Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017 Ran by WWW (07-09-2017 09:20:28) Running from D:\Documents and Settings\WWW\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) (2015-05-23 18:07:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-484763869-1957994488-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator Guest (S-1-5-21-484763869-1957994488-1177238915-501 - Limited - Disabled) HelpAssistant (S-1-5-21-484763869-1957994488-1177238915-1000 - Limited - Disabled) WWW (S-1-5-21-484763869-1957994488-1177238915-1001 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\WWW ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.34 alpha (HKLM\...\7-Zip) (Version: - ) Advanced IP Scanner v1.5 (HKLM\...\Advanced IP Scanner v1.5) (Version: - ) Advanced Port Scanner 2.4 (HKLM\...\{664C0995-0DBD-4783-B3F2-BE1A32E96387}) (Version: 2.4.2750 - Famatech) Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform) Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 3.34.0.50 - Conexant) Connection Keeper (HKLM\...\Connection Keeper) (Version: 16.0 - Gammadyne Corporation) EZMTOOL (HKLM\...\EZMTOOL1.0.7) (Version: 1.0.7 - NEWGLEE) FormatFactory 3.6.0.0 (HKLM\...\FormatFactory) (Version: 3.6.0.0 - Format Factory) Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.) GOM Player (HKLM\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HCWP Web Components (HKLM\...\{908EFECF-6E38-4193-A858-587FD21FD9EA}_is1) (Version: - ) HDD Regenerator (HKLM\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome) Hex Workshop v6.8 (HKLM\...\{A36AC685-4435-4C16-861F-221231DE165D}) (Version: 6.8.0.5419 - BreakPoint Software) IDA PRO Advanced Edition (HKLM\...\IDA PRO Advanced Editionv6.1.1) (Version: v6.1.1 - Tom_Da_Man) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intelbras Cloud FF Control v1.0.1.8 (HKLM\...\{89AAD60A-82CF-4b9d-9C56-C9AEDEA533E9}}_is1) (Version: 1.0.1.8 - Intelbras S.A.) Intelbras Cloud IE Control v1.0.2.9 (HKLM\...\{87AF0BBF-432B-47d5-A759-54B0155F225C}}_is1) (Version: 1.0.2.9 - Intelbras S.A.) LAN Internet Watcher (HKLM\...\{87123CFB-7446-4286-8B51-A8991BDCF9DC}) (Version: 4.1 - United Software) Malwarebytes Anti-Malware versão 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.5.2000 - Maxthon International Limited) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Mozilla Firefox 43.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 43.0.1 (x86 pt-BR)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) NetSurveillance (HKLM\...\NetSurveillance) (Version: - ) NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version: - ) PCPlayer (HKLM\...\{B54CE443-35EF-4776-A0CD-6D961B983097}_is1) (Version: 3.18.4.1 - HangZhou Hikvision Digital Technology Co., Ltd.) Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.12.0 - Ralink) SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden TFTP Client (HKLM\...\TFTP Client) (Version: - ) update_server (HKLM\...\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1) (Version: - ) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VIVO INTERNET (HKLM\...\VIVO INTERNET) (Version: 11.302.06.20.149 - Huawei Technologies Co.,Ltd) Warsaw 1.8.0.10356 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia) WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) Wireshark 1.10.0 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.0 - The Wireshark developer community, hxxp://www.wireshark.org) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2014-06-22] (Igor Pavlov) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => D:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2015-07-10] (Foxit Software Inc.) ContextMenuHandlers1: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => D:\Program Files\BreakPoint Software\Hex Workshop v6.8\HWExt32.dll [2014-09-01] (BreakPoint Software, Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2003-05-15] () ContextMenuHandlers2: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => D:\Program Files\BreakPoint Software\Hex Workshop v6.8\HWExt32.dll [2014-09-01] (BreakPoint Software, Inc.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2014-06-22] (Igor Pavlov) ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2003-05-15] () ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => D:\WINDOWS\system32\igfxpph.dll [2009-01-21] (Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2003-05-15] () ==================== Scheduled Tasks============================= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: D:\WINDOWS\Tasks\Avast Emergency Update.job => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe Task: D:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1473445032.job => D:\Program Files\AVAST Software\SZBrowser\launcher.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: D:\Documents and Settings\All Users\Start Menu\Programs\IDA PRO Advanced Edition\idle.lnk -> D:\Program Files\IDA PRO Advanced Edition\lib\idlelib\idle.bat () ==================== Loaded Modules (Whitelisted) ============== 2017-07-29 13:32 - 2017-07-29 13:32 - 000170224 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-07-29 13:32 - 2017-07-29 13:32 - 000192664 _____ () D:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-07-29 13:32 - 2017-07-29 13:32 - 000224256 _____ () D:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-09-06 14:34 - 2017-09-06 14:34 - 005897648 _____ () D:\Program Files\AVAST Software\Avast\defs\17090604\algo.dll 2017-07-29 13:32 - 2017-07-29 13:32 - 000689272 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll 2017-07-29 13:32 - 2017-07-29 13:32 - 000231664 _____ () D:\Program Files\AVAST Software\Avast\streamback.dll 2017-07-29 13:32 - 2017-07-29 13:32 - 001059160 _____ () D:\Program Files\AVAST Software\Avast\AvChrome.dll 2016-09-09 14:23 - 2016-09-09 14:23 - 048936448 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll 2017-07-29 13:29 - 2017-07-29 13:29 - 000134928 _____ () d:\Program Files\AVAST Software\Avast\vaarclient.dll 2016-09-07 10:52 - 2017-08-29 14:05 - 005197312 _____ () D:\Documents and Settings\WWW\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll 2016-09-07 10:52 - 2017-08-29 14:04 - 000147456 _____ () D:\Documents and Settings\WWW\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: D:\WINDOWS\system32:96593690_Bb.gbp [2] AlternateDataStreams: D:\WINDOWS\system32\drivers:GbpKmAp.lst [208] AlternateDataStreams: D:\Documents and Settings\All Users\Application Data\Temp:DBC416F8 [144] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-484763869-1957994488-1177238915-1001\...\bancobrasil.com.br -> hxxps://www14.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-484763869-1957994488-1177238915-1001\...\bb.com.br -> hxxps://seg.bb.com.br IE trusted site: HKU\S-1-5-21-484763869-1957994488-1177238915-1001\...\com.br -> aapj.bb.com.br ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2001-08-23 09:00 - 2015-07-27 12:22 - 000000734 ____N D:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-484763869-1957994488-1177238915-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 208.67.220.222 - 8.8.8.8 Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: D:^Documents and Settings^All Users^Start Menu^Programs^Startup^avast! SecureLine.lnk => D:\WINDOWS\pss\avast! SecureLine.lnkCommon Startup MSCONFIG\startupreg: ANIWZCS2Service => D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe MSCONFIG\startupreg: AVG_UI => "D:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY MSCONFIG\startupreg: BluetoothAuthenticationAgent => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent MSCONFIG\startupreg: CCleaner Monitoring => "D:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: ctfmon.exe => D:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: D-Link D-Link Wireless G DWA-110 => D:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe MSCONFIG\startupreg: Diebold - Warsaw => D:\Program Files\Diebold\Warsaw\core.exe MSCONFIG\startupreg: HotKeysCmds => D:\WINDOWS\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => D:\WINDOWS\system32\igfxtray.exe MSCONFIG\startupreg: MSConfig => D:\WINDOWS\system32\msconfig.exe /auto MSCONFIG\startupreg: Persistence => D:\WINDOWS\system32\igfxpers.exe MSCONFIG\startupreg: SPUpDateServerrun => D:\Program Files\hicloud\update_server\startUp.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [D:\Documents and Settings\WWW\My Documents\Downloads\BaiduPortable\App\Baidu Browser\Spark.exe] => Enabled:Baidu StandardProfile\AuthorizedApplications: [D:\Program Files\Maxthon\Bin\MxUp.exe] => Enabled:MxUp StandardProfile\AuthorizedApplications: [D:\Program Files\Maxthon\Bin\Maxthon.exe] => Enabled:Maxthon StandardProfile\AuthorizedApplications: [D:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:Instalador do AVG StandardProfile\AuthorizedApplications: [D:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\AuthorizedApplications: [D:\Program Files\Diebold\Warsaw\core.exe] => Enabled:Warsaw StandardProfile\AuthorizedApplications: [D:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (D:\Program Files\Mozilla Firefox) StandardProfile\AuthorizedApplications: [D:\Documents and Settings\WWW\My Documents\Downloads\BaiduPortable\App\Baidu Browser\Spark.exe] => Enabled:Baidu StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008 ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Modem Device on High Definition Audio Bus Description: Modem Device on High Definition Audio Bus Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Realtek RTL8139 Family PCI Fast Ethernet NIC Description: Realtek RTL8139 Family PCI Fast Ethernet NIC Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Realtek Service: rtl8139 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7028) (User: ) Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7028) (User: ) Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The IPSEC Services service terminated with the following error: The authentication service is unknown. Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Gbp Service service failed to start due to the following error: The system cannot find the path specified. Error: (09/07/2017 08:51:17 AM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: The DHCP allocator has disabled itself on IP address 192.168.1.15, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope. Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7028) (User: ) Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7028) (User: ) Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The IPSEC Services service terminated with the following error: The authentication service is unknown. Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Gbp Service service failed to start due to the following error: The system cannot find the path specified. Error: (09/06/2017 05:29:34 PM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: The DHCP allocator has disabled itself on IP address 192.168.1.15, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) M CPU 530 @ 1.73GHz Percentage of memory in use: 76% Total physical RAM: 1013.96 MB Available physical RAM: 235.17 MB Total Virtual: 2440.59 MB Available Virtual: 1564.11 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:24.02 GB) (Free:23.92 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: () (Fixed) (Total:42.76 GB) (Free:27.89 GB) NTFS Drive e: (PRESARIO_RP) (Fixed) (Total:7.75 GB) (Free:7.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9C77B172) Partition 1: (Active) - (Size=24 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=42.8 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=7.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================