Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015 Ran by Herbert (2015-09-07 20:33:04) Running from C:\Users\Herbert Gross\Desktop Windows 10 Pro (X64) (2015-08-07 00:15:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1482101936-1889106726-2977933517-500 - Administrator - Disabled) Convidado (S-1-5-21-1482101936-1889106726-2977933517-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1482101936-1889106726-2977933517-503 - Limited - Disabled) Herbert (S-1-5-21-1482101936-1889106726-2977933517-1000 - Administrator - Enabled) => C:\Users\Herbert Gross HomeGroupUser$ (S-1-5-21-1482101936-1889106726-2977933517-1009 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE) µTorrent (HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.) 3TB+Unlock B12.1102.1 (HKLM-x32\...\{17630FD1-B14A-4CA5-A627-B6B5F7DD41CF}) (Version: 1.00.0001 - GIGABYTE) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AnyToISO (HKLM-x32\...\AnyToISO_is1) (Version: 3.7.0 - CrystalIdea Software, Inc.) Ashampoo Burning Studio 2013 v.11.0.5 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.5 - Ashampoo GmbH & Co. KG) aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd) AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk) AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden AutoCAD 2013 – Português – Brasil (Brazilian Portuguese) (Version: 19.0.55.0 - Autodesk) Hidden AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden AutoCAD 2013 Language Pack – Português – Brasil (Brazilian Portuguese) (HKLM\...\AutoCAD 2013 Language Pack – Português – Brasil (Brazilian Portuguese)) (Version: 19.0.55.0 - Autodesk) AutoCAD 2013 Language Pack – Português – Brasil (Brazilian Portuguese) (Version: 19.0.55.0 - Autodesk) Hidden Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.1 - Autodesk) Autodesk BIM 360 Revit 2015 Add-in 64 bit (HKLM\...\{37E1C3A1-7DBF-4250-9314-46167B68383D}) (Version: 3.32.3357 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk) Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.) Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.) Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk) Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk) Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.8.100 - Autodesk) Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk) Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.8.100 - Autodesk) Autodesk Material Library Low Resolution Image Library 2015 (HKLM-x32\...\{4FBC9635-AC56-4378-8FDE-C4D3ED072681}) (Version: 5.2.8.100 - Autodesk) Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.8.100 - Autodesk) Autodesk Revit Architecture 2015 (HKLM\...\Autodesk Revit Architecture 2015) (Version: 15.0.136.0 - Autodesk) Autodesk Revit Architecture Content Libraries 2015 (HKLM\...\Autodesk Revit Architecture Content Libraries 2015) (Version: 15.0.136.0 - Autodesk) Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.) Autodesk Workflows 2015 (HKLM\...\{A90DD6F8-60D2-4803-AFF6-796400E73E1B}) (Version: 5.2.11.100 - Autodesk, Inc.) AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE) AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6125 - AVG Technologies) AVG 2015 (Version: 15.0.4409 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.6125 - AVG Technologies) Hidden Baidu Browser (HKLM-x32\...\Spark) (Version: 43.19 Preview - Baidu Inc.) BitTorrent (HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\BitTorrent) (Version: 7.9.4.40912 - BitTorrent Inc.) bl (x32 Version: 1.0.0 - Your Company Name) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension (HKLM\...\_{4DC318F5-1640-4417-A218-912ED9905FAA}) (Version: 17.1.0.572 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 17.1.572 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.1.572 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - BR (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION) Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation) Epson Easy Photo Print 2 (HKLM-x32\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version: - SEIKO EPSON Corporation) Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-211 214 216 Series Printer Uninstall (HKLM\...\EPSON XP-211 214 216 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.12.1 - SCS Software) FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production) FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production) Ferramentas de Verificação do Microsoft Office 2013 - Português (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.) Freemake Video Converter versão 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.) Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.) Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (HKLM\...\ImagenomicNoisewareProPlugin) (Version: - ) Imagenomic Noiseware 5.0 Plug-in (build 5006) (HKLM\...\ImagenomicNoisewarePlugin) (Version: - ) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - ) Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Manual Epson XP-211_XP-214 versão 1.0 (HKLM-x32\...\UsersGuideManual Epson XP-211_XP-214_is1) (Version: 1.0 - ) Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Módulo de Proteção - Banco Santander (Brasil) S.A. (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.12.1.2 - ) Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility) Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge) ph (x32 Version: 1.0.0 - Your Company Name) Hidden Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Revit Architecture 2015 (Version: 15.0.136.0 - Autodesk) Hidden Revit Architecture 2015 Language Pack - English (Version: 15.0.136.0 - Autodesk) Hidden Revit Architecture Content Libraries 2015 (Version: 15.0.136.0 - Autodesk) Hidden Roller Coaster Tycoon 3 Platinum - CarlesNeo ! (HKLM-x32\...\Roller Coaster Tycoon 3 Platinum - CarlesNeo !) (Version: - ) RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - ) RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - ) RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version: - ) RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari) Software Updater (HKLM-x32\...\{D60071DB-459C-465C-92EF-336E65F1A436}) (Version: 4.0.1 - SEIKO EPSON CORPORATION) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Warsaw 1.5.2.9896 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.5.2.9896 - GAS Tecnologia) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Phone app for desktop (HKLM-x32\...\{1E18A938-C9B7-415D-8C43-753D6A917662}) (Version: 1.1.2726.0 - Microsoft Corporation) WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0001}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0001}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Herbert Gross\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 26-08-2015 22:46:00 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 01-09-2015 10:46:49 Instalado EpsonNet Print ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:34 - 2015-08-07 22:40 - 00000862 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 validation.sls.microsoft.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation) Task: {01CBD336-9EF7-4437-9B8D-1116FB3D379B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {04F4EF09-30E1-4867-ABEE-AC17CB434CDD} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {05BB8660-4DFD-4306-827E-DC84CCA4A88C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {05E20CEC-023D-4207-A938-C005CDCF0864} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {0C73EE0B-71C9-4898-82CC-7F8CE93D4818} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation) Task: {19169DDC-1E39-4D1D-83B0-3A07776F06ED} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => C:\Office Activation Technologies\Install.cmd [2016-08-14] () Task: {1955A997-AC3E-48F2-9081-81845AA371D0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {1C8C99EF-DED0-4C0E-9D87-51A5F1F44739} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {22BD947E-BB9E-4561-8E34-C76B59CE7A7D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.) Task: {2DC83366-563C-462E-9EF8-6690CAA80882} - System32\Tasks\SparkUpdater => C:\Program Files (x86)\baidu\Baidu Browser\SparkUpdate.exe [2015-08-06] (Baidu.com, Inc.) Task: {31064FEA-DDEE-44EF-BAA8-50796151DFB5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {3494DA09-AD03-4AF8-A2D6-D1B43D35D587} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION Task: {35130E52-14F9-4345-935A-96887779D6B0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {3D359BD8-76B2-479F-BE22-E20F0D418403} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {3DC927D6-97AC-4855-9AAF-0F266C6A5AA8} - System32\Tasks\EPSON XP-211 214 216 Series Update {CA04427A-362A-4A2D-9B56-581AE32582E5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2015-09-01] (SEIKO EPSON CORPORATION) Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation) Task: {4366B194-6D23-4562-97B0-0DDAFC18F11B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {474C2069-1915-4369-8446-302E622868DB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {47A6EB48-331A-4BB7-8C86-BAFE79C32B2B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {4DCB40CC-C692-4C46-85B6-C737EC54B804} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {50CDAEED-C4A6-4611-9502-03C39E4DA76E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {51FFE2D7-0712-469F-9C15-95D4AA58E9D5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {603B1884-843E-478C-A063-3FFAA97BAECD} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] () Task: {6391B750-BDFB-4690-A031-030859F332E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {65BBE5D2-D07E-484C-B054-8AED086EA27E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29] (Google Inc.) Task: {6C028914-F376-46CF-947C-FC4F1CA2E0BD} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] () Task: {6D043C75-6DBD-46BC-9966-772F97E5F435} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {6FD47FB5-632C-4CA3-8BD2-6CEF4D1BCD46} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {70755701-5784-416B-AF26-FBD5CFEE106C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask Task: {74BCF7C2-8C02-4CBC-94C0-00BA2DADF6D1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Herbert-PC-Herbert Herbert-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance Task: {79034418-103F-46F8-AEC8-4A4D2C2F6588} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {7BAB5BFF-1D53-4592-BD42-E808E3DDB7B5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {7C4B4D98-06B9-446E-8121-A6C296336C36} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {807703B4-098E-4A32-8210-8428044D62DA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {83A82211-3127-46A7-8426-0F69D8E0ED20} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-06] (Microsoft Corporation) Task: {910AE2DA-1524-4110-A853-8D4123A8C911} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {A21CEEB1-CC0A-4CCA-9ABD-9898F1D0D574} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {CA04427A-362A-4A2D-9B56-581AE32582E5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [2015-09-01] (SEIKO EPSON CORPORATION) Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager Task: {B00FD0F4-7636-4363-8DF5-4780003E4FCA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {B1127EF1-875F-44A9-8891-D678F1BADD3B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {B6723B95-3AA7-4223-8058-4FD99FBBF42A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {C0AEE22F-5809-4770-857E-AA8710C1A7AF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {C20A2D21-8C57-4F70-9DF1-15DD49F411AD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {C7669EB6-9CC9-430B-BA5A-39BBE19B7858} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation) Task: {D1AD8535-7C05-4923-A520-660EB6B27B44} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {E0E7D4A1-BF0A-4C00-B624-8C2B2003220F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {F220444A-1520-4556-A5ED-1D78FF5B2286} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {F4BD3AF5-45F9-4BB8-92A7-EA773AC369AA} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] () Task: {F50D219A-839A-424D-A073-BDD3D6DCCF7D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F61A1E82-CF33-42EB-8DC6-867A4E742E3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-29] (Adobe Systems Incorporated) Task: {F9162381-EC3B-4EE8-BC6B-3A5EDCF9120D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {FBB1747B-1CF6-4F85-A442-BCE6BBE79B17} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Invitation {CA04427A-362A-4A2D-9B56-581AE32582E5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE Task: C:\WINDOWS\Tasks\EPSON XP-211 214 216 Series Update {CA04427A-362A-4A2D-9B56-581AE32582E5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{CA04427A-362A-4A2D-9B56-581AE32582E5} /F:UpdateWORKGROUP\HERBERT-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-07-10 08:00 - 2015-07-10 08:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-08-06 20:38 - 2015-08-06 20:38 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-08-18 19:56 - 2015-08-11 06:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-06-13 10:28 - 2013-12-11 15:59 - 01051416 _____ () C:\Program Files\KMSpico\AutoPico.exe 2015-08-07 11:59 - 2015-08-07 11:59 - 00016896 _____ () C:\Program Files\KMSpico\WinDivert.dll 2015-08-28 14:24 - 2015-08-18 04:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-08-28 14:24 - 2015-08-18 04:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-07-10 07:59 - 2015-07-10 07:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-08-12 09:04 - 2015-08-02 22:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 08:00 - 2015-07-10 13:49 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-18 19:56 - 2015-08-11 05:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-12 09:04 - 2015-08-02 22:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-08-28 09:36 - 2015-08-28 09:42 - 08241152 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2015-08-28 09:36 - 2015-08-28 09:42 - 02238976 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2015-08-26 10:30 - 2015-08-26 10:30 - 03637248 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1508.14010.0_x64__8wekyb3d8bbwe\Calculator.exe 2015-09-05 13:58 - 2015-08-06 08:36 - 00982840 _____ () C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe 2015-08-26 23:01 - 2015-07-30 00:40 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll 2015-08-26 23:01 - 2015-07-30 00:40 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll 2014-04-07 11:31 - 2014-04-07 11:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2015-04-29 19:40 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-09-07 11:24 - 2015-09-07 11:24 - 00098816 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32api.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00110080 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\pywintypes27.dll 2015-09-07 11:24 - 2015-09-07 11:24 - 00364544 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\pythoncom27.dll 2015-09-07 11:24 - 2015-09-07 11:24 - 00045568 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\_socket.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 01161216 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\_ssl.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00320512 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32com.shell.shell.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00713216 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\_hashlib.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 01176576 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\wx._core_.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00806400 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\wx._gdi_.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00816128 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\wx._windows_.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 01067008 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\wx._controls_.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00733184 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\wx._misc_.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00682496 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\pysqlite2._sqlite.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00087552 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\_ctypes.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00119808 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32file.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00108544 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32security.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00007168 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\hashobjs_ext.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00068096 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\usb_ext.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00167936 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32gui.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00018432 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32event.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00128512 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\_elementtree.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00127488 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\pyexpat.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00013824 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\common.time34.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00036864 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\_psutil_windows.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00038912 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32inet.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00011264 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32crypt.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00077312 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\wx._html2.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00027136 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\_multiprocessing.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00020480 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\_yappi.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00035840 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32process.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00686080 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\unicodedata.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00123392 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\wx._wizard.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00024064 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32pipe.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00010240 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\select.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00025600 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32pdh.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00525640 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\windows._lib_cacheinvalidation.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00017408 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32profile.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00022528 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\win32ts.pyd 2015-09-07 11:24 - 2015-09-07 11:24 - 00078848 _____ () C:\Users\Herbert Gross\AppData\Local\Temp\_MEI21922\wx._animate.pyd 2015-09-05 13:58 - 2015-08-06 08:36 - 00430904 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdminiopenssl.dll 2015-09-05 13:58 - 2015-08-06 08:36 - 01018168 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdxui.dll 2015-09-05 13:58 - 2015-08-06 08:36 - 00219448 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdbrowsertray.dll 2015-09-05 13:58 - 2015-08-06 08:36 - 00410936 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdxctrl.dll 2015-09-05 13:58 - 2015-08-06 08:37 - 00521016 _____ () C:\Program Files (x86)\baidu\Baidu Browser\xnet.dll 2015-09-05 13:58 - 2015-08-06 08:37 - 00276792 _____ () C:\Program Files (x86)\baidu\Baidu Browser\p2squery.dll 2015-09-05 13:58 - 2015-08-06 08:36 - 00321848 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdaccount.dll 2015-09-05 13:58 - 2015-08-06 08:37 - 00116024 _____ () C:\Program Files (x86)\baidu\Baidu Browser\SparkSafe.dll 2015-09-05 13:58 - 2015-08-06 08:36 - 00581432 _____ () C:\Program Files (x86)\baidu\Baidu Browser\bdstatreport.dll 2015-09-05 13:58 - 2015-09-05 13:58 - 00083088 _____ () C:\Users\Herbert Gross\AppData\Roaming\baidu\Spark\sysdata\ExtApp\SnapImg\SnapImg.dll 2015-09-05 13:58 - 2015-08-06 08:37 - 01281848 _____ () C:\Program Files (x86)\baidu\Baidu Browser\libglesv2.dll 2015-09-05 13:58 - 2015-08-06 08:37 - 00080696 _____ () C:\Program Files (x86)\baidu\Baidu Browser\libegl.dll 2015-09-05 13:58 - 2015-08-05 23:00 - 14965064 _____ () C:\Program Files (x86)\baidu\Baidu Browser\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt AlternateDataStreams: C:\Users\Herbert Gross\Cookies:u24kLBCNQTXciuWgR97s1p0rJLC ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\bancoreal.com.br -> hxxp://www.bancoreal.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\bancosantander.com.br -> hxxp://www.bancosantander.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\bancosantander.com.br -> hxxps://www.bancosantander.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\bb.com.br -> www.bb.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\caixa.gov.br -> imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\realsecureweb.com.br -> hxxps://www.realsecureweb.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\santander.com.br -> hxxp://www.santander.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\santander.com.br -> www.santander.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\santanderempresarial.com.br -> hxxp://www.santanderempresarial.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\santanderempresarial.com.br -> www.santanderempresarial.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\santandernet.com.br -> hxxps://www.santandernet.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\santandernet.com.br -> www.santandernet.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\santandernetibe.com.br -> hxxps://www.santandernetibe.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\santandernetibe.com.br -> www.santandernetibe.com.br IE trusted site: HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\secureweb.com.br -> hxxps://www.secureweb.com.br ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Herbert Gross\AppData\Local\Microsoft\Windows\Themes\Hot Air B\DesktopBackground\hotairballoons7.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "ADSKAppManager" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray" HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\StartupApproved\StartupFolder: => "Enviar para o OneNote.lnk" HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\StartupApproved\Run: => "DIMBaixando a sua atualização...1417080299401" HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-1482101936-1889106726-2977933517-1000\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{86ABB6C0-23A0-438C-B636-8CFE5A4E4A8F}] => (Allow) C:\Jogos\Age of Empires III\age3x.exe FirewallRules: [{39DB2AE8-3BBA-439A-8D3E-DA2722FCF670}] => (Allow) C:\Jogos\Age of Empires III\age3x.exe FirewallRules: [{2204F37A-C420-4150-8FEE-87BC63E5104A}] => (Allow) C:\Jogos\Age of Empires III\age3y.exe FirewallRules: [{EC6D301E-8E61-4F4D-A227-DE4D2FF7B63B}] => (Allow) C:\Jogos\Age of Empires III\age3y.exe FirewallRules: [{83EC9634-34D4-4F2D-B0C4-AFB2582CC5D2}] => (Allow) D:\Jogos\Simcity\SimCity\SimCity\SimCity.exe FirewallRules: [{5248DD30-596B-4E8E-9DDC-51E4C49F1B9E}] => (Allow) D:\Jogos\Simcity\SimCity\SimCity\SimCity.exe FirewallRules: [{D01834AC-C453-4D7A-B8F8-766C9BAA0912}] => (Allow) C:\Users\Herbert Gross\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{447DE336-5964-43A9-BD71-8D14DF79412D}] => (Allow) C:\Users\Herbert Gross\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{D0B8398A-D441-4124-B79D-1C60C1E4321F}] => (Allow) C:\Users\Herbert Gross\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{EE8B291E-2F02-42F9-A622-372643322E17}] => (Allow) C:\Users\Herbert Gross\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{47CB2E89-209F-4F3D-8E82-CC43D44CC071}] => (Allow) C:\Users\Herbert Gross\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{7AACB26A-5D7C-4A19-BE9A-3117346BA9A7}] => (Allow) C:\Users\Herbert Gross\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{B7764F20-914F-43B5-A5AC-B89901D93D57}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{827774CB-DC4F-4870-B556-E323349F889D}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{37653460-AB8D-41AD-ADCB-57C0154418D9}] => (Allow) LPort=7935 FirewallRules: [{A654EB35-E868-4B54-8328-869A3E4ADE1E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{9CBC3F1F-FACF-49DF-A462-E0D66C7EE3EE}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{5D1733F5-D280-4A53-8165-49820AB37D4D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{33640BB3-E9BA-4384-9B9D-D6755595840D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{3CDFB41B-6C5B-4544-A7D4-7094DD3F5ED1}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{4809522F-8800-4182-90A9-11436576A96E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{C3F5D45C-1079-43BE-B754-EDF7B2A47178}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{45C1F070-6E51-45AA-99A4-8C523CE89B08}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe FirewallRules: [{9219ADE8-D5A7-4D9F-AA8E-8A7AB41596F7}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{22E204B8-2453-4A3F-8E6C-527C54670E75}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{A31A985E-A1D1-48AD-9DB1-D0A9D5524DB5}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{D89ACE46-F3E1-436E-B1D9-A00EAC1DC533}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{50AF32E8-0768-40E8-8627-9539F2A2C89E}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe FirewallRules: [{A3D4678F-F3CB-45F9-AAB2-C23FA59D1C9B}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe FirewallRules: [{966A7019-7B7C-4EBE-93C7-3421C315B88A}] => (Allow) LPort=7935 FirewallRules: [{1153AE9E-B99A-48CF-BE08-1AFFD9A31F72}] => (Allow) C:\Users\Herbert Gross\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0B9274B8-59C4-4DE7-9BA1-5602877AD6FC}] => (Allow) C:\Users\Herbert Gross\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{AA418F5C-8FDB-4539-A8AE-41E7DD10E069}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{425FCE0B-6A17-485E-81C5-6C6BEFE6103D}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe FirewallRules: [{8CC05BD9-C0C3-46BB-A7A9-DCD03820E3ED}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe FirewallRules: [{B343E400-D72B-4FE0-9D7C-05DC0DE7F589}] => (Allow) LPort=50248 FirewallRules: [UDP Query User{13526D51-7AE0-4F26-89C2-A65E0EF56EEE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{8697B32D-B26B-4881-9847-7C0EA6F8ECB3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{44677C04-59A4-459D-BDE4-7CE8BB770C04}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{12E4DC0C-3745-48E7-A811-4246133D26D5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{777EDD0E-06CF-4DE7-A832-88F912BB02D5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{F63A8607-3B01-4F6B-836E-7B79E35B34CB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [UDP Query User{9691F4AB-9B24-470F-83A4-E5E0364C235D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{27165D1F-B189-4E37-A0A1-8137925D6FF5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{7343D19F-508D-491F-828B-3432D23688BD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{C57BC44C-748A-455A-85A7-58E39712DDE3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{7311094D-09AE-41FD-A87C-DB18055CCE8D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{028C9B8C-55EF-4D22-9D9D-0C1BE138AFC6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{EBB37B82-52C6-4204-A7D2-A54C11E869AB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{75028FC6-8D24-45ED-9E2B-49CB9447327F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{AC7E3612-978D-4DA3-99B4-04444C1FD524}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{6BDFA9EA-17DA-4ECE-820C-697B7D4C5820}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{55A23AB3-BAF6-4D4F-BEB5-EF2A2FCF9D21}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D38278A5-2543-4DA6-A879-DBBFF1AB6D03}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{73B06141-77B2-464F-A9CF-7B389B87B846}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A2377EE9-A65A-4052-BD1A-44329B65E565}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3F4C3638-543E-47BD-A393-6301CC8FAD5C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{719C4A79-86B4-4B9C-8D3F-6046527CEFFD}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{093807BF-0E54-4864-8B9A-176CFCFBC6BF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{D91EE473-D5F8-4E08-9B3B-2925C07334B2}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{570311E8-CAC4-43CA-A004-7BD5CA03C158}] => (Allow) LPort=1688 FirewallRules: [{8ED8C772-18BE-4AFE-9F43-08717A6230B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/07/2015 07:20:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/07/2015 07:08:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/07/2015 06:50:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/07/2015 06:37:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/07/2015 06:32:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/07/2015 05:50:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/07/2015 05:38:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/07/2015 04:35:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/07/2015 04:24:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/07/2015 04:05:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. System errors: ============= Error: (09/07/2015 11:23:39 AM) (Source: Tcpip) (EventID: 4199) (User: ) Description: O sistema detectou um conflito de endereço entre o endereço IP 192.168.1.100 e o sistema que possui o endereço de hardware de rede 90-68-C3-0A-59-2E. Como resultado desse conflito, as operações de rede nesse sistema podem ser interrompidas. Error: (09/06/2015 11:05:21 PM) (Source: DCOM) (EventID: 10010) (User: Herbert-PC) Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca Error: (09/06/2015 11:05:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Acesso a Dados de Usuário_Session9 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/06/2015 11:05:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Armazenamento de Dados de Usuário_Session9 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/06/2015 11:05:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Dados de Contato_Session9 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/06/2015 11:05:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_Session9 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/06/2015 06:44:40 PM) (Source: DCOM) (EventID: 10010) (User: Herbert-PC) Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca Error: (09/06/2015 06:44:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Acesso a Dados de Usuário_Session8 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/06/2015 06:44:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Armazenamento de Dados de Usuário_Session8 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/06/2015 06:44:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Dados de Contato_Session8 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Microsoft Office: ========================= Error: (09/07/2015 07:20:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142 Error: (09/07/2015 07:08:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142 Error: (09/07/2015 06:50:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142 Error: (09/07/2015 06:37:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142 Error: (09/07/2015 06:32:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142 Error: (09/07/2015 05:50:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142 Error: (09/07/2015 05:38:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142 Error: (09/07/2015 04:35:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142 Error: (09/07/2015 04:24:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142 Error: (09/07/2015 04:05:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Herbert-PC) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2144927142 CodeIntegrity: =================================== Date: 2015-08-21 17:52:59.760 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 17:52:59.682 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 17:52:59.309 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 17:52:58.263 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 17:52:57.410 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 17:52:57.072 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 17:52:51.597 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 17:52:48.910 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-20 18:28:08.087 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-20 18:28:08.053 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz Percentage of memory in use: 70% Total physical RAM: 4060.11 MB Available physical RAM: 1180.61 MB Total Virtual: 8156.11 MB Available Virtual: 4226.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.19 GB) (Free:597.48 GB) NTFS Drive d: () (Fixed) (Total:465.66 GB) (Free:370.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0005E652) Partition 1: (Not Active) - (Size=698.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2CD0A5BA) Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================