Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016 Ran by Victor (2016-04-22 16:56:50) Running from C:\Users\Victor\Downloads Windows 10 Pro Version 1511 (X64) (2015-12-28 18:33:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1133586882-3522735201-1309958927-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1133586882-3522735201-1309958927-503 - Limited - Disabled) Guest (S-1-5-21-1133586882-3522735201-1309958927-501 - Limited - Disabled) Victor (S-1-5-21-1133586882-3522735201-1309958927-1002 - Administrator - Enabled) => C:\Users\Victor ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{529C5283-F484-94CA-8D10-3A69FD0776D3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks) Atlas Reactor Live (HKLM-x32\...\Glyph Atlas Reactor Live) (Version: - Trion Worlds, Inc.) Banished 1.0 (HKLM-x32\...\Banished 1.0) (Version: 1.0 - Cat-A-Cat) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse Client (HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Devilian Live-US (HKLM-x32\...\Glyph Devilian Live-US) (Version: - Trion Worlds, Inc.) DriverEasy 4.9.6 (HKLM\...\DriverEasy_is1) (Version: 4.9.6.0 - Easeware) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Dungeon Siege 2 (HKLM-x32\...\DungeonSiege2) (Version: - Microsoft) Dungeon Siege 2 Broken World (HKLM-x32\...\{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}) (Version: 1.00.0000 - Gas Powered Games) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Drive (HKLM-x32\...\{B0F1B758-60D6-41F7-93D9-212A448813FE}) (Version: 1.29.1862.0513 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.2 - Receita Federal do Brasil) Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation) K-Lite Mega Codec Pack 11.4.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden LEGO MARVEL's Avengers (HKLM\...\bGVnb21hcnZlbHNhdmVuZ2Vycw_is1) (Version: 1 - ) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - ) Mozilla Firefox 43.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 pt-BR)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation) One Piece Pirate Warriors 3: GOLD Edition (HKLM-x32\...\One Piece Pirate Warriors 3: GOLD Edition_is1) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.) Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com) Pokémon Trading Card Game Online (HKLM-x32\...\{EA1E1483-E282-43E2-9083-F426DA1B91E6}) (Version: 2.33.0 - The Pokémon Company International) Razer Comms (HKLM-x32\...\Razer Comms) (Version: 5.12 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.) Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) Revo Uninstaller Pro 3.1.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.0 - VS Revo Group, Ltd.) Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - ) skyforge_mycom (HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\skyforge_mycom) (Version: 1.47 - My.com B.V.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tree of Savior (English Ver.) (HKLM\...\Steam App 372000) (Version: - IMCGAMES Co.,Ltd.) WinDS PRO 2016.01.28 (HKLM\...\{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1) (Version: 2016.01.28 - WinDS PRO Central) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1133586882-3522735201-1309958927-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Victor\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02994684-426A-4CB8-8A62-256E4CA9F57C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-17] (Dropbox, Inc.) Task: {07FE16EB-9AB4-42D9-A188-D59E1FB9F9B0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {08750F96-2ABB-43BB-9079-65657DA40140} - System32\Tasks\Dravsynlether Core => C:\Program Files (x86)\Dravsynlether\Drvcoretsk.exe Task: {0DC6DFD0-914B-4DA3-89C7-7D20B08BF461} - System32\Tasks\Redywo => C:\PROGRA~1\Ekeh\Uosietta.bat <==== ATTENTION Task: {2373C023-C367-4131-9A1E-8147A3A7DD6B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {23812F10-DCB2-448F-BC55-907E5A0B5034} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10] (Adobe Systems Incorporated) Task: {3010AA98-B642-4CAC-AFCE-7AA44B8F1F98} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {3D78855B-B43F-48FB-AC27-E165CC37E299} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {5F520187-96FB-4928-B5F4-F698EEAAFB0F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {65BFF60B-D492-4EEF-9EA6-AE1C3BB6AB08} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {764CB899-DFDD-4D8D-87F3-7859795DEE1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-17] (Google Inc.) Task: {79ED8701-44C4-4C1A-A914-24D9E7885EBD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {7C3F8563-5608-4CF8-B829-CE7A793740D8} - System32\Tasks\ttwifi => C:\Program Files (x86)\ttwifi\tiantianwifi.exe Task: {871DCC27-281F-41CE-ACF3-18A599561431} - \Optimize Start Menu Cache Files-S-1-5-21-1133586882-3522735201-1309958927-1001 -> No File <==== ATTENTION Task: {880E02DE-3766-4428-9513-226D832D13ED} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation) Task: {8C059984-B6A8-4B6E-834A-82DF3B9530E1} - \AutoPico Daily Restart -> No File <==== ATTENTION Task: {8F463D40-E556-4D49-9A41-C20D8936C404} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2015-10-27] (Easeware) Task: {A482240E-5EEA-46AF-BCB6-CC5DD425F74E} - System32\Tasks\Ezurgyua => C:\PROGRA~1\JUKMIS~1\Ogaocfu.bat <==== ATTENTION Task: {AD45EBEF-3D37-48CB-B622-CE7AD857A320} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-17] (Dropbox, Inc.) Task: {B1CEF135-8463-498C-87ED-5764D9501493} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe Task: {B3E8058D-A4B1-405A-9E4A-AA281CE28EE7} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] () Task: {C471A76F-E988-4B93-A596-EFE16363DBF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-17] (Google Inc.) Task: {ECCD8A57-4B77-412C-A292-9483FC958707} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {FB41A7D5-30FB-45E2-B028-DD3680AE8A08} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Victor\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat () ShortcutWithArgument: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\AdBlock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.hohosearch.com/?ts=AHEqAHAoAnMtA0..&v=20160421&uid=CE7ED73E084FDDA4C816FF1DD32EEF90&ptid=epf1&mode=scrp ShortcutWithArgument: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1461343639&a=1003081&src=sh&uuid=d93c83ff-45fc-4314-984a-57c7dd11036a" ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-08-21 21:09 - 2015-08-21 21:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2016-04-12 21:37 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-12 21:37 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2014-05-01 11:13 - 2014-05-01 11:13 - 00470016 _____ () C:\Users\Victor\AppData\Local\MEGAsync\ShellExtX64.dll 2015-12-28 21:03 - 2015-12-28 21:03 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-04-12 21:28 - 2016-04-02 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-04-12 21:32 - 2016-04-02 00:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-04-12 21:31 - 2016-04-01 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-04-12 21:33 - 2016-04-01 23:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-04-12 21:34 - 2016-04-02 00:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-04-19 08:17 - 2016-04-19 08:17 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-04-17 06:24 - 2016-04-17 06:24 - 00125784 _____ () C:\Users\Victor\AppData\Roaming\YbunhhRowpa\Piotkelj.exe 2016-04-22 14:33 - 2016-04-22 14:33 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\zlib.dll 2016-04-22 14:33 - 2016-04-22 14:33 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\sqlite.dll 2016-04-22 14:33 - 2016-04-22 14:33 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\tinyxml.dll 2016-04-22 14:33 - 2016-04-22 14:33 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll 2016-04-22 14:38 - 2016-03-28 16:11 - 00070848 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll 2016-04-22 14:33 - 2016-04-22 14:33 - 00018784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\oDayProtect.dll 2016-04-22 14:33 - 2016-04-22 14:33 - 00125280 _____ () c:\program files (x86)\tencent\qqpcmgr\10.11.16588.235\qmrtpcontroller.dll 2016-04-22 16:38 - 2016-04-07 11:30 - 02027520 _____ () C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll 2016-04-19 08:17 - 2016-04-19 08:17 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 08:17 - 2016-04-19 08:17 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-04-11 18:21 - 2016-04-06 07:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll 2016-04-11 18:21 - 2016-04-06 07:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll 2016-04-17 06:24 - 2016-04-22 13:49 - 00183128 _____ () C:\Users\Victor\AppData\Roaming\YbunhhRowpa\Mecremr.din ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 10:25 - 2016-04-22 13:49 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Victor\Pictures\Besteiras\jinx.jpg DNS Servers: 104.197.191.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "IDSCCOMRIB" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "CCleanerCloudTray" HKLM\...\StartupApproved\Run32: => "conhost.exe -start" HKLM\...\StartupApproved\Run32: => "apphide" HKLM\...\StartupApproved\Run32: => " QQPCTray" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "AppEx Accelerator UI" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9B15C235115DAC872AB2008568FA0497" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "GoogleDriveSync" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "Razer Comms" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "msiql" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "osmsg" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "svchost0" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "Yeaplayer" HKU\S-1-5-21-1133586882-3522735201-1309958927-1002\...\StartupApproved\Run: => "apphide" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{3884514C-CE18-4D10-99BA-799FFEE3A0E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe FirewallRules: [{21E0B56C-DD1A-409F-9809-B5E7EBF70ECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe FirewallRules: [UDP Query User{0F696202-CF88-4532-8F9A-E41CC80C1778}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{57921AEF-F26B-4433-8D3D-3E8BEFF30BB3}C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39153\heroesofthestorm_x64.exe FirewallRules: [{1980FB1F-9C49-4A5E-98B8-CBC22C4C3442}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6A9929B7-1F3A-48B0-8AE1-9460688E4F14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{1287C8B8-ECC5-44F7-95D2-F4C1FEAB1699}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{514B8333-0D36-43F0-8AE4-8541EC702E69}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{6F4D6549-FADB-4D3F-9291-B0D823B7B418}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{87E6E888-15C0-4BC9-B942-D845E65CBF02}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{D257A3F0-1BB9-442D-BBB4-0A17EEC60A31}C:\users\victor\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\victor\appdata\local\mycomgames\mycomgames.exe FirewallRules: [TCP Query User{6807EE37-448B-4EE3-9122-574258964B26}C:\users\victor\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\victor\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{A3326FB2-2DB2-4BAE-B19C-7CFC0B6765CC}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{925157CA-CED6-4C5F-918D-EB787E0BAB6C}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{A184FCCD-4DE6-46B3-880F-2C416B759BE9}C:\users\victor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\victor\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{7F3FEB21-D90C-45C9-8C68-6FB7001AC3D2}C:\users\victor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\victor\appdata\roaming\spotify\spotify.exe FirewallRules: [{6EEDB879-12C4-4154-B250-A480A79A7AA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0E913D3B-F8FF-4A06-8851-49CA9D273CA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{7E618939-E781-4155-B833-71113CBF1EC9}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe FirewallRules: [TCP Query User{B087B6EF-A0D8-4D88-846F-5549904037A7}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe FirewallRules: [{6A5ECAA8-2C76-4D9C-A7C4-B5058A4DB7FA}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{A0B7693A-8BA1-41D8-BAD1-5CEE75785740}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [UDP Query User{882C2030-2A61-48B1-9C62-93061B74254E}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{88B6F3DE-2DB4-4CC4-91C4-123BCAD855DB}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe FirewallRules: [{7D4C3F9D-E47E-44FF-9D57-414B497CA0B3}] => (Allow) C:\Program Files (x86)\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe FirewallRules: [{3B75FD94-99BB-4D82-BD28-C2ED5CE1A7F2}] => (Allow) C:\Program Files (x86)\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe FirewallRules: [UDP Query User{7417B6E2-70C8-458E-A5A0-D4330C97BC3B}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{30F2ADFA-BC92-416D-8B7A-896D6D46CF55}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe FirewallRules: [{66277ED2-9EDB-41C0-AB26-514736939EA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{A4F9ABE2-2A8A-46E5-A20D-E0BA71C74776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [UDP Query User{2D8F691F-E9CF-4E1A-8849-44E76A350FDD}C:\games\dishonored.goty.edition-kaos\binaries\win32\dishonored.exe] => (Allow) C:\games\dishonored.goty.edition-kaos\binaries\win32\dishonored.exe FirewallRules: [TCP Query User{34BF1D93-21C5-489B-943C-1075E88C251D}C:\games\dishonored.goty.edition-kaos\binaries\win32\dishonored.exe] => (Allow) C:\games\dishonored.goty.edition-kaos\binaries\win32\dishonored.exe FirewallRules: [UDP Query User{4F227EAF-B267-46E1-ABF9-E0444E211E7F}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{6C442436-3448-448B-9185-74E42FCF5587}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe FirewallRules: [{F82F6908-A204-4FAF-9A43-A30FD44A4D95}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{3A5170FD-2702-4CC8-A3D2-0A2D33FD2F53}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{A81BED11-4E91-4FC1-B8BC-1EA958AADD57}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{2A3C3DAA-0EA9-410B-A65B-2643F6FF8513}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [UDP Query User{B7F3E554-74A0-486A-9844-DC9CB043B96C}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{AAA7CF2F-419E-485B-B4F0-F3AE4D426614}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{1F4F672C-0076-46DE-9CBC-064CFFFE3259}C:\users\victor\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\victor\appdata\local\mycomgames\mycomgames.exe FirewallRules: [TCP Query User{2A025BD5-44BC-4C3E-96B9-DD1F487E680F}C:\users\victor\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\victor\appdata\local\mycomgames\mycomgames.exe FirewallRules: [UDP Query User{EA75A9CF-D7B3-4E67-893D-15C9F9B80E2A}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{3F228CEC-1DA4-439C-B0D3-061F644CC105}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [{C5EA09AA-B921-45E6-AFD8-AFC2A39C0762}] => (Allow) C:\Program Files (x86)\WEBZEN\C9\C9.exe FirewallRules: [{6FA2EDF9-14ED-43A5-A632-AA22BA9589D7}] => (Allow) C:\Program Files (x86)\WEBZEN\C9\C9.exe FirewallRules: [{247CF724-561A-4CAD-BE83-11FCD35B5C04}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E48D8504-DAFD-41FC-9967-827941C74904}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4C2BF0C9-5D20-4683-8EBA-2C6CBCA9F9FB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D0A605D7-AF36-4E12-B67B-E3BABD5FA177}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{DBDCEEB4-12AE-4F39-8CF7-32D56EA84543}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{D2C379A0-11E1-453B-AC18-A4DD2D29D6E5}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{72061A2D-9202-4E5A-AD5B-5EC72B1FCBF2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{D298830E-93EA-4CAC-B856-DFF2E7D03A01}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [UDP Query User{3E1C37EC-88F1-4812-A6FA-25DBA6F575EB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{6C798EC7-26D9-49A8-9CC2-00C3DF324875}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{C5845E20-44F7-4BFC-926D-EDBE4A9630A0}C:\users\victor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\victor\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{2E5148EC-B3CA-4E6A-8F21-24FCA09221D2}C:\users\victor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\victor\appdata\roaming\spotify\spotify.exe FirewallRules: [{98B08904-5A59-49F3-80BB-79ADC05E46C8}] => (Allow) C:\Users\Victor\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A0CCDE5E-358D-409B-94CD-B1D82A103E89}] => (Allow) C:\Users\Victor\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A051E261-DE7E-48FC-B42E-BACA92194E9D}] => (Allow) C:\Users\Victor\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3ED94AD6-EFFD-4576-8080-F2E221A47417}] => (Allow) C:\Users\Victor\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D9169921-E0DB-4ED6-8A79-7D87005D48CD}] => (Allow) C:\Users\Victor\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2C8722D5-B0F3-41F8-87B3-0C36F39478DC}] => (Allow) C:\Users\Victor\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BB5610A7-4088-4009-A7C8-9474F3EF7C34}] => (Allow) C:\Program Files\Microvirt\MEmu\MEmu.exe FirewallRules: [{7079214B-FC73-4DCE-B540-9DE35693726E}] => (Allow) C:\Program Files\Microvirt\MEmu\MEmu.exe FirewallRules: [TCP Query User{5A0B3EF1-D47F-41A3-AFA1-2ECE9EB880E9}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe FirewallRules: [UDP Query User{86FEE0D3-0D69-4CE6-89EA-AE80B921EDF7}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe FirewallRules: [TCP Query User{34C386AD-A60B-4D6C-8534-9BDB2B1EBAC3}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe FirewallRules: [UDP Query User{ACE2C98F-0DD9-476A-9F21-31D82C091DE9}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe FirewallRules: [{12F5B0B4-D5EC-460F-9A8F-7FFFFA85056C}] => (Block) %ProgramFiles% (x86)\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{11FB7EFD-4FB8-4B04-A0FD-C3476D6255AF}] => (Block) %ProgramFiles% (x86)\The Sims 4\Game\Bin\TS4_x64.exe FirewallRules: [{9D4C8197-CB59-49E1-BC60-C6BDFECE8873}] => (Block) %ProgramFiles% (x86)\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{A530F554-61A6-483E-A578-61545EB20901}] => (Block) %ProgramFiles% (x86)\The Sims 4\Game\Bin\TS4_x64.exe FirewallRules: [{EA4A1256-DC47-4F8F-9941-9A56CA8850F3}] => (Allow) C:\Games\SimCity 2013 Offline\SimCity\SimCity.exe FirewallRules: [{860E8613-6D21-40CA-A357-3F9736984B58}] => (Allow) C:\Games\SimCity 2013 Offline\SimCity\SimCity.exe FirewallRules: [TCP Query User{299F47B6-0AF7-42D7-941D-27CAA419ADC6}C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe] => (Allow) C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe FirewallRules: [UDP Query User{3505088A-9651-4BB4-9BC2-259997F2B3FD}C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe] => (Allow) C:\program files (x86)\glyph\games\atlas reactor\live\win32\atlasreactor.exe FirewallRules: [TCP Query User{E4E903CF-A746-4587-827E-FFF09AD97653}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{FFD2E6B0-9022-47AD-895C-7BF74674FB6C}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe FirewallRules: [{7108A984-A0C1-430F-B540-0B5BE28CF524}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{55858DC0-3851-4BBB-854E-E46A4C2C8299}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{74B6D4DB-884D-4239-B8AC-8009C5C5D8B0}C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42178\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{430596D3-8210-45A8-B8EA-0AEACC176D93}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{289A417D-2411-4F1F-9C8D-B2DD56E00662}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{512C97EE-1AF6-48A7-9A15-32D88DA66FB9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [TCP Query User{BE3DD478-DEF5-4457-A0CF-ABD601B85A67}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{6DE24EA3-E826-49FC-A12B-D8AAD8033763}C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42406\heroesofthestorm_x64.exe FirewallRules: [{43185EA0-B7A1-4D9F-903F-4157D7F7FD8D}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{3E7AD010-6FAC-497F-B157-006E0FDD2D6E}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{48AF0023-292C-45F0-9A47-D6D03197EF40}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{2977F30D-837F-4BD3-8491-60B4AE7B41AB}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{87924AB1-09A9-4FD6-B17C-F70FABCADC63}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe FirewallRules: [{A0515AB7-4824-40EB-9970-7EA33BB19D84}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{F19AB22B-F69D-447B-84C4-8CA6FC4149A1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCmgrInstallGuide.exe FirewallRules: [{A2FDF826-D1D0-4028-B3C0-ADCC2F3245AB}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{BE59C3D1-BD0B-4336-9554-4A855ABF7C04}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCTray.exe FirewallRules: [{276A1340-775E-44A9-A150-B204E5B5D7E0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCMgr.exe FirewallRules: [{0819CB55-4072-489A-AA16-F956DA59CA66}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRTP.exe FirewallRules: [{804E551C-6F0A-4013-A3A9-8E1C682EBB09}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMDL.exe FirewallRules: [{A4F334E0-4EE9-41DE-99A6-1A940409924D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\bugreport.exe FirewallRules: [{44B8636B-ED6A-4334-B4EE-F5855B4C1B70}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCFileOpen.exe FirewallRules: [{2C9BE94A-0CA7-49D3-BC71-16336FC8892E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCLeakScan.exe FirewallRules: [{1E95F70E-4BAA-4953-ACA1-876552508920}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPConfig.exe FirewallRules: [{EE1CF742-89AB-428B-BF5A-E87CBA5FC156}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCSoftMgr.exe FirewallRules: [{ED986B5A-E43D-4AB4-96B5-6D6F2C49C268}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\QQPCNetFlow.exe FirewallRules: [{8CC0730C-631D-407D-99B8-6671A42F7676}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCBTU.exe FirewallRules: [{48ED8BC1-D699-4D2B-9DFC-37A9D53CED87}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCClinic.exe FirewallRules: [{5B5CB515-82C5-47DE-B2DB-52E83DCA4931}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCLaunch.exe FirewallRules: [{F60FD404-0D04-4657-9E82-97022269E9DB}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMUpdate\QQPCMgrUpdate.exe FirewallRules: [{1FD0C5CC-8B3D-48DE-B798-76D302CF2744}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCSoftGame.exe FirewallRules: [{F59A4B25-143E-4DDD-8E19-5D694FF8362D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCSysOptimize.exe FirewallRules: [{C4546E7C-38C5-46B1-954C-394633B9DB75}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCUpdateAVLib.exe FirewallRules: [{68353FBE-964A-40D1-B5FF-56381FDAD4D5}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQRepair.exe FirewallRules: [{50DAEC4E-77F4-411E-98DA-518748CD37D1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\Uninst.exe FirewallRules: [{BB47163A-BCF7-464B-9B1E-0E36C5124EA9}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCPatch.exe FirewallRules: [{4C741278-96EF-4071-A7BB-6FD3AA5454DD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TpkUpdate.exe FirewallRules: [{5D27E03C-7217-4A4C-BF19-0F7263CAAB39}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMRouterMgr.exe FirewallRules: [{4698F8DC-5B6B-467A-A832-FA0F69B6FEEA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMAccountProtection.exe FirewallRules: [{F896762F-DC61-4726-946D-752ED916E1CB}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMAdBlock.exe FirewallRules: [{ED65643B-8827-4E44-9581-C425BB1BB97E}] => (Allow) C:\Users\Victor\AppData\Local\Temp\31522\download\MiniThunderPlatform.exe FirewallRules: [{E6294FB3-A1A4-4E60-A84A-89EEC5EB707B}] => (Allow) C:\Users\Victor\AppData\Local\Temp\31522\download\MiniThunderPlatform.exe ==================== Restore Points ========================= 22-04-2016 16:17:57 Revo Uninstaller Pro's restore point - tenc ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/22/2016 04:34:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Dellacroix) Description: O pacote Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App foi terminado porque levou muito tempo para ser suspenso. Error: (04/22/2016 04:32:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: svchost.exe, versão: 10.0.10586.0, carimbo de data/hora: 0x5632d7ba Nome do módulo com falha: ESENT.dll, versão: 10.0.10586.212, carimbo de data/hora: 0x56fa1686 Código de exceção: 0xc0000602 Deslocamento da falha: 0x000000000022885f ID do processo com falha: 0x978 Hora de início do aplicativo com falha: 0xsvchost.exe0 Caminho do aplicativo com falha: svchost.exe1 Caminho do módulo com falha: svchost.exe2 ID do Relatório: svchost.exe3 Nome completo do pacote com falha: svchost.exe4 ID do aplicativo relativo ao pacote com falha: svchost.exe5 Error: (04/22/2016 04:32:25 PM) (Source: ESENT) (EventID: 908) (User: ) Description: svchost (2424) Terminando o processo devido à falha não recuperável: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS) Error: (04/22/2016 04:18:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (04/22/2016 04:17:56 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Access is denied. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {49a301b0-864c-4e22-8116-05e7f8414a03} Error: (04/22/2016 04:13:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dellacroix) Description: Falha na ativação do aplicativo Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App com o erro: -2147023170. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (04/22/2016 02:57:35 PM) (Source: YSearchUtilSvc) (EventID: 0) (User: ) Description: YSearchUtilSvc error: A operação foi concluída com êxito. (0x0)Could not open service (1060) Error: (04/22/2016 02:42:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dellacroix) Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (04/22/2016 02:34:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dellacroix) Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (04/22/2016 02:17:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dellacroix) Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2147024865. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. System errors: ============= Error: (04/22/2016 04:46:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Ugokcogq foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 600 milissegundos: Restart the service. Error: (04/22/2016 04:45:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Ugokcogq foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 600 milissegundos: Restart the service. Error: (04/22/2016 04:42:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Dravsynlether Core devido ao seguinte erro: %%2 Error: (04/22/2016 04:42:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço BugreportW devido ao seguinte erro: %%2 Error: (04/22/2016 04:40:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Razer Game Scanner Service devido ao seguinte erro: %%1053 Error: (04/22/2016 04:40:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Razer Game Scanner Service. Error: (04/22/2016 04:40:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço vipoducuzbt devido ao seguinte erro: %%2 Error: (04/22/2016 04:40:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Tiuauh devido ao seguinte erro: %%2 Error: (04/22/2016 04:40:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Syoho devido ao seguinte erro: %%2 Error: (04/22/2016 04:40:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Kufhuo devido ao seguinte erro: %%2 CodeIntegrity: =================================== Date: 2016-04-15 04:20:22.274 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-14 12:33:22.333 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-13 20:49:05.614 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-24 11:14:17.063 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-13 09:51:40.424 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-11 04:19:32.019 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-02 17:26:26.319 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-02 14:47:32.094 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-11 03:14:17.678 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-10 03:49:13.002 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A4-3300 APU with Radeon(tm) HD Graphics Percentage of memory in use: 59% Total physical RAM: 3563.5 MB Available physical RAM: 1435.81 MB Total Virtual: 5547.5 MB Available Virtual: 3075.13 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:293.31 GB) (Free:22.78 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 000D1180) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=293.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=4 GB) - (Type=05) ==================== End of Addition.txt ============================