Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015 Ran by GenesisQ (2015-08-19 09:59:49) Running from C:\Users\GenesisQ\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1506094221-713273713-2986573324-500 - Administrator - Disabled) Convidado (S-1-5-21-1506094221-713273713-2986573324-501 - Limited - Disabled) GenesisQ (S-1-5-21-1506094221-713273713-2986573324-1001 - Administrator - Enabled) => C:\Users\GenesisQ ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5} AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48} AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Bejeweled(R) 3 (remove only) (HKLM-x32\...\Bejeweled(R) 3) (Version: - ) Canal Positivo (HKLM-x32\...\Canal Positivo_is1) (Version: 1.0 - Positivo Informática) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Driver 1.3.1 (HKLM\...\{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}) (Version: 1.3.1 - OEM) Farmscapes(TM) Premium Edition (remove only) (HKLM-x32\...\Farmscapes(TM) Premium Edition) (Version: - ) globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.) Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Haunted Past - Realm of Ghosts Deluxe (remove only) (HKLM-x32\...\Haunted Past - Realm of Ghosts Deluxe) (Version: - ) ICM Trainer Light (HKLM-x32\...\{3C630BB8-692D-4495-A0BD-40336CD51F99}) (Version: 1.4 - PokerStrategy.com) ICMIZER (HKU\S-1-5-21-1506094221-713273713-2986573324-1001\...\736316902.www.icmpoker.com) (Version: - www.icmpoker.com) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) IPM 1.9.2 (HKLM-x32\...\{AADF4228-0772-4D43-92EB-B245E3A17B00}) (Version: 1.9.2 - OEM) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.) Luxor (remove only) (HKLM-x32\...\Luxor) (Version: - ) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mundo Positivo Bateria (HKLM-x32\...\{FD6F6859-2863-4ABB-87D0-A263F3E9FF45}_is1) (Version: 1.4.6.0 - Positivo Informática S.A.) Mundo Positivo Gerenciador de Inicialização (HKLM\...\{E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1) (Version: 1.1.4.0 - Positivo Informática S.A.) Mundo Positivo Monitora (HKLM-x32\...\{8aaef6d0-68e7-4f99-b98d-e5ae19edbc99}_is1) (Version: 1.0.7.0 - Positivo Informática S.A.) Mundo Positivo Webcam (HKLM-x32\...\{E11C7438-7550-4676-92CE-846CC5DA3548}_is1) (Version: 1.5.7.0 - Positivo Informática S.A.) Mystery Legends - Beauty and the Beast (remove only) (HKLM-x32\...\Mystery Legends - Beauty and the Beast) (Version: - ) PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars) PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com) PokerStrategy.com SideKick (HKU\S-1-5-21-1506094221-713273713-2986573324-1001\...\25d18212dc9175a9) (Version: 2.1.20409.2 - PokerStrategy.com) Positivo Aplicativos (HKLM\...\{AAB13E97-449B-4D5B-BDE2-AB47B938B722}_is1) (Version: 1.3.10.4 - Positivo Informática S.A.) Positivo Backup (HKLM-x32\...\PSafe) (Version: 3.0.1208.24401 - PSafe) Positivo Conecta (HKLM-x32\...\{4F23361B-2B38-46E2-BA1A-D920F270D5FB}_is1) (Version: 1.3.23.0 - Positivo Informática S.A.) Positivo Fotos (HKLM-x32\...\{D53F9978-D5C1-4C71-9757-2F53DC8BEE6D}_is1) (Version: 1.0.0.0 - Positivo Informática S.A.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6668 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0193 - REALTEK Semiconductor Corp.) Rising Antivirus (HKLM-x32\...\RAV) (Version: 24.00.45.66 - Beijing Rising Information Technology, Inc.) Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.0 - Synaptics Incorporated) VDownloader 4.1.1403.0 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: 4.1.1403.0 - Vitzo Limited) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 31-07-2015 19:31:20 Windows Update 09-08-2015 09:11:20 Ponto de Verificação Agendado 18-08-2015 11:38:21 Removed Shared C Run-time for x64 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 02:26 - 2012-07-26 02:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0CFC62EC-A40E-4903-AB30-C66CF5E94F57} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation) Task: {19BC35A5-D389-4D44-AAD7-D96427AE64C2} - System32\Tasks\{D4014935-2DC6-475D-A13E-B03CF74C2A05} => pcalua.exe -a C:\Users\GenesisQ\AppData\Local\SmartWeb\__u.exe -c _?=C:\Users\GenesisQ\AppData\Local\SmartWeb Task: {246EB184-7850-49F5-B0FE-594FFC0D6335} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {2B6E8F18-B167-474D-9E33-7F0587B9BD90} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION Task: {32822C99-AE1E-41F4-9C54-F238BE2C2138} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {44625FC8-A475-4A76-B974-B03D2384E2A2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-10] (Synaptics Incorporated) Task: {44A636EF-E826-4447-804F-9E94760AFE20} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\PROGRAM FILES (X86)\RISING\RAV\rsdelaylauncher.exe [2014-05-14] (Beijing Rising Information Technology Co., Ltd.) Task: {6BA56E4A-FC58-43F8-BC19-8688FBF405DA} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-16] (globalUpdate) <==== ATTENTION Task: {70A90E60-F823-45CF-B501-958B8E439562} - System32\Tasks\Inst_Rep => C:\Users\GenesisQ\AppData\Local\Installer\Install_11473\DCytaiesmt_smtyc_setup.exe [2015-08-15] () Task: {76AE48E0-1CF5-4CD2-8C6B-50EBE2CB7AA9} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-16] (globalUpdate) <==== ATTENTION Task: {9542989A-4030-4586-BDD6-211054094AAC} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation) Task: {C0D04F99-CC84-412C-A52A-B3B32F95075E} - System32\Tasks\CGV2p1WH4K4lKl => C:\Users\GenesisQ\AppData\Roaming\CGV2p1WH4K4lKl.exe <==== ATTENTION Task: {F0F73699-B787-45DF-819A-389330C3A79D} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\GenesisQ\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION Task: {F2CA0445-58CB-4D16-B041-2F2991F203D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.) Task: {F2DC85A9-71CB-4DBB-A26A-C2B05984E8B3} - System32\Tasks\{CAB9D268-01A9-4513-9330-82E9D761ACCF} => pcalua.exe -a C:\Users\GenesisQ\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=2sq1 Task: {FDD17EB0-572A-4466-B1CC-B07736F69D3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-21] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CGV2p1WH4K4lKl.job => C:\Users\GenesisQ\AppData\Roaming\CGV2p1WH4K4lKl.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe ==================== Loaded Modules (Whitelisted) ============== 2015-08-15 20:45 - 2015-07-08 22:26 - 00173088 _____ () C:\Users\GenesisQ\AppData\Roaming\NetService\netservice.exe 2015-08-15 21:04 - 2015-08-14 13:50 - 03311248 _____ () C:\Users\GenesisQ\AppData\Local\gmsd_br_006010061\upgmsd_br_006010061.exe 2012-04-16 13:45 - 2012-04-16 13:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe 2013-01-10 15:47 - 2012-11-01 13:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2015-08-15 21:05 - 2015-08-07 16:06 - 00052224 _____ () C:\Program Files\VDownloader\Core.XmlSerializers.dll 2015-08-15 21:05 - 2015-08-07 16:05 - 00023040 _____ () C:\Program Files\VDownloader\GAMeasurement.dll 2015-08-15 21:05 - 2015-08-07 16:05 - 00048640 _____ () C:\Program Files\VDownloader\WPFMessageBox.dll 2015-08-15 21:05 - 2015-08-07 16:06 - 00595456 _____ () C:\Program Files\VDownloader\VDownloaderUI.Controls.dll 2015-08-15 21:05 - 2015-06-23 23:26 - 00084992 _____ () C:\Program Files\VDownloader\NET.Tools.WPF.Effects.dll 2015-08-15 21:05 - 2015-08-07 16:05 - 00010752 _____ () C:\Program Files\VDownloader\WebBrowserWithProxy.dll 2015-07-17 14:34 - 2015-07-17 14:34 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-2070.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\zlib.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\sqlite.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\tinyxml.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00063840 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00018784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\oDayProtect.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00125280 _____ () c:\program files (x86)\tencent\qqpcmgr\10.11.16588.235\qmrtpcontroller.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00170336 _____ () c:\program files (x86)\tencent\qqpcmgr\10.11.16588.235\qmhipslogpolicy.dll 2013-01-26 16:56 - 2012-08-24 10:32 - 00468232 _____ () C:\Program Files (x86)\PSafe\PSafeWCFClient.dll 2013-01-26 16:56 - 2012-08-24 10:32 - 00062216 _____ () C:\Program Files (x86)\PSafe\CrashLib.dll 2015-08-16 09:02 - 2015-08-16 09:02 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\23ae651b7c58816ab7e53f2165c92fac\PSIClient.ni.dll 2013-01-26 16:40 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2011-08-15 19:12 - 2011-08-15 19:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll 2011-08-17 15:48 - 2011-08-17 15:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll 2011-08-15 19:15 - 2011-08-15 19:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll 2011-08-17 15:48 - 2011-08-17 15:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll 2012-04-16 10:37 - 2012-04-16 10:37 - 00071680 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ServiceManagerStarter.dll 2011-08-15 18:23 - 2011-08-15 18:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll 2011-08-15 19:12 - 2011-08-15 19:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll 2012-04-16 10:42 - 2012-04-16 10:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll 2011-08-17 15:41 - 2011-08-17 15:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll 2012-04-16 10:41 - 2012-04-16 10:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll 2012-04-16 10:56 - 2012-04-16 10:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll 2012-04-16 10:38 - 2012-04-16 10:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll 2011-07-19 15:05 - 2011-07-19 15:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll 2011-08-15 19:17 - 2011-08-15 19:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll 2011-07-19 15:04 - 2011-07-19 15:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\xImage.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\arkGraphic.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\xGraphic32.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\libpng.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\libjpegturbo.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\libexpatw.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\jgImage.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\jgIOStub.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00076128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\MemDefrag.dll 2015-08-16 22:47 - 2015-07-21 12:59 - 00387424 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\DlForQd.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00235872 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMWlanMacDll.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\xGraphic32.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\zlib.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\libexpatw.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\tinyxml.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\arkGraphic.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\jgImage.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\jgIOStub.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\libpng.dll 2015-08-16 22:47 - 2015-08-16 22:47 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\libjpegturbo.dll 2015-08-12 20:04 - 2015-08-07 21:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll 2015-08-12 20:04 - 2015-08-07 21:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:56E2E879 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1506094221-713273713-2986573324-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\WEB\WALLPAPER\WALLPAPER.JPG DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "VDownloader" HKLM\...\StartupApproved\Run32: => "mcpltui_exe" HKU\S-1-5-21-1506094221-713273713-2986573324-1001\...\StartupApproved\Run: => "SmartProtect" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{7BDEE4D0-0121-471E-9181-A21B38180163}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{B601D01A-2499-462B-9D38-47192A6047CF}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{F9109872-5341-4CC4-9CCE-48293A49F63F}] => (Allow) C:\Program Files (x86)\PSafe\PSRsync.exe FirewallRules: [{CE8CB238-C99B-4453-8A91-C51BB1CD00F7}] => (Allow) C:\Program Files (x86)\PSafe\PSRsync.exe FirewallRules: [{3F5E2D6C-82F2-4F6D-BBDC-F7BE4A281B0C}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{72CD7B7E-5A9A-4BC3-B2F2-E96DA6DDEE99}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{01CF5F32-6216-40FA-A33F-F925EF5E6DFF}] => (Allow) C:\Users\GenesisQ\AppData\Local\Temp\ctmpua\ctmpua.exe FirewallRules: [{D4A050F1-E587-4AA5-AB9B-563C10FF7A84}] => (Allow) C:\Users\GenesisQ\AppData\Local\Temp\ctmpua\ctmpua.exe FirewallRules: [{75B9C3E4-2A4E-4282-83DD-EF54883C5289}] => (Allow) C:\Users\GenesisQ\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe FirewallRules: [{F894E434-9FA6-4CA9-AC76-EF2D5BA6D7B3}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe FirewallRules: [{D8B2DA4C-BDE6-44A9-A64C-8FE069D6C380}] => (Allow) C:\Users\GenesisQ\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe FirewallRules: [{729A9123-5B7F-47C1-B5F7-C394C920091A}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe FirewallRules: [{01827C12-691D-4902-9DA1-41C5C87F7605}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe FirewallRules: [{46992901-9E18-4513-A2BB-4F36BBBB4918}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe FirewallRules: [{B9BA37D4-57A2-4377-B073-74C53CA19777}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe FirewallRules: [{34D74272-B636-41DE-94DB-C6E2B8F4FF7E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCmgrInstallGuide.exe FirewallRules: [{C1C60B39-0DA6-49A1-BBD0-B8E34824834C}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{383BD61E-C020-4AC9-B739-FD2F8E0CC74A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{47A25035-4D8F-4098-BE74-A3681840B09A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCTray.exe FirewallRules: [{04DE5A90-4C92-416D-B076-54ED4F089C91}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCMgr.exe FirewallRules: [{3CE80DA0-D881-422D-8F34-40FAE8A45434}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRTP.exe FirewallRules: [{3C123D4D-6EFE-4EF4-B044-FA1C7119E006}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMDL.exe FirewallRules: [{81ED0E00-0A12-42D7-8962-14A7D23E6979}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\bugreport.exe FirewallRules: [{4D429981-42DA-4D80-B8F0-B1114AB99298}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCFileOpen.exe FirewallRules: [{E44F2FA7-E5C0-493B-890E-89B2EBD4F2AD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCLeakScan.exe FirewallRules: [{F0E1E9E1-96A5-4AAA-A341-A3A5FDA07960}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPConfig.exe FirewallRules: [{214561D7-7755-4208-9B6D-8FDFD8976D1C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCSoftMgr.exe FirewallRules: [{B84494BF-312D-48C8-9CD4-0EF503377C10}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\QMNetMon\QQPCNetFlow.exe FirewallRules: [{A5E031C0-95E9-44FC-BD39-28C18862F689}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCBTU.exe FirewallRules: [{7143EF52-4161-4964-BF44-626D52354F97}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCClinic.exe FirewallRules: [{F961231B-5344-43CF-A31F-8CED594131E0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCLaunch.exe FirewallRules: [{8341AC65-EBD4-4AB9-AE6F-B8D5B4990339}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMUpdate\QQPCMgrUpdate.exe FirewallRules: [{4B5E9D7E-BBF2-417A-9216-046D1DB861A9}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCSoftGame.exe FirewallRules: [{9E9228C6-CD70-4C29-81AA-34FF64CF5606}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCSysOptimize.exe FirewallRules: [{4A87449A-9CB4-4102-BCD5-BA4C395A532E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCUpdateAVLib.exe FirewallRules: [{AC88AD3F-70DB-4BE2-BB91-CDDA40AE37F1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQRepair.exe FirewallRules: [{A8702682-7ABC-4AD9-9D0A-24D3888B4836}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\Uninst.exe FirewallRules: [{5F69B39F-D739-4731-A32D-450F8A829DD2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCPatch.exe FirewallRules: [{44CAA995-6535-4837-AFDC-A11DC4F7EB11}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TpkUpdate.exe FirewallRules: [{7C454FB2-E52B-43F4-AEB7-A18E806B7258}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMRouterMgr.exe FirewallRules: [{7D6D01F7-6D0F-4E95-BFB8-38C7AF8D289D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMAccountProtection.exe FirewallRules: [{FBCDE37F-A271-40F7-BA26-477123CA879A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMAdBlock.exe FirewallRules: [{6A72BB2C-DD01-4018-8A4E-24F5BEDDBC3B}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe FirewallRules: [{7717456D-F69C-4F51-BEA9-058288C149F3}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Adaptador de Túnel Teredo da Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/18/2015 07:06:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (08/18/2015 04:18:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: netservice.exe, versão: 0.0.0.0, carimbo de data/hora: 0x557e7cf3 Nome do módulo com falha: netservice.exe, versão: 0.0.0.0, carimbo de data/hora: 0x557e7cf3 Código de exceção: 0xc0000409 Deslocamento da falha: 0x00013174 ID do processo com falha: 0x8d8 Hora de início do aplicativo com falha: 0xnetservice.exe0 Caminho do aplicativo com falha: netservice.exe1 Caminho do módulo com falha: netservice.exe2 ID do Relatório: netservice.exe3 Nome completo do pacote com falha: netservice.exe4 ID do aplicativo relativo ao pacote com falha: netservice.exe5 Error: (08/18/2015 11:08:35 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 Error: (08/18/2015 11:08:34 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (08/18/2015 11:08:33 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4 Error: (08/18/2015 11:08:32 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll4 Error: (08/18/2015 11:08:32 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\WINDOWS\system32\esentprf.dll4 Error: (08/18/2015 11:08:32 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (08/18/2015 08:44:29 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (5692) WindowsMail0: O backup parou porque ele foi interrompido pelo cliente ou houve falha na conexão com o cliente. Error: (08/18/2015 06:42:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: svchost.exe, versão: 6.2.9200.16420, carimbo de data/hora: 0x505a9a4e Nome do módulo com falha: ntdll.dll, versão: 6.2.9200.16579, carimbo de data/hora: 0x51637f77 Código de exceção: 0xc000000d Deslocamento da falha: 0x00000000000f5f24 ID do processo com falha: 0x139c Hora de início do aplicativo com falha: 0xsvchost.exe0 Caminho do aplicativo com falha: svchost.exe1 Caminho do módulo com falha: svchost.exe2 ID do Relatório: svchost.exe3 Nome completo do pacote com falha: svchost.exe4 ID do aplicativo relativo ao pacote com falha: svchost.exe5 System errors: ============= Error: (08/19/2015 05:46:14 AM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 70. O estado de erro do Windows SChannel é 105. Error: (08/19/2015 05:46:12 AM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 70. O estado de erro do Windows SChannel é 105. Error: (08/19/2015 05:46:09 AM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT) Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 70. O estado de erro do Windows SChannel é 105. Error: (08/18/2015 04:18:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Net.Tcp Service Handler foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço. Error: (08/18/2015 11:45:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Key In Bold Italic devido ao seguinte erro: %%2 Error: (08/18/2015 11:45:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Keyboard Noticeboard devido ao seguinte erro: %%2 Error: (08/18/2015 11:45:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Wire Professional Version devido ao seguinte erro: %%3 Error: (08/18/2015 11:05:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Key In Bold Italic devido ao seguinte erro: %%2 Error: (08/18/2015 11:05:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Keyboard Noticeboard devido ao seguinte erro: %%2 Error: (08/18/2015 11:05:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Wire Professional Version devido ao seguinte erro: %%3 Microsoft Office: ========================= Error: (08/18/2015 07:06:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (08/18/2015 04:18:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: netservice.exe0.0.0.0557e7cf3netservice.exe0.0.0.0557e7cf3c0000409000131748d801d0d9c4927ae283C:\Users\GenesisQ\AppData\Roaming\NetService\netservice.exeC:\Users\GenesisQ\AppData\Roaming\NetService\netservice.exeebae9999-45dd-11e5-be83-80ee7359901e Error: (08/18/2015 11:08:35 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4 Error: (08/18/2015 11:08:34 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (08/18/2015 11:08:33 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4 Error: (08/18/2015 11:08:32 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: LsaC:\Windows\System32\Secur32.dll4 Error: (08/18/2015 11:08:32 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: ESENTC:\WINDOWS\system32\esentprf.dll4 Error: (08/18/2015 11:08:32 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (08/18/2015 08:44:29 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail5692WindowsMail0: Error: (08/18/2015 06:42:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.2.9200.16420505a9a4entdll.dll6.2.9200.1657951637f77c000000d00000000000f5f24139c01d0d999b3d06f69C:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll66277b8e-458d-11e5-be7f-80ee7359901e ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz Percentage of memory in use: 83% Total physical RAM: 1488.24 MB Available physical RAM: 240.36 MB Total Virtual: 4432.24 MB Available Virtual: 2663.9 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:212.4 GB) (Free:170.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: DA62E76E) Partition: GPT. ==================== End of log ============================