapsed: 23 min, 26 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 7
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-1, Delete-on-Reboot, [fa08121dfc8fe0565d3894f8d92bbb45],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-11, Delete-on-Reboot, [ae543ff07912de581085b4d808fc0000],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-2, Delete-on-Reboot, [f012e9464d3ee5512372b8d4c143af51],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-3, Delete-on-Reboot, [eb170926cebd10262e672c603fc5768a],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-4, Delete-on-Reboot, [c73be946f99276c0049159338f755fa1],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5, Delete-on-Reboot, [14eebd722e5dee48f69f810b6b99b44c],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5_user, Delete-on-Reboot, [2ed468c7acdff244a4f1a6e6b74df40c],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 4
PUP.Optional.InstallCore, C:\Users\Monica\AppData\Local\Temp\nsn2AEB.tmp, Quarantined, [56acb37c8ffc43f30ff75666a25f31cf],
PUP.Optional.InstallCore, C:\Users\Monica\AppData\Local\Temp\ICReinstall_nsn2AEB.tmp, Quarantined, [7d85b6790e7d1f1744c2e7d58978a25e],
PUP.Optional.APNToolBar, C:\Windows\Temp\7zSEB0D.tmp\Offercast346_AVG_.exe, Quarantined, [13efc768b1da6fc71d9efabe34cd847c],
PUP.Optional.APNToolBar, C:\Windows\Temp\oc_F108\OCDLL.dll, Quarantined, [e81ae748b1dae84e16a52d8b9e63b749],
Physical Sectors: 0
(No malicious items detected)
(end) McAfee logfile: Code:
7/5/2014 5:19:13 PM "C:\Users\Monica\AppData\Local\Temp\A298tmp\jfilemanagersetup.exe" "Artemis!C27E418EE71E" "2"
7/5/2014 5:19:21 PM "C:\Users\Monica\AppData\Local\Microsoft\Windows\INetCache\IE\BERXUL82\JFileManagerSetup[1].exe" "Artemis!C27E418EE71E" "2"
7/5/2014 5:58:12 PM "C:\Users\Monica\AppData\Local\Temp\is-S0HIC.tmp\dm.exe" "Artemis!775CCF751159" "3"
7/12/2014 7:30:09 AM "C:\Program Files (x86)\v01BlockAndSurf\v01BlockAndSurfdY174.exe" "Artemis!55BCF45239D2" "3"
7/12/2014 7:30:11 AM "C:\Program Files (x86)\v01BlockAndSurf\wdBlockAndSurfR.exe" "Artemis!D72CA74E70B9" "3"
7/12/2014 7:32:04 AM "C:\Program Files (x86)\v01BlockAndSurf\v01BlockAndSurfdY174.exe" "Artemis!55BCF45239D2" "3"
7/12/2014 7:32:04 AM "C:\Program Files (x86)\v01BlockAndSurf\wdBlockAndSurfR.exe" "Artemis!D72CA74E70B9" "3"
8/13/2015 9:55:33 AM "E:\1818.lnk" "JS/Downloader!lnk" "1"
8/13/2015 9:55:34 AM "E:\autorun.inf.lnk" "JS/Downloader!lnk" "1"
8/13/2015 9:55:34 AM "E:\Prozesse.lnk" "JS/Downloader!lnk" "1"
GMER von heute: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-12 09:55:29
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002b WDC_WD5000LPVX-22V0TT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Monica\AppData\Local\Temp\pwldypod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001bf300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960001bf310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [664:688] fffff960008912d0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5204:5220] 00007ffa89975aa0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5204:3432] 00007ffa8a0812c0
---- Processes - GMER 2.1 ----
Library c:\users\monica\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsn1f48.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580](2015-09-12 12:20:10) 0000000002f20000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000006fe10000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 00000000057e0000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000006f9f0000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006f560000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580](2015-03-04 21:45:30) 00000000734f0000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006c190000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006b010000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006adf0000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006ab50000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006ab20000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580](2015-03-04 21:45:30) 0000000073950000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000006a760000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006a720000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006a650000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580](2015-03-04 21:45:30) 0000000073960000
Library C:\Users\Monica\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe [4580](2015-03-04 21:45:30) 0000000073350000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- FRST von heute: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Monica (administrator) on MONICA (12-09-2015 09:30:39)
Running from C:\Users\Monica\Downloads
Loaded Profiles: Monica (Available Profiles: Monica)
Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dropbox, Inc.) C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\ARA.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2015-07-27] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3792598364-1687661706-653696805-1001\...\Run: [Dropbox Update] => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [1769312 2015-07-27] ()
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52812;https=127.0.0.1:52812
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{7B40D5F3-8CB1-4B0F-AF03-7785EE67636D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BCA91B0F-7C70-41BA-A4FA-BAB10466C94F}: [DhcpNameServer] 89.248.166.149 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3792598364-1687661706-653696805-1001 -> DefaultScope {9398AD76-4E30-43A2-99DD-236C1B42E630} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20140722&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3792598364-1687661706-653696805-1001 -> {9398AD76-4E30-43A2-99DD-236C1B42E630} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20140722&p={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-07] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-07-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-07-21] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default
FF Homepage: hxxp://www.google.com.br/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-07-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-07-21] ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-05-01] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Extension: Block site - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-06-07]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-05-17]
FF Extension: Strict Pop-up Blocker - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2015-09-03]
FF Extension: Video DownloadHelper - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-15]
FF Extension: Adblock Plus - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\p4fqrnbh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-11-01]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-25]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2858336 2015-07-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-16] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-02] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-07-21] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-07-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-05-01] (Nitro PDF Software)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-11-12] (The OpenVPN Project)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-07-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-12 09:30 - 2015-09-12 09:31 - 00021485 _____ C:\Users\Monica\Downloads\FRST.txt
2015-09-12 09:29 - 2015-09-12 09:30 - 00000000 ____D C:\FRST
2015-09-12 09:29 - 2015-09-12 09:29 - 02190848 _____ (Farbar) C:\Users\Monica\Downloads\FRST64.exe
2015-09-11 07:46 - 2015-09-02 23:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-11 07:46 - 2015-09-02 23:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-11 07:46 - 2015-09-02 15:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-11 07:46 - 2015-09-02 14:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-11 07:46 - 2015-07-22 11:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-11 07:46 - 2015-07-22 10:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-11 07:46 - 2015-07-17 11:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-11 07:46 - 2015-07-17 11:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-11 07:46 - 2015-07-09 13:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-11 07:46 - 2015-07-03 18:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-11 07:46 - 2015-07-03 11:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-11 07:46 - 2015-06-27 08:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-11 07:46 - 2015-06-19 14:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-11 07:45 - 2015-07-13 16:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-11 07:45 - 2015-07-10 16:06 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-10 21:49 - 2015-09-10 21:49 - 00330240 _____ C:\Users\Monica\Downloads\TP4 present simple.ppt
2015-09-09 07:38 - 2015-08-26 23:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 07:38 - 2015-08-26 15:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 07:38 - 2015-08-26 15:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 07:38 - 2015-08-26 11:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 07:38 - 2015-08-26 11:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 07:38 - 2015-08-26 11:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 07:38 - 2015-08-26 11:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 07:38 - 2015-08-26 11:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 07:37 - 2015-07-30 14:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 07:37 - 2015-07-30 13:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 07:36 - 2015-08-22 15:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 07:36 - 2015-08-22 14:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 07:36 - 2015-08-22 14:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 07:36 - 2015-08-22 14:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 07:36 - 2015-08-22 14:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 07:36 - 2015-08-22 14:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 07:36 - 2015-08-22 13:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 07:36 - 2015-08-22 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 07:36 - 2015-08-22 13:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-09 07:36 - 2015-08-22 13:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 07:36 - 2015-08-22 13:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 07:36 - 2015-08-22 13:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 07:36 - 2015-08-22 13:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 07:36 - 2015-08-22 13:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 07:36 - 2015-08-22 13:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 07:36 - 2015-08-22 13:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 07:36 - 2015-08-22 13:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-09 07:36 - 2015-08-22 13:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 07:36 - 2015-08-22 13:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-09 07:36 - 2015-08-22 13:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 07:36 - 2015-08-22 13:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 07:36 - 2015-08-22 13:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 07:36 - 2015-08-22 13:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 07:36 - 2015-08-22 13:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 07:36 - 2015-08-22 13:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 07:36 - 2015-08-22 12:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 07:36 - 2015-08-22 12:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 07:36 - 2015-07-22 11:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 07:36 - 2015-07-22 11:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 07:36 - 2015-07-22 11:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 07:36 - 2015-07-22 11:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 07:36 - 2015-07-18 15:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-09 07:36 - 2015-07-18 15:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-09 07:36 - 2015-07-18 15:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-09 07:36 - 2015-07-18 15:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-09 07:35 - 2015-09-01 23:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 07:35 - 2015-09-01 23:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 07:35 - 2015-09-01 23:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 07:35 - 2015-09-01 23:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 07:35 - 2015-09-01 23:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 07:35 - 2015-08-03 18:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 07:35 - 2015-08-03 18:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 07:35 - 2015-08-01 11:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 07:35 - 2015-08-01 00:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-09 07:35 - 2015-08-01 00:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-09 07:35 - 2015-08-01 00:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 07:35 - 2015-08-01 00:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-09 07:35 - 2015-08-01 00:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-09 07:35 - 2015-07-14 00:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-08-27 19:18 - 2015-08-27 19:18 - 01734144 _____ C:\Users\Monica\Downloads\lesson3.ppt
2015-08-27 16:31 - 2015-09-12 09:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-20 20:42 - 2015-08-20 20:44 - 27555912 _____ C:\Users\Monica\Downloads\Luxury Lifestyle.avi
2015-08-19 04:52 - 2015-08-19 04:52 - 00003334 _____ C:\Windows\System32\Tasks\AcerCloud
2015-08-19 04:52 - 2015-08-19 04:52 - 00002028 _____ C:\Users\Public\Desktop\Acer Portal.lnk
2015-08-13 22:50 - 2015-08-13 22:50 - 01279488 _____ C:\Users\Monica\Downloads\Quiz pronouns possessive.xls
2015-08-13 22:50 - 2015-08-13 22:50 - 00389632 _____ C:\Users\Monica\Downloads\regrets.pps
2015-08-13 22:49 - 2015-08-13 22:49 - 02560000 _____ C:\Users\Monica\Downloads\L1 pronouns.ppt
2015-08-13 22:49 - 2015-08-13 22:49 - 02560000 _____ C:\Users\Monica\Downloads\L1 pronouns.pps
2015-08-13 12:14 - 2015-07-30 11:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 12:14 - 2015-07-30 10:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 10:02 - 2015-08-13 10:04 - 00000000 ____D C:\backup SONY 4GB
2015-08-13 09:24 - 2015-06-11 17:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-13 09:24 - 2015-06-11 17:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-13 09:23 - 2015-06-12 14:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-13 09:23 - 2015-06-12 13:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-13 09:22 - 2015-07-28 20:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 09:22 - 2015-07-28 11:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 09:22 - 2015-07-28 11:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 09:20 - 2015-07-07 06:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-13 09:20 - 2015-07-07 06:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-13 09:20 - 2015-07-07 06:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-13 09:19 - 2015-07-14 18:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-13 09:19 - 2015-07-14 18:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-13 09:19 - 2015-07-14 18:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 10:36 - 2014-02-05 19:33 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 04:34 - 2014-02-05 19:33 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-09-12 09:28 - 2014-07-02 17:12 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3792598364-1687661706-653696805-1001
2015-09-12 09:23 - 2014-02-06 00:45 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2015-09-12 09:23 - 2014-02-06 00:45 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2015-09-12 09:23 - 2013-11-01 08:36 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-12 09:22 - 2014-02-05 19:03 - 01228430 _____ C:\Windows\WindowsUpdate.log
2015-09-12 09:19 - 2014-07-02 17:10 - 00000000 __RDO C:\Users\Monica\SkyDrive
2015-09-12 09:17 - 2013-08-22 11:46 - 00032533 _____ C:\Windows\setupact.log
2015-09-12 09:17 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-12 09:17 - 2013-08-22 11:44 - 00362728 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-12 09:15 - 2014-07-05 18:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-12 09:15 - 2013-11-01 08:23 - 00874232 _____ C:\Windows\PFRO.log
2015-09-12 09:15 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-12 09:12 - 2013-08-22 16:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 09:12 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-12 09:11 - 2014-07-02 18:10 - 00000000 ____D C:\Windows\system32\MRT
2015-09-12 09:02 - 2015-07-31 10:18 - 00024145 _____ C:\Users\Monica\Documents\promotoria.odt
2015-09-12 09:01 - 2014-07-02 21:26 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-12 09:00 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-12 08:54 - 2014-07-02 19:15 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A32C733-5B5E-4645-84DD-67B52D44E8A1}
2015-09-11 11:49 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-11 11:08 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-11 06:01 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-10 21:53 - 2014-07-20 08:02 - 00309248 ___SH C:\Users\Monica\Downloads\Thumbs.db
2015-09-09 07:15 - 2014-07-02 23:18 - 00000000 ____D C:\Users\Monica\AppData\Local\CrashDumps
2015-09-08 08:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
2015-09-05 05:37 - 2014-09-10 14:33 - 00553984 ___SH C:\Users\Monica\Documents\Thumbs.db
2015-08-26 18:37 - 2014-07-02 18:10 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-23 17:18 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-19 04:52 - 2013-11-01 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-08-19 04:46 - 2014-07-02 17:09 - 00000000 ____D C:\Users\Monica\AppData\Local\clear.fi
2015-08-17 10:25 - 2014-12-13 11:18 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-17 10:25 - 2014-07-10 11:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-17 10:25 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 12:10 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 12:10 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 12:10 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
==================== Files in the root of some directories =======
2014-11-26 17:39 - 2014-11-26 17:42 - 30896010 _____ () C:\Program Files\Passware Kit PRO.zip
2014-04-22 09:03 - 2014-04-22 09:03 - 123392946 _____ () C:\Program Files (x86)\openoffice1.cab
2014-04-22 09:01 - 2014-04-22 09:01 - 2310144 _____ () C:\Program Files (x86)\openoffice410.msi
2014-04-22 09:01 - 2014-04-22 09:01 - 0476160 _____ () C:\Program Files (x86)\setup.exe
2014-04-22 09:01 - 2014-04-22 09:01 - 0000279 _____ () C:\Program Files (x86)\setup.ini
2014-07-05 17:23 - 2014-07-05 17:23 - 0000266 _____ () C:\Users\Monica\AppData\Local\alwju.bat
2014-07-05 17:21 - 2014-07-05 17:21 - 0000266 _____ () C:\Users\Monica\AppData\Local\bncpb.bat
2014-07-05 17:18 - 2014-07-05 17:18 - 0000266 _____ () C:\Users\Monica\AppData\Local\ikuwyceg.bat
2014-07-05 17:25 - 2014-07-05 17:25 - 0000266 _____ () C:\Users\Monica\AppData\Local\isnpkup.bat
2014-07-05 17:31 - 2014-07-05 17:31 - 0000266 _____ () C:\Users\Monica\AppData\Local\lindinsi.bat
2014-07-05 17:19 - 2014-07-05 17:19 - 0591320 _____ (ClickMeIn Limited) C:\Users\Monica\AppData\Local\nspEA15.tmp
2014-07-05 17:27 - 2014-07-05 17:27 - 0000266 _____ () C:\Users\Monica\AppData\Local\timyfs.bat
2014-07-05 17:29 - 2014-07-05 17:29 - 0000266 _____ () C:\Users\Monica\AppData\Local\tyeljw.bat
2014-02-05 19:33 - 2014-02-05 19:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Monica\AppData\Local\Temp\8EDA.exe
C:\Users\Monica\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsn1f48.dll
C:\Users\Monica\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Monica\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\Monica\AppData\Local\Temp\octC2DF.tmp.exe
C:\Users\Monica\AppData\Local\Temp\Quarantine.exe
C:\Users\Monica\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-01 07:33
==================== End of FRST.txt ============================ FRST Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Monica (2015-09-12 09:32:48)
Running from C:\Users\Monica\Downloads
Windows 8.1 Single Language (X64) (2014-07-02 20:07:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-3792598364-1687661706-653696805-500 - Administrator - Disabled)
Convidado (S-1-5-21-3792598364-1687661706-653696805-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3792598364-1687661706-653696805-1003 - Limited - Enabled)
Monica (S-1-5-21-3792598364-1687661706-653696805-1001 - Administrator - Enabled) => C:\Users\Monica
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Antivírus e antispyware da McAfee (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivírus e antispyware da McAfee (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.08.2003 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.04.2004.0 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-3792598364-1687661706-653696805-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.07.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.09.2004.0 - Acer Incorporated)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-3792598364-1687661706-653696805-1001\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Ferramentas do Visual Studio 2005 para Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4113 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.115 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Nitro Reader 3 (HKLM\...\{E5660852-CBDA-4C17-9475-C0C0E5A4CFB4}) (Version: 3.5.3.14 - Nitro)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
Passware Kit Professional 12.3 (HKLM-x32\...\{FFFF4FFA-3CC9-4EC1-845A-8B24027820E3}) (Version: 12.3.6332 - Passware)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3792598364-1687661706-653696805-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
==================== Restore Points =========================
20-08-2015 17:36:08 Windows Update
31-08-2015 07:12:32 Windows Update
08-09-2015 15:27:34 Ponto de Verificação Agendado
12-09-2015 09:06:37 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 10:25 - 2015-08-11 14:54 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F27EC7E-E8F1-4D6C-88D1-DBB19477BD39} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-11 -> No File <==== ATTENTION
Task: {10F98876-4BA0-4BA8-9E98-B7F46BDAD16F} - System32\Tasks\lindinsi => C:\Users\Monica\AppData\Local\lindinsi.bat [2014-07-05] ()
Task: {190DC44D-8E22-45F9-A675-5D78CA06A748} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5_user -> No File <==== ATTENTION
Task: {202B0A4E-918B-4043-93A7-D81700F16E24} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-08-13] (Acer)
Task: {2BF73531-0812-442F-9C20-298864C2A821} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {2EA1FE73-FE03-4AF7-97F8-A58AB7D291F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {335486A0-07A8-44F5-A129-987F88214A7D} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-07-23] (Acer Incorporated)
Task: {3C7020F0-4BDB-4AA4-B34C-808F90E2F5E7} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {3F365E5C-C7BB-40F1-B0A1-6549DCE46748} - System32\Tasks\ikuwyceg => C:\Users\Monica\AppData\Local\ikuwyceg.bat [2014-07-05] ()
Task: {57493D84-9C8E-4615-9641-B22D812C6F75} - System32\Tasks\isnpkup => C:\Users\Monica\AppData\Local\isnpkup.bat [2014-07-05] ()
Task: {5BACF658-2447-4EE9-BD6B-67A1EF12175A} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-5 -> No File <==== ATTENTION
Task: {5E558A77-EABC-48A8-907C-A2856FA13AA3} - System32\Tasks\timyfs => C:\Users\Monica\AppData\Local\timyfs.bat [2014-07-05] ()
Task: {646B7114-B6C8-4ED3-BF80-743BA8FDB6FD} - System32\Tasks\tyeljw => C:\Users\Monica\AppData\Local\tyeljw.bat [2014-07-05] ()
Task: {65C76B99-C017-47DD-AAC9-1E3C75D833A9} - System32\Tasks\alwju => C:\Users\Monica\AppData\Local\alwju.bat [2014-07-05] ()
Task: {70FDF72B-6D2F-4B0E-8BFF-03C2957AD54A} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {7124E938-5E16-4442-B98D-EC5187990663} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-02] (Acer Incorporate)
Task: {72D0B9F4-8143-4B6F-87C3-D306AF544271} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {75412B3F-992A-4759-9CB7-64225A7FB2BD} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-1 -> No File <==== ATTENTION
Task: {8831CF92-CBD4-45E3-A388-BA52CCB27FC4} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {98D21829-3B98-48A1-894F-6A625F8CCFC3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {9BD3C0E8-3784-4E29-BF6B-77845CB8110D} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-2 -> No File <==== ATTENTION
Task: {A1775910-CDE8-43B3-9ED4-203C04B24E14} - System32\Tasks\bncpb => C:\Users\Monica\AppData\Local\bncpb.bat [2014-07-05] ()
Task: {A304EFB4-FE0F-45F7-8AFD-B62CF6EDE5B6} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-3 -> No File <==== ATTENTION
Task: {C16458BF-446D-469A-83E4-AB0E7F682EF5} - \1f5d2935-6b05-42ef-8e38-deefb0fb7fd7-4 -> No File <==== ATTENTION
Task: {D3DFA619-5149-4796-AC2D-BF89A73E4E9A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {E5B91C5B-4900-4DB1-8BE0-51E7B7AB1DC6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {E8CFD0D5-62DF-4B73-B28B-6925F60E0925} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3792598364-1687661706-653696805-1001Core.job => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-09-07 00:48 - 2013-09-07 00:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 00:45 - 2013-09-07 00:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 00:52 - 2013-09-07 00:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-07-27 17:46 - 2015-07-27 17:46 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-09-12 09:20 - 2015-09-12 09:20 - 00043008 _____ () c:\users\monica\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsn1f48.dll
2015-03-04 18:45 - 2015-03-19 04:15 - 00750080 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 18:45 - 2015-03-19 04:15 - 00047616 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 18:45 - 2015-03-19 04:15 - 00865280 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 18:45 - 2015-03-19 04:15 - 00200704 _____ () C:\Users\Monica\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-02-05 19:26 - 2013-09-03 20:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00201568 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00653112 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00640352 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-08-05 19:48 - 2015-08-05 19:48 - 00118112 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-07-27 07:26 - 2015-07-27 07:26 - 00014176 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-07-23 16:08 - 2015-07-23 16:08 - 00012128 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-07-23 15:56 - 2015-07-23 15:56 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-08-13 20:48 - 2015-08-13 20:48 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-08-13 20:48 - 2015-08-13 20:48 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Monica\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Monica\Documents\Anderson pedido.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Anderson pedido.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\autoriracao rateio 13 salario.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\autoriracao rateio 13 salario.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Hotel pagamento.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Hotel pagamento.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\OAB curso.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\OAB curso.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Processo Anarilda Wellington.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Monica\Documents\rateio 13 salario.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\rateio 13 salario.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 attendance 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 QT.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 QT.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\T03 schedule.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\T03 schedule.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Thyssen boleto.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Thyssen boleto.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Monica\Documents\Vienna Freud.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Monica\Documents\Vienna Freud.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3792598364-1687661706-653696805-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 89.248.166.149 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{868B7A9A-3771-488A-953B-F26B35463F52}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A6AAD695-9D85-43D8-8EF1-840D0D7225E8}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{D424EB46-FD6A-42B8-BF84-BAE5582EB53B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{878298F0-B10E-41D2-B924-10795C559E21}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A95C9EAB-BCAF-487E-A78E-91A41FF59D77}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5A01F964-4C54-4E28-A134-8B7737552A6C}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{5EB92DF1-D48E-476E-96D6-9EF4B001E2CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{2882398B-6DF1-48C4-AD47-B83295F56AA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FFC1E2C4-C418-46D0-A9A6-704C2392E609}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{6DDB21F3-ADF3-4784-8261-85C4EDA81B72}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{AFAB4A6E-22ED-48DD-86FE-5BD3DDA901D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{63611343-3981-4AB1-8B24-BD730C4B4616}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{638023C5-0CE1-460B-8E2B-27E1323D5745}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7B8F9CDC-8B63-46E8-8B9C-9B41C5F71BCE}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{F61E21B8-A811-4390-8C48-F76709C647B4}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{32CB50FA-5ECE-4CE2-809A-62EEAD42AD73}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{D26B9193-3F07-4625-8CEA-AE17F9E69ABB}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{7F4E1D66-B2BB-4F19-AC59-0A323EE6CDA3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6A840E65-DA1B-429A-AF4F-73BE8B951184}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{271879EF-7A48-4758-BC5F-538D9F33B421}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{A875F548-50CF-42D6-BC9C-E20F305F33B4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{B5E3560E-AD87-44E5-959D-792E2648C3F4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0A663979-5B49-4EB1-9654-114059C55B1D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{4B3D8C37-3C44-43BD-9BF5-BD7436DDC9C1}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{2FA47325-1091-4631-949D-6C9E8250C8DC}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{7F7C622A-1DA4-4592-AB73-BF3AE172A9C4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{264CADAA-C8EB-4F77-8D5B-594862727558}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{056F5CE8-5D3B-4A98-8598-860442AF70D8}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{2CF087A2-0A94-4B1F-BF9E-E981076CF396}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{881BD0AC-6A1A-4B2A-BFB0-F082B355D0A5}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{0222F0C9-A388-4D48-9915-50C5FCCB1142}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{C2251342-C52A-4761-943B-C3F3754AA2BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{2CAD4F62-82BD-4EA4-AF23-3F27A35C56E0}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{D170B7FF-9CB2-40AE-ADFE-12DAFF0D6B0F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{A2C5235E-F22F-440B-83BA-4904F19D3E6A}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{3A3BA756-49D5-4155-ABA4-294F4B07B8DB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{5B123DF9-9854-452A-9373-637B53F5C6A5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{FAB3BB80-2F01-4864-9FC1-AFD08D68C346}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{97AEFD6C-C061-4DC0-B147-0337EA7112B6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{3016371D-2ED5-44FE-BF84-004194B3F1BA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{8E4DA2B1-732A-424C-97BD-35EF3D105D5E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F5D63344-8AD3-4DED-A560-E2D440E6DFF2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{1FAEED5E-6B1F-4F0F-A11E-BCE5B072BC4D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F676DF36-0BDF-4856-B392-1F6A6306A90B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{4EC186E5-B7C0-4F15-BC32-C651A7A227AB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F4D1FF55-E8CA-41D6-86D6-A6EF82A19AC9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{9E74EFCD-9DFA-4F18-BF63-D1FFD2C71BE6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2279D5BE-86C8-4937-A4A0-9BAC04524933}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{C6CC19CE-1B50-436B-B62E-7726F68F04EB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{CF1E157F-3F22-4462-8C4D-D3AB28319EFC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{6F4A818D-11AC-4593-BE86-CD9E64036F6F}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{AD378EB5-2202-4560-9DBF-BE2235558B64}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8389B775-3C41-47F4-BFF9-990CC3A4A27F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{22F5B9FD-CE76-457B-A7E7-0496E8A080FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{06F4BBC1-CB61-4B40-B1A7-D194A99EE9C6}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0700FB97-8510-4857-A77D-0FF68F36D201}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1C8272E6-B760-4020-A911-A4225A882F08}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{2CB13FF8-B673-44D5-9024-6FE67FC564E2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{ACD2B40B-E57F-434A-AC4B-380600317282}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{7A22DA6B-9407-4BB2-A534-2E62B3333879}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8FB30E29-BE65-442D-A164-C99A40612211}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{93241890-2DF0-445D-B4FA-4D271080442F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{038E517A-F8C2-470B-B57D-3A67ED609DD7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{444045C5-0F26-48C0-90FE-A678CAD420FD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2683B2DC-283B-4E09-856A-1DF0CFB54C0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B5C97B80-385A-4971-9BBA-50A2A50A5070}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3D7D96BA-3AA9-4A42-972F-CBD7D0CCCA96}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8234C44A-6F09-4519-B0BF-F57B46BE901E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9770236A-BBB4-449A-A3AC-543E9E723327}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6972A28D-638B-4845-B421-D43C05E704E9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{91D29E93-0FCC-422E-99DA-A79140AE1667}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{886C925C-7B24-4A60-BD0E-EEDB00A68225}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{8D6295D0-7866-4DFA-A082-CA65672C83E7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{7D2507BC-57AB-463B-89F1-03C38F0873FB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{57BFAAEA-4599-4C09-A63D-973848853C49}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F100F530-C53E-42F0-90E2-0A00FE65B221}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{685E26CF-218D-4DAE-8FC4-E00A50FFCDDC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{CF53BECB-D4BE-44C9-9591-3ACC9D266C14}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{5ED27DD8-EEA6-4F8D-AD5C-922D2BFF0EBE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D370543C-6A16-44D1-8B83-1E728FC7A876}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{612263E9-0C35-426F-8083-D1ED98DAF474}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2C80D9B6-D082-4612-99CA-5DD1B8E6DFC1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{B3A3E02C-117C-4FCF-B66D-6C5ADB6173EE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E78972D7-698C-4FF9-B87A-8749A733DC17}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{FF7E2908-103A-4E7D-8763-6941211D8D12}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F2530216-9564-4763-A2F4-3537C299A6F6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{04FB3D35-2674-47B4-BE20-BD5B46B49E50}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{614F8E57-FE70-4652-B4E3-2C0F6CDF5739}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{82E064D5-5985-46B1-9995-D310F28E8076}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{8FCAFA1A-BE1D-4F93-8FB8-C4EF2208262B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{4716CF87-62DD-4E66-9F84-3A1252EEF3E6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F00DC467-E3CE-484D-B87A-BDA039004679}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F0EEBE2B-9CFF-4337-865E-164A9A4FC8D6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FBB3B59A-13F5-4C37-BAAA-31BD77C39EDE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F5A9BDA5-972F-4680-9A57-C6C7E5BEF745}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{ED219CD8-B7F4-46B3-800F-55977BE9C13D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{BA2904AB-57F3-49BB-BA1E-4C238121F382}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{160DB14B-29FA-4EB2-A46D-FF04AA303BA3}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CEFA2315-3CC7-46B4-BFCF-FF59B24E2844}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{EECC0A66-53B6-4BCD-9EDE-C0E6AB6058DE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{4BEE438A-6861-493F-8737-3E59DC612532}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{A5F84365-CD3A-4345-BE30-964F9895C84A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9003A799-4235-4EC3-A690-BAF8ABA96904}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{39E9D626-5AC1-4CF7-8827-B513DFE1BD92}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DE91CDFA-135E-40E5-B749-5DDD1F1F1C57}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{29EB3C1B-5984-409F-AA31-EB7CCC6E7C3E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2B959876-CCEC-483D-9D0B-99C554E8EEA7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ADDC36D1-3BC3-4331-B203-79FF78B41363}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C4E85C84-3E6B-4A46-BCB2-390C7A2C693D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{15A450DC-F5F0-445B-922D-37178C84A1F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{00739B69-4133-4732-BC0B-B69FEA83A3AC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1AB3ADFD-6866-4A29-835F-5C0D6FBE82D9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{46C7447C-39F5-4287-8107-994462357174}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{68C09A72-EA71-4620-8AB9-9CF7B97163EB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D886B5EA-451F-4801-9519-16EF06E75BDF}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{45EA03A1-39C3-4083-B316-6EC6C07AC412}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D39A378B-4A54-48DB-B41D-C334F9AB5EA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1980E542-94C0-4EAE-9CC9-0A871EF578D4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1D9E7D51-8AA8-4A8D-99FA-A62E1F7223A9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{234B63DB-8DED-4871-98A9-5FB35E8AB5D9}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{843BD66B-380A-46C3-BFAC-FA82DA339C93}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CBF13F81-8203-4E17-A9B3-C14F75432A12}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6E2A65D0-A024-4CDA-850A-B28669B99A19}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{98C1FBFA-5169-457C-8EE7-387A8575C8BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0FD41A76-F6B7-4767-98D4-5914EFB66306}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{34048F8F-F478-4A74-9718-FF1610241DA9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{57654119-2702-465E-80E5-4CB43E65B70C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EAAA15AE-9E70-444F-B269-9759106964B7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{92C29F6D-B7B9-4963-9688-2D4A4B8E91B4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BF909D9A-7318-409B-A9E0-96251AE4F4EF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{25165BEB-8831-44AE-94F7-04E63AC557BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1FF89E06-E3D8-4F4C-9D22-178FB064230E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D17D0F0C-1682-4110-A155-5A41DF9ED29A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{9EBFAC6F-0CAF-48CA-AA97-333D7C2D4938}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CA0E8A63-E719-4752-A9E4-71A15DDE947D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{104DD35D-B51D-4BAA-9726-B9A39C127331}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7EB9F81C-B115-4A0E-A40B-E581A2B5B5E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{4EDF515A-50B7-42B9-95D4-91A2CACEF970}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{060CCC52-5D31-423F-97EE-DD1F50DB9207}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F85AAB0A-23D6-4211-9191-F53D285943FF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{24FF1F92-A5F3-47C3-B4E6-BED468492F7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1D00E5ED-E5A7-486F-94F7-ED0ED89A602A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{189B56B7-4FE7-47A9-B931-172C20521781}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CDD4EB2E-1A13-479C-83C7-C1D8C99F7189}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A9EC8D8E-C19F-4783-A150-A89730851788}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{CAB33BC2-FD46-4C71-A5D2-010F0B2BA551}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7F13B5D7-4FB2-436E-93C3-73080A7DE93A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{FC533484-050E-4C32-BEDB-0F4741192172}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7A113C14-FB2D-48FA-A939-7DE943C919FD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{905D5849-95E3-42BC-9617-DC9FF9A50361}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{8D9A61CD-8E78-4300-9FC3-5F27A6A610B0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{833BAB7B-BC2C-4F06-8D63-6A8712537300}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7287617E-667D-4D36-B663-B1F99E419489}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{94070D7F-AE25-461D-AE0A-1F209B3B5DE4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C8BC8BD8-D798-4AD8-9D34-60FBBA0D0179}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9D15EA70-380E-4686-AC9B-1AD9BD4B2419}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{18073016-80E2-42EA-B85B-466A210E6D03}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1F4A9B5D-FB01-4BC5-B8B6-0FC292D7A05B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1A150557-92DC-46F6-A8F2-A85DB8CD3879}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F5087AF7-073B-472C-AF75-C9E8C7C60801}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F9268F4C-9F01-4B47-B0CE-1A1A88C6DEBD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{D33E1BA3-22DD-4091-B2AF-30E43D08B846}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1191310D-F2CF-427D-9870-C7843DB84195}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{87875759-C885-402D-BF81-9F6A74572B7B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0FE9765C-D2FF-4818-A281-B9C1826EA8DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1243B007-30CB-4DA1-A6D4-147A1AA6C82E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B018C30F-5165-463B-B243-062D2D205A69}] => (Allow) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C45897A4-9942-4F52-B946-6E033E94FC3B}] => (Allow) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C2A47498-54C7-44ED-A478-9BC724B68C08}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4777003E-414E-4417-ADBA-8600DF122FFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8104A464-0F0B-4E34-98F5-C44CF0708000}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9CE2C813-1630-47B7-8514-6AAF28450A2B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A1F121C8-0EAB-4CE7-AFBA-0234F9ADD152}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E9389FCD-1666-45C1-B1F1-3A75C359C72B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1400EEFF-93A1-461E-BB5A-9F615925EF43}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E8411286-9287-4B14-A007-8928409C6DE1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{00ACE80B-B41E-40EA-A5AB-63DC18D9D38D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BB3EE62A-E19E-48A3-82E7-1822EF4DDA23}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FF337B5E-C496-4CF2-8DDD-42BEEB2C676E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{539AE13C-2A09-4D31-8435-03796A5EFFBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{02725209-B52B-4FD8-95B7-F47EBB74C4FA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E76BB129-CB61-4859-9D98-39117ED1CBA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{85A069C5-6126-4EAA-ACFD-F71E85E982D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{228056C2-F0F7-4FCF-95CC-E5600DC1EEBB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E46781D7-673C-458F-B0CD-8CF7E28F8E27}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{ADF5616A-5CAC-4D48-B810-18E8DD5CDAB5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AF70E296-0309-4620-B0F5-08AF6BED84C2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7CCE9F97-6071-4615-B7BF-7BAFAFA41EB1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DAF19E82-8327-4CDF-BEFD-D7B1FCC1A8F1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1CB80860-C3B8-416F-98BF-9FFBE1C8686F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0151F974-6D55-4DC9-9913-57A9CBB8DA16}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C58C7261-76D6-4702-90F7-5F0B1AA00EA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{35BA0E5E-7F9B-45AC-B373-7B014348F88E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{9AEB76F9-80A0-40CA-BC6C-5CD90484EF08}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5EABFAD5-DA21-4E2B-88CE-174E2664F3E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8E9E513A-1E8F-4E19-A64B-4849F1D1DA13}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C9CB7D8F-F87D-443D-9D50-BCA7CF29B428}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{48CE8CCC-8D73-456D-8FDE-9C34A2935419}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0B58342A-456E-4A41-91B6-18E808C9CAC8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E9E5B267-FD06-40FB-BF26-EDA91EE15C0D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5F3698CC-1BEF-4E1E-BEDD-31601C2D4A49}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DAF5F63E-024F-42C7-A6BA-1855AAD76394}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5B81A66D-8964-4375-B2B3-C6B952714502}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{51A141CB-9FB1-4E57-9F47-E8D6215A6288}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2B5C90E7-C17B-4E37-81B4-DB1F777C331D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B1176B39-D0DC-43A9-8656-AF74E50F6B24}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F3AF57C1-D0DD-471B-BA62-374B1810C984}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{978766D4-FB84-47B9-AEAF-686AC264DA75}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/12/2015 08:54:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: plugin-container.exe, versão: 40.0.3.5716, carimbo de data/hora: 0x55ddb213
Nome do módulo com falha: mozglue.dll, versão: 40.0.3.5716, carimbo de data/hora: 0x55dda062
Código de exceção: 0x80000003
Deslocamento da falha: 0x0000e250
ID do processo com falha: 0x2174
Hora de início do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
Caminho do módulo com falha: plugin-container.exe2
ID do Relatório: plugin-container.exe3
Nome completo do pacote com falha: plugin-container.exe4
ID do aplicativo relativo ao pacote com falha: plugin-container.exe5
Error: (09/11/2015 11:47:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
ID do Processo: 2fa8
Hora de Início: 01d0ec9ff7df1d49
Hora de Término: 4294967295
Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe
ID do Relatório: eeff97cf-5893-11e5-82ac-201a0657a1d6
Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe
ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1
Error: (09/11/2015 10:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: saUpd.exe, versão: 4.0.1.115, carimbo de data/hora: 0x55ae713e
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f1280
ID do processo com falha: 0x27c4
Hora de início do aplicativo com falha: 0xsaUpd.exe0
Caminho do aplicativo com falha: saUpd.exe1
Caminho do módulo com falha: saUpd.exe2
ID do Relatório: saUpd.exe3
Nome completo do pacote com falha: saUpd.exe4
ID do aplicativo relativo ao pacote com falha: saUpd.exe5
Error: (09/11/2015 09:33:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: saUpd.exe, versão: 4.0.1.115, carimbo de data/hora: 0x55ae713e
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f1280
ID do processo com falha: 0x2838
Hora de início do aplicativo com falha: 0xsaUpd.exe0
Caminho do aplicativo com falha: saUpd.exe1
Caminho do módulo com falha: saUpd.exe2
ID do Relatório: saUpd.exe3
Nome completo do pacote com falha: saUpd.exe4
ID do aplicativo relativo ao pacote com falha: saUpd.exe5
Error: (09/11/2015 06:19:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/10/2015 02:51:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/10/2015 09:22:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/09/2015 07:59:28 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/09/2015 07:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: saUpd.exe, versão: 4.0.1.115, carimbo de data/hora: 0x55ae713e
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f1280
ID do processo com falha: 0x2d18
Hora de início do aplicativo com falha: 0xsaUpd.exe0
Caminho do aplicativo com falha: saUpd.exe1
Caminho do módulo com falha: saUpd.exe2
ID do Relatório: saUpd.exe3
Nome completo do pacote com falha: saUpd.exe4
ID do aplicativo relativo ao pacote com falha: saUpd.exe5
Error: (09/09/2015 07:37:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: saUpd.exe, versão: 4.0.1.115, carimbo de data/hora: 0x55ae713e
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f1280
ID do processo com falha: 0x2678
Hora de início do aplicativo com falha: 0xsaUpd.exe0
Caminho do aplicativo com falha: saUpd.exe1
Caminho do módulo com falha: saUpd.exe2
ID do Relatório: saUpd.exe3
Nome completo do pacote com falha: saUpd.exe4
ID do aplicativo relativo ao pacote com falha: saUpd.exe5
System errors:
=============
Error: (09/12/2015 09:29:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro:
%%1
Error: (09/12/2015 09:14:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço mfemms.
Error: (09/11/2015 09:29:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro:
%%1
Error: (09/10/2015 09:27:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro:
%%1
Error: (09/09/2015 07:20:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro:
%%1
Error: (09/08/2015 10:42:19 AM) (Source: DCOM) (EventID: 10010) (User: MONICA)
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Error: (09/08/2015 06:29:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro:
%%1
Error: (09/07/2015 07:05:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro:
%%1
Error: (09/06/2015 06:36:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro:
%%1
Error: (09/05/2015 05:34:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro:
%%1
Microsoft Office:
=========================
Error: (09/12/2015 08:54:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.3.571655ddb213mozglue.dll40.0.3.571655dda062800000030000e250217401d0e89e4d0c1ce4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllfc8d60c0-5944-11e5-82ac-201a0657a1d6
Error: (09/11/2015 11:47:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.209112fa801d0ec9ff7df1d494294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exeeeff97cf-5893-11e5-82ac-201a0657a1d6microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (09/11/2015 10:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: saUpd.exe4.0.1.11555ae713entdll.dll6.3.9600.1793655a68e0cc000037400000000000f128027c401d0ec9264f4d8c2c:\PROGRA~2\mcafee\SITEAD~1\saUpd.exeC:\Windows\SYSTEM32\ntdll.dlld3e9bbf6-5885-11e5-82ac-201a0657a1d6
Error: (09/11/2015 09:33:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: saUpd.exe4.0.1.11555ae713entdll.dll6.3.9600.1793655a68e0cc000037400000000000f1280283801d0ec8e0c5a180cc:\PROGRA~2\mcafee\SITEAD~1\saUpd.exeC:\Windows\SYSTEM32\ntdll.dll5f5c1815-5881-11e5-82ac-201a0657a1d6
Error: (09/11/2015 06:19:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/10/2015 02:51:34 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/10/2015 09:22:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/09/2015 07:59:28 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/09/2015 07:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: saUpd.exe4.0.1.11555ae713entdll.dll6.3.9600.1793655a68e0cc000037400000000000f12802d1801d0eaee610f9be3c:\PROGRA~2\mcafee\SITEAD~1\saUpd.exeC:\Windows\SYSTEM32\ntdll.dllb88ad6ee-56e1-11e5-82ac-201a0657a1d6
Error: (09/09/2015 07:37:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: saUpd.exe4.0.1.11555ae713entdll.dll6.3.9600.1793655a68e0cc000037400000000000f1280267801d0eaeb4e9ab877c:\PROGRA~2\mcafee\SITEAD~1\saUpd.exeC:\Windows\SYSTEM32\ntdll.dllbd8acb64-56de-11e5-82ac-201a0657a1d6
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) 2955U @ 1.40GHz
Percentage of memory in use: 44%
Total physical RAM: 3976.27 MB
Available physical RAM: 2210.18 MB
Total Virtual: 6280.27 MB
Available Virtual: 4225.64 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.69 GB) (Free:400.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3FB2AF5E)
Partition: GPT.
==================== End of Addition.txt ============================
Ich hoffe, ihr koennt mir helfen, die Plagegeister wieder loszuwerden.
Viele Gruesse,
Carsten |