Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015 Ran by GenesisQ (administrator) on GENESIS (19-08-2015 09:57:58) Running from C:\Users\GenesisQ\Desktop Loaded Profiles: GenesisQ (Available Profiles: GenesisQ) Platform: Windows 8 Single Language (X64) Language: Português (Brasil) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRTP.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Positivo Informática S.A) C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (PSafe) C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe (PSafe S/A) C:\Program Files (x86)\PSafe\PSafesvc.exe (PSafe) C:\Program Files (x86)\PSafe\PSafeWD.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Users\GenesisQ\AppData\Roaming\NetService\netservice.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe () C:\Users\GenesisQ\AppData\Local\gmsd_br_006010061\upgmsd_br_006010061.exe (Positivo Informática S.A) C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryPower.exe () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe (Vitzo) C:\Program Files\VDownloader\VDownloader4.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rstray.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\QQPCNetFlow.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRealTimeSpeedup.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMChExt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-09-14] (Realtek Semiconductor) HKLM\...\Run: [Deskmedia] => C:\Positivo\Deskmedia\GerenciadorLocal.exe [1348920 2014-11-13] (Positivo Informática) HKLM\...\Run: [Sidebar] => "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun HKLM\...\Run: [StartUpManagerPositivo] => C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe [265808 2012-10-24] (Positivo Informática SA) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-10] (Synaptics Incorporated) HKLM\...\Run: [gpuminer] => C:\Users\GenesisQ\AppData\Roaming\cpuminer\sgminer\sgminer.cmd [96 2015-05-02] () HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader4.exe [1575424 2015-08-07] (Vitzo) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [PSafeSysTray] => C:\Program Files (x86)\PSafe\PSafeSysTray.exe [4892424 2012-08-24] (PSafe) HKLM-x32\...\Run: [gmsd_br_006010061] => [X] HKLM-x32\...\Run: [gmsd_br_005010062] => [X] HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCTRAY.EXE [355296 2015-08-16] (Tencent) HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-24] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-14] (Beijing Rising Information Technology Co., Ltd.) HKLM-x32\...\RunOnce: [upgmsd_br_006010061.exe] => C:\Users\GenesisQ\AppData\Local\gmsd_br_006010061\upgmsd_br_006010061.exe [3311248 2015-08-14] () Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1506094221-713273713-2986573324-1001\...\Run: [SmartProtect] => C:\ProgramData\SmartProtect\SmartProtect.exe [56120 2014-11-13] (Positivo Informática) HKU\S-1-5-21-1506094221-713273713-2986573324-1001\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader4.exe [1575424 2015-08-07] (Vitzo) HKU\S-1-5-21-1506094221-713273713-2986573324-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe HKU\S-1-5-21-1506094221-713273713-2986573324-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMGCShellExt64.dll [2015-08-16] (Tencent) ShellIconOverlayIdentifiers: [1PSafeOverlaySync] -> {A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7} => C:\Program Files (x86)\PSafe\shell\v3.0.1208.24401\PSafeShellExtensionx64.dll [2012-08-24] (PSafe S/A) ShellIconOverlayIdentifiers: [2PSafeOverlayOk] -> {A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7} => C:\Program Files (x86)\PSafe\shell\v3.0.1208.24401\PSafeShellExtensionx64.dll [2012-08-24] (PSafe S/A) ShellIconOverlayIdentifiers: [3PSafeOverlayOut] -> {A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7} => C:\Program Files (x86)\PSafe\shell\v3.0.1208.24401\PSafeShellExtensionx64.dll [2012-08-24] (PSafe S/A) ShellIconOverlayIdentifiers-x32: [1PSafeOverlaySync] -> {A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7} => C:\Program Files (x86)\PSafe\shell\v3.0.1208.24401\PSafeShellExtensionx86.dll [2012-08-24] (PSafe S/A) ShellIconOverlayIdentifiers-x32: [2PSafeOverlayOk] -> {A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7} => C:\Program Files (x86)\PSafe\shell\v3.0.1208.24401\PSafeShellExtensionx86.dll [2012-08-24] (PSafe S/A) ShellIconOverlayIdentifiers-x32: [3PSafeOverlayOut] -> {A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7} => C:\Program Files (x86)\PSafe\shell\v3.0.1208.24401\PSafeShellExtensionx86.dll [2012-08-24] (PSafe S/A) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99963976_hao_pg HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326&q={searchTerms} HKU\S-1-5-21-1506094221-713273713-2986573324-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=99963976_hao_pg HKU\S-1-5-21-1506094221-713273713-2986573324-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mundopositivo.com.br/?utm_source=PC&utm_medium=browser&utm_campaign=urldefault; HKU\S-1-5-21-1506094221-713273713-2986573324-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://oem.msn.com HKU\S-1-5-21-1506094221-713273713-2986573324-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://oem.msn.com SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326&q={searchTerms} SearchScopes: HKLM -> {CABCECDC-0265-414A-A953-AD7775C5BB99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=POS2&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326&q={searchTerms} SearchScopes: HKLM-x32 -> {CABCECDC-0265-414A-A953-AD7775C5BB99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=POSTDF&pc=POS2&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1506094221-713273713-2986573324-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326&q={searchTerms} SearchScopes: HKU\S-1-5-21-1506094221-713273713-2986573324-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326&q={searchTerms} SearchScopes: HKU\S-1-5-21-1506094221-713273713-2986573324-1001 -> {CABCECDC-0265-414A-A953-AD7775C5BB99} URL = BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TSWebMon64.dat [2015-08-16] (Tencent) BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll No File BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.253.1 Tcpip\..\Interfaces\{3E0A75CA-F9CE-4756-A524-6D0E410C05EC}: [DhcpNameServer] 192.168.253.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1439682375&z=15b79835a52746ef93a508agdzdc2tbqfbbo3c8maw&from=2sq1&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326 FireFox: ======== FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\npQMExtensionsMozilla.dll [2015-08-16] (Tencent Technology (Shenzhen) Company Limited) FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-16] (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-16] (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) FF Plugin HKU\S-1-5-21-1506094221-713273713-2986573324-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File FF Plugin HKU\S-1-5-21-1506094221-713273713-2986573324-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.) Chrome: ======= CHR Profile: C:\Users\GenesisQ\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Hotword Shared Module) - C:\Users\GenesisQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\GenesisQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21] CHR Extension: (电脑管家上网防护) - C:\Users\GenesisQ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2015-08-18] StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1439772996&z=83e67c02ee001547df190b6g7z8catfm2m9oct5ecq&from=cmi&uid=ST250LM004XHN-M250MBB_S2T0J9BCA09326 ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BatteryManagerSrv; C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe [52304 2012-09-21] (Positivo Informática S.A) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-16] (globalUpdate) [File not signed] <==== ATTENTION S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-16] (globalUpdate) [File not signed] <==== ATTENTION R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 NetTcpHandler; C:\Users\GenesisQ\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () R2 PSafeLockBoxSvc; C:\Program Files (x86)\PSafe\PSafeCategoryFinder.exe [1074440 2012-08-24] (PSafe) R2 PSafeSVC; C:\Program Files (x86)\PSafe\PSafesvc.exe [1447176 2012-08-24] (PSafe S/A) R2 PSafeWD; C:\Program Files (x86)\PSafe\PSafeWD.exe [30472 2012-08-24] (PSafe) R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRtp.exe [301728 2015-08-16] (Tencent) R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [196288 2015-08-17] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-14] (Beijing Rising Information Technology Co., Ltd.) S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TAOFrame.exe [293856 2015-08-16] (Tencent) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation) S2 comyninu; no ImagePath S2 hoqejowu; C:\Program Files (x86)\88E5D4B4-1439683958-11E2-BA3A-860C1FA00800\knssC971.tmp [X] S2 hyverumu; C:\Program Files (x86)\88E5D4B4-1439683958-11E2-BA3A-860C1FA00800\jnse85C1.tmp [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 HyperVM; C:\WINDOWS\system32\drivers\hvm.sys [41784 2015-08-17] (Beijing Rising Information Technology Co., Ltd.) S3 NETJME; C:\Windows\system32\DRIVERS\NETJME.sys [137728 2012-07-05] (JMicron Technology Corp.) R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMUdisk64.sys [62264 2015-08-16] (Tencent) R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQSysMonX64.sys [138040 2015-08-16] (电脑管家) R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-08-17] (Beijing Rising Information Technology Co., Ltd.) S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation ) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation ) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-10] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-10] (Synaptics Incorporated) R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2010-08-19] () R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals) R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-08-17] (Beijing Rising Information Technology Co., Ltd.) R2 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [74040 2015-08-16] (Tencent) R2 TAOKernelDriver; C:\WINDOWS\system32\drivers\TAOKernel64.sys [274232 2015-08-16] (Tencent Technology(Shenzhen) Company Limited) R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-08-16] (电脑管家) R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TS888x64.sys [28984 2015-08-19] (Tencent) R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TsDefenseBT64.sys [28472 2015-08-16] (Tencent) R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TSSysKit64.sys [87352 2015-08-16] (电脑管家) S1 ppfd_vw_1_10_0_21; system32\drivers\ppfd_vw_1_10_0_21.sys [X] S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-19 09:57 - 2015-08-19 09:58 - 00021653 _____ C:\Users\GenesisQ\Desktop\FRST.txt 2015-08-19 09:57 - 2015-08-19 09:58 - 00000000 ____D C:\FRST 2015-08-19 09:56 - 2015-08-19 09:55 - 02173440 _____ (Farbar) C:\Users\GenesisQ\Desktop\FRST64.exe 2015-08-19 09:55 - 2015-08-19 09:55 - 02173440 _____ (Farbar) C:\Users\GenesisQ\Downloads\FRST64.exe 2015-08-18 16:20 - 2015-08-19 09:52 - 00003318 _____ C:\WINDOWS\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} 2015-08-18 11:32 - 2015-08-18 11:32 - 00002794 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-08-18 11:31 - 2015-08-18 11:31 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-08-18 11:31 - 2015-08-18 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-08-18 11:31 - 2015-08-18 11:31 - 00000000 ____D C:\Program Files\CCleaner 2015-08-18 11:28 - 2015-08-18 11:29 - 06609608 _____ (Piriform Ltd) C:\Users\GenesisQ\Downloads\ccsetup508.exe 2015-08-18 09:35 - 2015-08-18 09:35 - 00001817 _____ C:\Users\GenesisQ\Desktop\chrome - Atalho.lnk 2015-08-18 09:21 - 2015-08-18 09:26 - 00001881 _____ C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chrome - Atalho (2).lnk 2015-08-18 09:20 - 2015-08-18 09:26 - 00001881 _____ C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chrome - Atalho.lnk 2015-08-18 09:06 - 2015-08-18 09:06 - 00003188 _____ C:\WINDOWS\System32\Tasks\{D4014935-2DC6-475D-A13E-B03CF74C2A05} 2015-08-18 06:00 - 2015-08-19 09:52 - 00028984 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys 2015-08-17 06:01 - 2015-08-17 06:01 - 00000000 _____ C:\Users\GenesisQ\AppData\Local\{98C021FE-572F-4FE4-AF56-097D1B1875C2} 2015-08-17 03:00 - 2015-08-17 03:00 - 00000000 _____ C:\9693.tmp 2015-08-17 01:04 - 2015-08-17 00:43 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\hvm.sys 2015-08-17 00:58 - 2015-08-17 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-08-16 22:52 - 2015-08-16 22:52 - 00000150 __RSH C:\rising.ini 2015-08-16 22:52 - 2015-08-16 22:52 - 00000000 ___RD C:\RavBin 2015-08-16 22:52 - 2014-07-29 23:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\vpatch.dll 2015-08-16 22:52 - 2014-01-02 04:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\ravext64.dll 2015-08-16 22:52 - 2013-12-30 04:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\ravext.dll 2015-08-16 22:52 - 2012-09-05 21:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\bsmain.exe 2015-08-16 22:51 - 2015-08-17 00:41 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\sysmon.sys 2015-08-16 22:51 - 2015-08-17 00:41 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsutils.sys 2015-08-16 22:51 - 2015-08-16 22:52 - 00000000 ____D C:\Users\Todos os Usuários\Rising 2015-08-16 22:51 - 2015-08-16 22:52 - 00000000 ____D C:\ProgramData\Rising 2015-08-16 22:51 - 2015-08-16 22:51 - 00000000 ____D C:\Program Files (x86)\Rising 2015-08-16 22:51 - 2012-02-29 04:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsndisp.sys 2015-08-16 22:50 - 2015-08-16 22:50 - 00000000 ____D C:\Users\Todos os Usuários\TXQMPC 2015-08-16 22:50 - 2015-08-16 22:50 - 00000000 ____D C:\ProgramData\TXQMPC 2015-08-16 22:50 - 2015-08-16 22:47 - 00074040 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys 2015-08-16 22:49 - 2015-08-16 22:49 - 00000000 ____D C:\Program Files\Common Files\Tencent 2015-08-16 22:48 - 2015-08-17 00:54 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-08-16 22:48 - 2015-08-16 22:47 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernel64.sys 2015-08-16 22:48 - 2015-08-16 22:47 - 00087864 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys 2015-08-16 22:45 - 2015-08-16 23:10 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Tencent 2015-08-16 22:45 - 2015-08-16 22:52 - 00000000 ____D C:\Users\Todos os Usuários\Tencent 2015-08-16 22:45 - 2015-08-16 22:52 - 00000000 ____D C:\ProgramData\Tencent 2015-08-16 22:45 - 2015-08-16 22:45 - 00000000 ____D C:\Program Files (x86)\Tencent 2015-08-16 22:29 - 2015-08-16 22:29 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\UG 2015-08-16 22:05 - 2015-08-19 09:51 - 00001028 _____ C:\WINDOWS\Tasks\CGV2p1WH4K4lKl.job 2015-08-16 22:05 - 2015-08-16 22:05 - 00004040 _____ C:\WINDOWS\System32\Tasks\CGV2p1WH4K4lKl 2015-08-16 22:04 - 2015-08-18 05:59 - 00000996 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-08-16 22:04 - 2015-08-16 22:04 - 00003968 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA 2015-08-16 22:04 - 2015-08-16 22:04 - 00003732 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore 2015-08-16 22:03 - 2015-08-19 09:51 - 00000992 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-08-16 22:03 - 2015-08-16 22:03 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-08-16 22:03 - 2015-08-16 22:03 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\SysassistByHotWheel 2015-08-16 22:03 - 2015-08-16 22:03 - 00000000 ____D C:\ppsfile 2015-08-16 22:01 - 2015-08-18 07:01 - 00000000 ____D C:\IQIYI Video 2015-08-16 22:01 - 2015-08-18 06:59 - 00000000 ____D C:\Users\Todos os Usuários\IQIYI Video 2015-08-16 22:01 - 2015-08-18 06:59 - 00000000 ____D C:\ProgramData\IQIYI Video 2015-08-16 22:01 - 2015-08-16 22:01 - 00004082 _____ C:\WINDOWS\System32\Tasks\Crossbrowse 2015-08-16 22:01 - 2015-08-16 22:01 - 00000000 ____D C:\Users\Public\QiYi 2015-08-16 22:01 - 2015-08-16 22:01 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\IQIYI Video 2015-08-16 21:58 - 2015-08-18 08:48 - 00000000 ____D C:\Program Files (x86)\UPCleaner 2015-08-16 21:57 - 2015-08-18 09:06 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\SmartWeb 2015-08-16 21:57 - 2015-08-16 23:06 - 00000434 _____ C:\task.vbs 2015-08-16 21:57 - 2015-08-16 21:57 - 00004044 _____ C:\WINDOWS\System32\Tasks\SmartWeb Upgrade Trigger Task 2015-08-16 21:57 - 2015-08-16 21:57 - 00000000 ____D C:\Users\Todos os Usuários\MWinManProM 2015-08-16 21:57 - 2015-08-16 21:57 - 00000000 ____D C:\ProgramData\MWinManProM 2015-08-15 21:48 - 2015-08-15 21:48 - 00000000 ____D C:\Users\Todos os Usuários\ShopperPro 2015-08-15 21:48 - 2015-08-15 21:48 - 00000000 ____D C:\ProgramData\ShopperPro 2015-08-15 21:15 - 2015-08-15 21:15 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml 2015-08-15 21:13 - 2015-08-15 21:13 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\88E5D4B4-1439673214-11E2-BA3A-860C1FA00800 2015-08-15 21:13 - 2012-07-26 02:26 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2015-08-15 21:12 - 2015-08-15 22:11 - 00000000 ____D C:\Program Files (x86)\GUPlayer 2015-08-15 21:12 - 2015-08-15 21:12 - 00000000 ____D C:\Program Files (x86)\predm 2015-08-15 21:09 - 2015-08-16 22:03 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-08-15 21:09 - 2015-08-15 21:09 - 00000000 ____D C:\Users\Public\Documents\ShopperPro 2015-08-15 21:09 - 2015-08-15 21:09 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\globalUpdate 2015-08-15 21:08 - 2015-08-18 05:58 - 00000000 ____D C:\Program Files (x86)\ShopperPro 2015-08-15 21:07 - 2015-08-16 09:33 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\VDownloader 2015-08-15 21:07 - 2015-08-15 21:22 - 00000000 ____D C:\Users\Public\Documents\GOOBZO 2015-08-15 21:07 - 2015-08-15 21:21 - 00000000 ____D C:\Users\Todos os Usuários\TEMP 2015-08-15 21:07 - 2015-08-15 21:21 - 00000000 ____D C:\ProgramData\TEMP 2015-08-15 21:05 - 2015-08-16 09:31 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\VDownloader 2015-08-15 21:05 - 2015-08-15 21:11 - 00000000 ____D C:\Program Files\VDownloader 2015-08-15 21:05 - 2015-08-15 21:05 - 00001738 _____ C:\Users\Public\Desktop\VDownloader.lnk 2015-08-15 21:05 - 2015-08-15 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDownloader 2015-08-15 21:04 - 2015-08-19 09:54 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\gmsd_br_006010061 2015-08-15 21:04 - 2015-08-15 21:12 - 00000000 ____D C:\Program Files (x86)\gmsd_br_006010061 2015-08-15 21:04 - 2015-08-15 21:04 - 00003522 _____ C:\WINDOWS\System32\Tasks\Inst_Rep 2015-08-15 21:04 - 2015-08-15 21:04 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\CrashRpt 2015-08-15 20:59 - 2015-08-15 20:59 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\WinRAR 2015-08-15 20:57 - 2015-08-15 20:57 - 00001036 _____ C:\Users\Public\Desktop\WinRAR.lnk 2015-08-15 20:57 - 2015-08-15 20:57 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-08-15 20:57 - 2015-08-15 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-08-15 20:56 - 2015-08-15 20:57 - 00000000 ____D C:\Program Files\WinRAR 2015-08-15 20:55 - 2015-08-15 20:56 - 03478920 _____ C:\Users\GenesisQ\Downloads\winrar-x64-521br.exe 2015-08-15 20:55 - 2015-08-15 20:55 - 00003158 _____ C:\WINDOWS\System32\Tasks\{CAB9D268-01A9-4513-9330-82E9D761ACCF} 2015-08-15 20:47 - 2015-08-15 20:47 - 00218716 _____ C:\Users\GenesisQ\Downloads\VDownloader4OC (2).rar 2015-08-15 20:46 - 2015-08-15 22:03 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\cpuminer 2015-08-15 20:46 - 2015-08-15 20:47 - 00000000 ____D C:\Users\Todos os Usuários\rWinManPror 2015-08-15 20:46 - 2015-08-15 20:47 - 00000000 ____D C:\ProgramData\rWinManPror 2015-08-15 20:46 - 2015-08-15 20:46 - 00000000 _____ C:\WINDOWS\prleth.sys 2015-08-15 20:46 - 2015-08-15 20:46 - 00000000 _____ C:\WINDOWS\hgfs.sys 2015-08-15 20:45 - 2015-08-15 21:38 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\RunDir 2015-08-15 20:45 - 2015-08-15 20:45 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\NetService 2015-08-15 20:42 - 2015-08-15 20:43 - 00689352 _____ ( ) C:\Users\GenesisQ\Downloads\WinRAR.cpl 2015-08-15 16:54 - 2015-08-15 16:54 - 00218716 _____ C:\Users\GenesisQ\Downloads\VDownloader4OC (1).rar 2015-08-15 16:43 - 2015-08-15 16:44 - 00218716 _____ C:\Users\GenesisQ\Downloads\VDownloader4OC.rar 2015-08-09 18:10 - 2014-04-16 15:20 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2015-08-09 18:10 - 2014-04-16 15:20 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2015-08-09 18:10 - 2014-04-16 15:20 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll 2015-08-09 18:10 - 2014-04-16 15:20 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll 2015-08-09 18:10 - 2014-04-16 15:20 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-08-09 18:10 - 2014-04-16 15:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-08-09 18:07 - 2015-08-09 18:08 - 01118920 _____ (Microsoft Corporation) C:\Users\GenesisQ\Downloads\NDP452-KB2901954-Web (1).exe 2015-08-09 18:07 - 2015-08-09 18:07 - 01118920 _____ (Microsoft Corporation) C:\Users\GenesisQ\Downloads\NDP452-KB2901954-Web.exe 2015-08-09 17:58 - 2015-08-09 17:58 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com 2015-08-09 17:51 - 2015-08-18 11:08 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Deployment 2015-08-09 17:51 - 2015-08-09 17:51 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Apps\2.0 2015-08-09 17:05 - 2015-08-09 17:05 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2015-08-09 17:05 - 2015-08-09 17:05 - 00000000 ____D C:\Program Files (x86)\MSBuild 2015-08-09 17:04 - 2015-08-09 17:04 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2015-08-09 17:04 - 2015-08-09 17:04 - 00000000 ____D C:\Program Files\Reference Assemblies 2015-08-09 17:04 - 2015-08-09 17:04 - 00000000 ____D C:\Program Files\MSBuild 2015-08-09 17:00 - 2012-07-05 23:02 - 01166440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-08-09 17:00 - 2012-07-05 23:02 - 00778856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-08-09 17:00 - 2012-07-05 23:02 - 00124040 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-09 17:00 - 2012-07-05 23:02 - 00102528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-09 17:00 - 2012-07-05 23:02 - 00035400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-08-09 17:00 - 2012-07-05 23:02 - 00035400 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-08-09 16:49 - 2015-08-09 16:49 - 01291088 _____ (PokerStrategy.com) C:\Users\GenesisQ\Downloads\SideKickSetup.exe 2015-08-08 10:07 - 2015-08-08 10:07 - 00002380 _____ C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICMIZER.lnk 2015-08-08 10:07 - 2015-08-08 10:07 - 00002350 _____ C:\Users\GenesisQ\Desktop\ICMIZER.lnk 2015-08-05 20:05 - 2013-01-10 13:36 - 00695648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-08-05 20:05 - 2013-01-10 13:36 - 00080736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-05 20:04 - 2015-08-18 09:22 - 00327256 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-01 17:56 - 2015-08-08 10:09 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Equilab 2015-07-28 15:08 - 2015-07-05 07:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-07-26 18:44 - 2015-07-26 18:44 - 00000517 _____ C:\Users\GenesisQ\Desktop\Pergunta.txt 2015-07-26 08:07 - 2015-07-26 08:11 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\ICMTrainerLight 2015-07-25 16:11 - 2015-07-25 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-07-25 16:10 - 2015-07-25 16:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-07-25 16:10 - 2015-07-25 16:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-07-25 16:09 - 2015-07-25 16:09 - 13095136 _____ (Microsoft Corporation) C:\Users\GenesisQ\Downloads\Silverlight_x64 (1).exe 2015-07-25 16:08 - 2015-07-25 16:09 - 13095136 _____ (Microsoft Corporation) C:\Users\GenesisQ\Downloads\Silverlight_x64.exe 2015-07-25 15:24 - 2015-07-25 15:24 - 00003095 _____ C:\Users\GenesisQ\Desktop\ICM Trainer Light.lnk 2015-07-25 15:24 - 2015-07-25 15:24 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy 2015-07-25 15:21 - 2015-07-25 15:21 - 16094720 _____ C:\Users\GenesisQ\Downloads\ICM_Trainer_Light.msi 2015-07-25 15:10 - 2015-07-25 15:11 - 42173668 _____ ( ) C:\Users\GenesisQ\Downloads\setup_icmtrainer (1).exe 2015-07-25 15:09 - 2015-07-25 15:09 - 00001733 _____ C:\Users\Public\Desktop\Positivo Aplicativos.lnk 2015-07-25 15:08 - 2015-07-25 15:08 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Positivo_Informática_S.A 2015-07-25 15:08 - 2015-07-25 15:08 - 00000000 ____D C:\Program Files (x86)\PokerStrategy 2015-07-25 15:07 - 2015-07-25 15:08 - 42173668 _____ ( ) C:\Users\GenesisQ\Downloads\setup_icmtrainer.exe 2015-07-25 15:01 - 2015-07-25 15:24 - 00000000 ____D C:\Program Files (x86)\PokerStrategy.com 2015-07-25 15:01 - 2015-07-25 15:01 - 00002266 _____ C:\Users\Public\Desktop\Equilab.lnk 2015-07-25 15:01 - 2015-07-25 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com 2015-07-25 15:00 - 2015-07-25 15:00 - 10592148 _____ (PokerStrategy.com ) C:\Users\GenesisQ\Downloads\equilab.exe 2015-07-25 15:00 - 2015-07-25 15:00 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Downloaded Installations 2015-07-24 20:21 - 2015-07-24 20:21 - 00000000 _____ C:\Users\GenesisQ\AppData\Local\{CC4F86F3-11D8-416C-B6EB-38A5770EDAEC} 2015-07-23 21:32 - 2013-04-09 02:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-07-23 21:32 - 2013-04-09 02:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-07-23 21:32 - 2013-04-09 02:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-07-23 21:32 - 2013-04-09 02:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll 2015-07-23 21:32 - 2013-04-09 02:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-07-23 21:32 - 2013-04-09 02:14 - 01455880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2015-07-23 21:32 - 2013-04-09 01:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2015-07-23 21:32 - 2013-04-09 01:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2015-07-23 21:32 - 2013-04-09 01:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2015-07-23 21:32 - 2013-04-09 01:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2015-07-23 21:32 - 2013-04-09 01:51 - 13648384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-07-23 21:32 - 2013-04-09 01:51 - 10116096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2015-07-23 21:32 - 2013-04-09 01:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2015-07-23 21:32 - 2013-04-09 01:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2015-07-23 21:32 - 2013-04-09 01:51 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2015-07-23 21:32 - 2013-04-09 01:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2015-07-23 21:32 - 2013-04-09 01:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2015-07-23 21:32 - 2013-04-09 01:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe 2015-07-23 21:32 - 2013-04-09 01:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2015-07-23 21:32 - 2013-04-09 01:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-07-23 21:32 - 2013-04-09 01:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2015-07-23 21:32 - 2013-04-09 01:50 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-07-23 21:32 - 2013-04-09 01:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll 2015-07-23 21:32 - 2013-04-09 01:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-07-23 21:32 - 2013-04-09 01:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll 2015-07-23 21:32 - 2013-04-09 01:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2015-07-23 21:32 - 2013-04-09 01:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2015-07-23 21:32 - 2013-04-09 01:48 - 02303488 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-07-23 21:32 - 2013-04-09 01:48 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-07-23 21:32 - 2013-04-08 23:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2015-07-23 21:32 - 2013-04-08 23:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2015-07-23 21:32 - 2013-04-08 23:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2015-07-23 21:32 - 2013-04-08 20:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-07-23 21:32 - 2013-04-08 20:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-07-23 21:32 - 2013-04-08 20:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-07-23 21:32 - 2013-04-08 18:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2015-07-23 21:32 - 2013-04-08 18:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2015-07-23 21:32 - 2013-04-08 18:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2015-07-23 21:32 - 2013-04-08 18:51 - 10789888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-07-23 21:32 - 2013-04-08 18:51 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2015-07-23 21:32 - 2013-04-08 18:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2015-07-23 21:32 - 2013-04-08 18:51 - 02035200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-07-23 21:32 - 2013-04-08 18:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2015-07-23 21:32 - 2013-04-08 18:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll 2015-07-23 21:32 - 2013-04-08 18:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2015-07-23 21:32 - 2013-04-08 18:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2015-07-23 21:32 - 2013-04-08 18:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-07-23 21:32 - 2013-04-04 20:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-07-23 21:32 - 2013-04-02 19:08 - 00387688 _____ C:\WINDOWS\system32\ApnDatabase.xml 2015-07-23 21:32 - 2013-03-30 15:16 - 01403784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2015-07-23 21:32 - 2013-03-30 15:16 - 01267424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2015-07-23 21:32 - 2013-03-28 19:09 - 01217328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2015-07-23 21:32 - 2013-03-28 19:09 - 01093880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2015-07-23 21:32 - 2013-03-15 19:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2015-07-23 21:32 - 2013-03-15 19:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2015-07-23 21:32 - 2013-03-01 23:43 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-07-23 21:32 - 2013-02-06 22:33 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-07-23 21:31 - 2013-04-09 02:27 - 00284424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2015-07-23 21:31 - 2013-04-09 02:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2015-07-23 21:31 - 2013-04-09 02:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll 2015-07-23 21:31 - 2013-04-09 01:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2015-07-23 21:31 - 2013-04-09 01:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2015-07-23 21:31 - 2013-04-09 01:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2015-07-23 21:31 - 2013-04-09 01:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2015-07-23 21:31 - 2013-04-09 01:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll 2015-07-23 21:31 - 2013-04-09 01:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2015-07-23 21:31 - 2013-04-09 01:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2015-07-23 21:31 - 2013-04-09 01:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll 2015-07-23 21:31 - 2013-04-09 01:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2015-07-23 21:31 - 2013-04-09 01:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll 2015-07-23 21:31 - 2013-04-09 01:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll 2015-07-23 21:31 - 2013-04-09 01:48 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2015-07-23 21:31 - 2013-04-09 01:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-07-23 21:31 - 2013-04-08 23:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2015-07-23 21:31 - 2013-04-08 23:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2015-07-23 21:31 - 2013-04-08 23:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2015-07-23 21:31 - 2013-04-08 23:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2015-07-23 21:31 - 2013-04-08 23:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2015-07-23 21:31 - 2013-04-08 20:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2015-07-23 21:31 - 2013-04-08 18:52 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2015-07-23 21:31 - 2013-04-08 18:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2015-07-23 21:31 - 2013-04-08 18:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2015-07-23 21:31 - 2013-04-08 18:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2015-07-23 21:31 - 2013-04-08 18:51 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2015-07-23 21:31 - 2013-04-08 18:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-07-23 21:31 - 2013-04-08 18:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2015-07-23 21:31 - 2013-04-08 18:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2015-07-23 21:31 - 2013-04-08 18:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll 2015-07-23 21:31 - 2013-04-08 18:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2015-07-23 21:31 - 2013-04-08 18:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll 2015-07-23 21:31 - 2013-04-08 18:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2015-07-23 21:31 - 2013-04-08 18:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll 2015-07-23 21:31 - 2013-03-02 07:39 - 00069864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2015-07-23 21:31 - 2013-02-02 05:40 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsRasterService.dll 2015-07-23 21:31 - 2013-02-02 05:23 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsRasterService.dll 2015-07-23 21:31 - 2013-01-09 22:40 - 00303848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2015-07-23 21:31 - 2012-12-13 01:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2015-07-23 21:31 - 2012-12-13 00:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2015-07-23 21:18 - 2014-12-18 03:52 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2015-07-23 21:18 - 2014-12-18 03:51 - 01282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-07-23 21:18 - 2014-12-18 03:20 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2015-07-23 21:18 - 2014-12-18 01:47 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-07-23 21:18 - 2014-12-18 01:15 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-07-23 21:18 - 2014-12-09 20:14 - 00569720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-07-23 21:18 - 2014-10-11 02:41 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-07-23 21:18 - 2014-10-11 02:05 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-07-23 21:18 - 2014-05-29 20:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2015-07-23 21:18 - 2014-04-12 06:10 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-07-23 21:18 - 2014-04-12 06:09 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll 2015-07-23 21:18 - 2014-04-12 06:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2015-07-23 21:18 - 2014-04-12 06:07 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll 2015-07-23 21:18 - 2014-04-12 04:23 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll 2015-07-23 21:18 - 2014-04-12 04:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2015-07-23 21:18 - 2014-04-12 04:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll 2015-07-23 21:18 - 2014-04-12 03:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll 2015-07-23 21:17 - 2013-01-28 22:57 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-07-23 21:17 - 2013-01-28 20:08 - 00230904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-07-23 21:10 - 2012-11-10 01:23 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-07-23 21:09 - 2015-02-18 04:39 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-07-23 21:09 - 2015-02-18 04:38 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll 2015-07-23 21:09 - 2012-11-10 01:22 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll 2015-07-23 21:09 - 2012-11-10 01:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll 2015-07-23 21:09 - 2012-11-10 01:20 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll 2015-07-23 21:08 - 2014-10-23 09:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll 2015-07-23 21:08 - 2014-10-23 08:04 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll 2015-07-23 21:04 - 2014-11-08 08:22 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-07-23 21:04 - 2014-11-08 03:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-07-23 20:59 - 2015-06-24 22:54 - 04064768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-07-23 20:59 - 2015-04-25 00:41 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2015-07-23 20:59 - 2015-04-24 20:13 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll 2015-07-23 20:59 - 2015-01-24 03:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2015-07-23 20:59 - 2015-01-24 02:00 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2015-07-23 20:48 - 2014-04-03 08:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-07-23 20:48 - 2013-03-02 06:59 - 00411880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-07-23 20:46 - 2014-06-06 11:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2015-07-23 20:46 - 2014-06-06 07:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2015-07-23 20:43 - 2013-09-28 00:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2015-07-23 20:42 - 2015-02-17 02:13 - 17561600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-07-23 20:41 - 2015-02-17 03:54 - 19777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-07-23 20:36 - 2013-04-02 20:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdlg.dll 2015-07-23 20:36 - 2013-04-02 20:12 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll 2015-07-23 20:27 - 2015-01-22 02:00 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2015-07-23 20:26 - 2015-01-22 03:42 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2015-07-23 20:26 - 2014-12-19 03:48 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-07-23 20:12 - 2013-11-01 02:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll 2015-07-23 20:12 - 2013-11-01 00:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll 2015-07-23 20:06 - 2014-10-30 04:20 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-07-23 20:06 - 2014-10-30 02:22 - 01569792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-07-23 19:59 - 2014-11-08 03:56 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-07-23 19:59 - 2014-04-12 04:23 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2015-07-23 19:58 - 2014-11-08 08:21 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-07-23 19:58 - 2014-10-11 05:35 - 00171840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-07-23 19:58 - 2014-04-12 06:08 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2015-07-22 12:39 - 2014-08-21 20:56 - 01418752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2015-07-22 12:39 - 2014-08-21 20:27 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2015-07-22 12:39 - 2012-11-01 01:21 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll 2015-07-22 12:39 - 2012-11-01 01:20 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3r.dll 2015-07-22 12:38 - 2015-01-15 18:45 - 06973248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-07-22 12:26 - 2012-11-01 01:41 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2015-07-22 12:26 - 2012-11-01 01:40 - 02361344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2015-07-22 12:26 - 2012-11-01 01:21 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll 2015-07-22 12:26 - 2012-11-01 01:20 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll 2015-07-22 12:23 - 2015-04-06 02:36 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-07-22 12:23 - 2015-04-06 01:08 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-07-22 11:54 - 2015-07-22 11:58 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-07-22 11:53 - 2015-07-03 08:43 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-07-21 20:36 - 2014-05-14 22:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-07-21 20:36 - 2014-05-14 19:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-07-21 20:36 - 2014-05-14 19:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-07-21 20:36 - 2014-05-14 19:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-07-21 20:36 - 2014-05-14 19:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2015-07-21 20:35 - 2013-08-16 02:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-07-21 19:33 - 2015-07-21 19:33 - 00001701 _____ C:\Users\GenesisQ\Desktop\fpdb.lnk 2015-07-21 19:31 - 2015-08-19 06:12 - 00000000 ____D C:\Users\GenesisQ\.matplotlib 2015-07-21 19:31 - 2015-08-18 20:47 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\fpdb 2015-07-21 19:29 - 2015-07-21 19:31 - 00000000 ____D C:\Users\GenesisQ\Downloads\fpdb-0.40.5 2015-07-21 19:27 - 2015-07-21 19:29 - 19495917 _____ (Igor Pavlov) C:\Users\GenesisQ\Downloads\fpdb-0.40.5.exe 2015-07-21 19:18 - 2015-08-19 06:23 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\PokerStars 2015-07-21 19:18 - 2015-07-21 19:18 - 00001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk 2015-07-21 19:18 - 2015-07-21 19:18 - 00001954 _____ C:\Users\Public\Desktop\PokerStars.lnk 2015-07-21 19:18 - 2015-07-21 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars 2015-07-21 19:17 - 2015-08-13 19:59 - 00000000 ____D C:\Program Files (x86)\PokerStars 2015-07-21 19:08 - 2015-07-21 19:16 - 92549112 _____ (PokerStars) C:\Users\GenesisQ\Downloads\PokerStarsInstall.exe 2015-07-21 15:26 - 2015-07-21 15:26 - 72087787 _____ C:\Users\GenesisQ\Downloads\Não confirmado 277451.crdownload 2015-07-21 13:34 - 2015-07-21 13:50 - 00000016 _____ C:\Users\GenesisQ\Desktop\TEMP.txt 2015-07-21 06:01 - 2015-08-16 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-21 05:55 - 2015-08-19 09:51 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-21 05:55 - 2015-08-19 07:00 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-21 05:55 - 2015-07-24 20:31 - 00000000 ___HD C:\Users\Todos os Usuários\SmartProtect 2015-07-21 05:55 - 2015-07-24 20:31 - 00000000 ___HD C:\ProgramData\SmartProtect 2015-07-21 05:55 - 2015-07-21 05:58 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Google 2015-07-21 05:55 - 2015-07-21 05:58 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-21 05:55 - 2015-07-21 05:55 - 00004060 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-21 05:55 - 2015-07-21 05:55 - 00003824 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-21 05:55 - 2015-07-21 05:55 - 00000000 ____D C:\Users\Todos os Usuários\Positivo Informática 2015-07-21 05:55 - 2015-07-21 05:55 - 00000000 ____D C:\ProgramData\Positivo Informática 2015-07-21 05:54 - 2015-07-21 05:54 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Macromedia 2015-07-21 05:49 - 2015-07-21 05:49 - 00000000 _____ C:\Users\GenesisQ\agent.log 2015-07-21 05:48 - 2015-08-19 09:56 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1506094221-713273713-2986573324-1001 2015-07-21 05:44 - 2015-07-21 05:44 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Intel Corporation 2015-07-21 05:43 - 2015-07-25 15:08 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Positivo 2015-07-21 05:43 - 2015-07-21 05:43 - 00000000 ____D C:\Users\GenesisQ\PSafe 2015-07-21 05:42 - 2015-08-16 21:56 - 00001707 _____ C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-21 05:42 - 2015-07-21 05:42 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2015-07-21 05:42 - 2015-07-21 05:42 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Adobe 2015-07-21 05:38 - 2015-08-19 09:55 - 01515814 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-21 05:38 - 2015-08-18 07:06 - 00000000 ____D C:\Users\GenesisQ 2015-07-21 05:38 - 2015-08-16 22:49 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\VirtualStore 2015-07-21 05:38 - 2015-08-15 16:48 - 00000000 ____D C:\Users\GenesisQ\AppData\Local\Packages 2015-07-21 05:38 - 2015-07-21 05:38 - 00000020 ___SH C:\Users\GenesisQ\ntuser.ini 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\Modelos 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\Meus Documentos 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\Menu Iniciar 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\Documents\Minhas Músicas 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\Documents\Minhas Imagens 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\Documents\Meus Vídeos 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\Dados de Aplicativos 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\Configurações Locais 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\AppData\Local\Histórico 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\AppData\Local\Dados de Aplicativos 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\Ambiente de Rede 2015-07-21 05:38 - 2015-07-21 05:38 - 00000000 _SHDL C:\Users\GenesisQ\Ambiente de Impressão 2015-07-21 05:38 - 2012-07-26 05:13 - 00000000 ___RD C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-07-21 05:38 - 2012-07-26 05:13 - 00000000 ___RD C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-07-21 05:38 - 2012-07-26 05:13 - 00000000 ___RD C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-07-21 05:38 - 2012-07-26 05:13 - 00000000 ____D C:\Users\GenesisQ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-07-20 21:44 - 2015-07-20 21:44 - 00000000 _____ C:\Recovery.txt 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Músicas 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Imagens 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Meus Vídeos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Histórico 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Dados de Aplicativos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Usuário Padrão 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Todos os Usuários\Modelos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Todos os Usuários\Menu Iniciar 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Todos os Usuários\Documentos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Todos os Usuários\Dados de Aplicativos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Todos os Usuários 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Public\Documents\Minhas Músicas 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Public\Documents\Minhas Imagens 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Public\Documents\Meus Vídeos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\Modelos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\Meus Documentos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\Menu Iniciar 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Músicas 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Imagens 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\Documents\Meus Vídeos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\Dados de Aplicativos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\Configurações Locais 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\AppData\Local\Histórico 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\Ambiente de Rede 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default\Ambiente de Impressão 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Músicas 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Imagens 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default User\Documents\Meus Vídeos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Histórico 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Dados de Aplicativos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\ProgramData\Modelos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\ProgramData\Menu Iniciar 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\ProgramData\Documentos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\ProgramData\Dados de Aplicativos 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Program Files\Common Files\Sistema 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Program Files\Arquivos Comuns 2015-07-20 20:48 - 2015-07-20 20:48 - 00000000 _SHDL C:\Arquivos de Programas ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-19 09:59 - 2013-01-26 16:56 - 00000000 ____D C:\Users\Todos os Usuários\PSafe 2015-08-19 09:51 - 2013-01-26 16:42 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2015-08-19 09:51 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\system32\sru 2015-08-18 20:21 - 2013-01-26 16:56 - 00000000 ____D C:\ProgramData\PSafe 2015-08-18 19:29 - 2013-01-26 16:42 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2015-08-18 19:09 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2015-08-18 11:45 - 2013-01-26 16:29 - 00030294 _____ C:\WINDOWS\PFRO.log 2015-08-18 11:45 - 2012-07-26 04:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-18 11:45 - 2012-07-26 02:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-08-18 10:44 - 2013-01-26 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Jogos 2015-08-18 10:44 - 2013-01-26 17:02 - 00000000 ____D C:\Program Files (x86)\Zylom Games 2015-08-18 09:31 - 2012-07-26 07:32 - 00763854 _____ C:\WINDOWS\system32\prfh0416.dat 2015-08-18 09:31 - 2012-07-26 07:32 - 00155144 _____ C:\WINDOWS\system32\prfc0416.dat 2015-08-18 09:31 - 2012-07-26 04:28 - 01769104 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-15 22:36 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\rescache 2015-08-15 21:42 - 2012-07-26 05:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2015-08-15 21:42 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2015-08-15 20:36 - 2013-01-26 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-08-09 18:15 - 2012-07-26 04:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-08-09 17:04 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2015-08-09 17:04 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\system32\MUI 2015-08-05 19:59 - 2012-07-26 07:34 - 00000000 ____D C:\Program Files\Windows Journal 2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ___RD C:\WINDOWS\ToastData 2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-05 19:59 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2015-08-01 09:31 - 2012-07-26 05:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-01 09:31 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\AppCompat 2015-08-01 09:31 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2015-08-01 09:31 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2015-08-01 09:31 - 2012-07-26 02:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2015-08-01 09:31 - 2012-07-26 02:38 - 00000000 ____D C:\WINDOWS\system32\Dism 2015-08-01 09:30 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\WinStore 2015-08-01 09:30 - 2012-07-26 02:38 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-08-01 09:29 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-01 09:29 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-01 09:29 - 2012-07-26 05:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-08-01 09:29 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Windows Defender 2015-08-01 09:29 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-08-01 09:28 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2015-08-01 09:28 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-08-01 09:27 - 2012-07-26 02:38 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2015-07-29 20:12 - 2012-07-26 02:37 - 00000000 ____D C:\WINDOWS\servicing 2015-07-28 14:41 - 2013-01-26 16:53 - 00000000 ____D C:\Users\Todos os Usuários\McAfee 2015-07-28 14:41 - 2013-01-26 16:53 - 00000000 ____D C:\ProgramData\McAfee 2015-07-28 14:41 - 2013-01-26 16:53 - 00000000 ____D C:\Program Files\mcafee 2015-07-28 14:41 - 2013-01-26 16:53 - 00000000 ____D C:\Program Files\Common Files\mcafee 2015-07-28 14:41 - 2013-01-26 16:53 - 00000000 ____D C:\Program Files (x86)\McAfee 2015-07-26 18:38 - 2012-07-26 02:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2015-07-26 18:17 - 2012-07-26 05:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2015-07-26 17:51 - 2012-07-26 04:21 - 00016944 _____ C:\WINDOWS\setupact.log 2015-07-25 15:09 - 2013-01-26 16:56 - 00000000 ____D C:\Users\Todos os Usuários\Positivo 2015-07-25 15:09 - 2013-01-26 16:56 - 00000000 ____D C:\ProgramData\Positivo 2015-07-25 15:09 - 2013-01-26 16:56 - 00000000 ____D C:\Program Files (x86)\Positivo Informática 2015-07-25 15:09 - 2013-01-26 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática 2015-07-21 20:34 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\system32\restore 2015-07-21 13:25 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-07-21 13:22 - 2013-01-26 22:27 - 00000000 ____D C:\WINDOWS\Panther 2015-07-21 05:38 - 2012-07-26 05:12 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2015-07-20 21:44 - 2012-07-26 05:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template 2015-07-20 21:44 - 2012-07-26 05:12 - 00000000 ____D C:\WINDOWS\system32\Recovery 2015-07-20 20:48 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Windows NT 2015-07-20 20:48 - 2012-07-26 02:37 - 00000000 __RHD C:\Users\Default 2015-07-20 20:45 - 2012-07-26 05:13 - 00002664 _____ C:\WINDOWS\DtcInstall.log ==================== Files in the root of some directories ======= 2015-04-19 09:20 - 2015-04-19 09:20 - 0005872 ____N () C:\Users\GenesisQ\AppData\Roaming\CGV2p1WH4K4lKl 2015-08-17 06:01 - 2015-08-17 06:01 - 0000000 _____ () C:\Users\GenesisQ\AppData\Local\{98C021FE-572F-4FE4-AF56-097D1B1875C2} 2015-07-24 20:21 - 2015-07-24 20:21 - 0000000 _____ () C:\Users\GenesisQ\AppData\Local\{CC4F86F3-11D8-416C-B6EB-38A5770EDAEC} 2013-01-26 16:42 - 2013-01-26 16:42 - 0510976 _____ () C:\ProgramData\DRV10.tmp 2013-01-26 16:42 - 2013-01-26 16:42 - 9891840 _____ (OEM) C:\ProgramData\E1010.tmp 2013-01-26 16:56 - 2013-01-26 16:56 - 0000157 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Some files in TEMP: ==================== C:\Users\GenesisQ\AppData\Local\Temp\103242625.exe C:\Users\GenesisQ\AppData\Local\Temp\4911.exe C:\Users\GenesisQ\AppData\Local\Temp\7321.exe C:\Users\GenesisQ\AppData\Local\Temp\9033.exe C:\Users\GenesisQ\AppData\Local\Temp\amisetup7940__12237.exe C:\Users\GenesisQ\AppData\Local\Temp\cabex.dll C:\Users\GenesisQ\AppData\Local\Temp\ClientToMobilePlatform.exe C:\Users\GenesisQ\AppData\Local\Temp\fsdB607.exe C:\Users\GenesisQ\AppData\Local\Temp\install1804741.exe C:\Users\GenesisQ\AppData\Local\Temp\IQIYIsetup_l_huayukeji@kb006.exe C:\Users\GenesisQ\AppData\Local\Temp\mccspuninstall.exe C:\Users\GenesisQ\AppData\Local\Temp\Oursurfing.exe C:\Users\GenesisQ\AppData\Local\Temp\qqpcmgr_v10.11.16588.235_72603_Silence.exe C:\Users\GenesisQ\AppData\Local\Temp\setup.exe C:\Users\GenesisQ\AppData\Local\Temp\setup3.exe C:\Users\GenesisQ\AppData\Local\Temp\setup_gmsd_br.exe C:\Users\GenesisQ\AppData\Local\Temp\tu17p84.exe C:\Users\GenesisQ\AppData\Local\Temp\unelevate.exe C:\Users\GenesisQ\AppData\Local\Temp\Uninstall.exe C:\Users\GenesisQ\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-10 19:28 ==================== End of log ============================