Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-07-2015 Ran by Claudia (2015-07-30 11:24:47) Running from C:\Users\Claudia\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-2141431521-524041191-805285620-500 - Administrator - Disabled) Claudia (S-1-5-21-2141431521-524041191-805285620-1000 - Administrator - Enabled) => C:\Users\Claudia Convidado (S-1-5-21-2141431521-524041191-805285620-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden Add or Remove Adobe Creative Suite 3 Master Collection (HKLM\...\Adobe_8bb24e071e5922899698c2105557bd2) (Version: 1.0 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader 9.5.5 - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden Artisteer 4 (HKLM\...\Artisteer 4) (Version: 4.3 - Extensoft) Assistente de Conexão do Windows Live (HKLM\...\{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}) (Version: 5.000.818.6 - Microsoft Corporation) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2223 - AVAST Software) Brother MFL-Pro Suite DCP-J125 (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.) Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.) Dell Dock (HKLM\...\{E00B477F-8558-45DA-B25A-69935FB89A94}) (Version: 2.0.0 - Dell) Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc) Dell Support Center (Software de Suporte) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.115.101 - Alps Electric) Dell Video Chat (HKLM\...\Dell Video Chat) (Version: 6.1 (6751) - SightSpeed Inc.) Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd) Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print 2 (HKLM\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Ferramenta de Carregamento do Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) GIF Movie Gear 4.2.3 (HKLM\...\GIF Movie Gear_is1) (Version: - gamani productions) Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - ) Integrated Webcam Driver (1.00.02.0825) (HKLM\...\Creative OA009) (Version: - ) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden KnockOut 2 (HKLM\...\KnockOut 2) (Version: - ) Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.2303.1 - Creative Technology Ltd) Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Default Manager (HKLM\...\{095B1DCF-5E8B-47EC-9B18-481918A731DB}) (Version: 2.0.69.0 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (Portuguese (Brazil)) (HKLM\...\{95120000-00AF-0416-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{EE5B6291-45EF-4705-A20E-89A3C5D2F87E}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 pt-BR) (HKLM\...\Mozilla Firefox 39.0 (x86 pt-BR)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NexusFont 2.5 (ver 2.5.5.1420) (HKLM\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles) Notepad++ (HKLM\...\Notepad++) (Version: 6.3.3 - Notepad++ Team) Pacote de Compatibilidade para o sistema Office 2007 (HKLM\...\{90120000-0020-0416-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation) Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb) (Version: - Microsoft Corporation) PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden PhotoFiltre Studio X (HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\PhotoFiltre Studio X) (Version: - ) PhotoScape (HKLM\...\PhotoScape) (Version: - ) Poedit (HKLM\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.7.1 - Vaclav Slavik) PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) Serif CraftArtist 2 Professional (HKLM\...\{833F6D9C-B254-421F-987B-A7670B711B2C}) (Version: 2.0.2.28 - Serif (Europe) Ltd) Silhouette Studio (HKLM\...\{EEDF3C10-CD1E-4561-822A-440BA591188B}) (Version: 2.8.16 - Aspex Research & Technology) WIDCOMM Bluetooth Software 6.1.0.4502 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.1.0.4502 - Dell) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Sync (HKLM\...\{48FD9BAB-E7C0-494B-8AE9-BF9507D331B7}) (Version: 14.0.8050.1202 - Microsoft Corporation) WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ZHPFix 2015 (HKLM\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2141431521-524041191-805285620-1000_Classes\CLSID\{AC77D6A6-05E2-0448-A864-A4A3E42C380C}\InprocServer32 -> no filepath ==================== Restore Points ========================= 25-07-2015 12:15:22 Windows Update 25-07-2015 12:43:01 Revo Uninstaller's restore point - GOM Player 28-07-2015 14:05:35 Revo Uninstaller's restore point - SUPERAntiSpyware 28-07-2015 21:43:58 ZHPFix Restore System Point 29-07-2015 11:22:51 JRT Pre-Junkware Removal ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 07:23 - 2006-09-18 18:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {963C333A-62E2-4FA0-86E3-19DD21E1874F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {A4E78BE0-3BF8-439A-8C7E-CF8FD5922A70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.) Task: {B14D898F-8C1A-412C-9BBD-19986A06BE92} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-16] (Adobe Systems Incorporated) Task: {B9B4A462-D11C-41C6-AA9F-77077022C088} - \Launch BCM WLAN Tray No Task File <==== ATTENTION Task: {C7FA585B-BFFD-49AF-9A94-42A34658B8D2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-16] (AVAST Software) Task: {C950ACDC-F688-44FC-B6D7-E698776065C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2009-10-14 16:30 - 2008-12-22 07:34 - 00026112 _____ () C:\Windows\System32\WLTRYSVC.EXE 2009-10-14 16:30 - 2008-12-22 07:32 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll 2015-07-16 15:23 - 2015-07-16 15:23 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-07-16 15:23 - 2015-07-16 15:23 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-07-29 11:09 - 2015-07-29 11:09 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072900\algo.dll 2008-06-05 18:59 - 2008-06-05 18:59 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2015-06-19 12:28 - 2015-06-19 12:28 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\31224b129caf4f0bc3359cb80d7d55e1\VistaBridgeLibrary.ni.dll 2012-09-09 10:05 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll 2015-07-16 15:23 - 2015-07-16 15:23 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 AlternateDataStreams: C:\ProgramData\TEMP:89EAFAFC ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\008i.com=CoolWebSearch -> 008i.com=CoolWebSearch IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\008k.com=CoolWebSearch -> 008k.com=CoolWebSearch IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\00hq.com=CoolWebSearch -> 00hq.com=CoolWebSearch IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\0190-dialers.com=0190 Dialers -> 0190-dialers.com=0190 Dialers IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\0calories.net=CoolWebSearch -> 0calories.net=CoolWebSearch IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2141431521-524041191-805285620-1000\...\1-domains-registrations.com -> 1-domains-registrations.com There are 6914 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2141431521-524041191-805285620-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img10.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{3ABA5222-B5A5-439E-AF68-2BA4A4FF6A9E}] => (Allow) C:\Program Files\Dell Video Chat\DellVideoChat.exe FirewallRules: [{329786CD-2549-4576-A978-301821E1954A}] => (Allow) C:\Program Files\Dell Video Chat\DellVideoChat.exe FirewallRules: [{0C223A3E-2482-434C-8FBC-B559F394EBFF}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe FirewallRules: [{68A10017-63CC-47EE-BF6D-0D03F816F49D}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe FirewallRules: [{B3C5567C-474D-4F70-BAC1-F45E2200DDA7}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{2ACF5FEE-E2F0-4762-95E3-6CFEF884C099}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{F71B71FE-D923-4D78-A4D5-BD9DADC93C4F}] => (Allow) svchost.exe FirewallRules: [{454CF707-57D2-413B-8A7E-7BFA2D5F235C}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{D08B8075-8E26-4C0E-97FF-9F91EFF74D03}] => (Allow) LPort=80 FirewallRules: [{2172E2C4-5B44-4893-A8BE-2264F5CC7AB6}] => (Allow) LPort=80 FirewallRules: [{B939DCB2-2112-4FC3-BAAA-7D6F5D92D9AA}] => (Allow) LPort=80 FirewallRules: [TCP Query User{89FAB1C6-57A4-48B9-BFF3-0D83C26DE559}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{1A1EB478-8C5B-470F-9E7F-6349E0FA4F7A}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe FirewallRules: [{B6A9756D-B02B-4DBC-B9A7-E06B34DCE8DA}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{E1838515-2A4E-4EA5-A634-5E0ACABA00B8}] => (Allow) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{6E0FAC66-0A47-44F9-836E-4A053A77217D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{147003DD-6829-4F1C-9F9D-1D5870301C00}] => (Allow) C:\Program Files\Artisteer 4\bin\Artisteer.exe FirewallRules: [{7AA0CE77-49B5-41FD-9156-AF3435CF9D7D}] => (Allow) C:\Program Files\Artisteer 4\bin\Artisteer.exe FirewallRules: [{CB1CDE2A-FEFF-44F7-8D73-A24272F71C23}] => (Allow) C:\Program Files\Artisteer 4\bin\Artisteer.exe FirewallRules: [{C6E0304D-254E-463F-B54C-F030B2D23818}] => (Allow) C:\Program Files\Artisteer 4\bin\Artisteer.exe FirewallRules: [{20346631-DAD1-4A21-8765-760E0D3D8CDA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{519C7393-AE91-4870-856C-5EC78479D6CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{0B0280E4-8077-4067-BDB9-1AF77D771C88}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{8C5B324A-A40F-4815-BB82-B8CCA980A698}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{C7A48B78-0C53-4BFA-832D-8EA2A04EF057}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{99BFF4F5-1ADE-4075-8127-E6F2592287C9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{1A92399C-5886-493E-B5BD-5FECCE69A090}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/30/2015 10:51:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/30/2015 10:51:24 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/07/30 10:51:24.906]: [00002900]: Initialize TwdsMain Class failed! Error: (07/30/2015 10:51:24 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/07/30 10:51:24.906]: [00002900]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (07/30/2015 10:51:24 AM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/07/30 10:51:24.906]: [00002900]: GetDeviceList Failed! pStiInfo = 0x0.. Error: (07/29/2015 08:34:56 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/07/29 20:34:56.432]: [00005988]: Initialize TwdsMain Class failed! Error: (07/29/2015 08:34:56 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/07/29 20:34:56.432]: [00005988]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (07/29/2015 08:34:56 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/07/29 20:34:56.432]: [00005988]: GetDeviceList Failed! pStiInfo = 0x0.. Error: (07/29/2015 06:21:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/07/29 18:21:14.351]: [00003404]: Initialize TwdsMain Class failed! Error: (07/29/2015 06:21:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/07/29 18:21:14.351]: [00003404]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (07/29/2015 06:21:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2015/07/29 18:21:14.351]: [00003404]: GetDeviceList Failed! pStiInfo = 0x0.. System errors: ============= Error: (07/30/2015 10:52:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Intel(R) PRO/1000 NDIS 6 Adapter Driver%%1058 Error: (07/30/2015 10:52:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Driver do Intel(R) PRO/1000 PCI Express Network Connection%%1058 Error: (07/30/2015 10:52:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Dispositivo Bluetooth (Rede Pessoal)%%1058 Error: (07/30/2015 10:50:21 AM) (Source: volmgr) (EventID: 46) (User: ) Description: Falha na inicialização do despejo de memória! Error: (07/30/2015 10:50:13 AM) (Source: volmgr) (EventID: 46) (User: ) Description: Falha na inicialização do despejo de memória! Error: (07/29/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Intel(R) PRO/1000 NDIS 6 Adapter Driver%%1058 Error: (07/29/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Driver do Intel(R) PRO/1000 PCI Express Network Connection%%1058 Error: (07/29/2015 06:21:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Dispositivo Bluetooth (Rede Pessoal)%%1058 Error: (07/29/2015 06:20:08 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Falha na inicialização do despejo de memória! Error: (07/29/2015 06:20:02 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Falha na inicialização do despejo de memória! Microsoft Office: ========================= Error: (11/06/2012 09:17:43 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity: =================================== Date: 2015-07-30 11:24:11.278 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-30 11:24:10.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-30 11:24:09.109 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-30 11:24:08.033 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 15:03:26.935 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 15:03:25.921 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 15:03:24.938 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 15:03:23.987 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 15:03:22.988 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-07-27 15:03:22.037 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 40% Total physical RAM: 3031.63 MB Available physical RAM: 1799.13 MB Total Virtual: 6269.52 MB Available Virtual: 4831.34 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:283.01 GB) (Free:229.24 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive e: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: E8000000) Partition 1: (Not Active) - (Size=78 MB) - (Type=DE) Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS) ==================== End of log ============================