Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My mouse is constantly shuttering, lagging and not responsive like it should be


  • This topic is locked This topic is locked
19 replies to this topic

#1 zhijie

zhijie

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 24 April 2016 - 05:04 AM

Hi,

 

My mouse is constantly shuttering, and sometimes i cant even click and it stops/lag. Its so irritating and unresponsive that sometimes i cant even do a normal drag and drop. I cant seem to find out what wrong. Could be recent upgrade to windows 10, but i tried googling for help in google so many times and yet i cant solve it.

 

I wish you can help me to see whats taking up so much of my resources that it will use my mouse application time.

 

Many thanks!

 

 

Attached is my frst.txt and additional.txt file

 

===================================

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Jackson (administrator) on STAFF3 (24-04-2016 17:15:33)
Running from C:\Users\Jackson\Desktop
Loaded Profiles: Jackson (Available Profiles: Jackson)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QQPCRTP.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(360.cn) C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Tendyron Corporation) C:\Windows\SysWOW64\D4Ser_ICBC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\IcbcDaemon_64.exe
(Lenovo) C:\Program Files\Lenovo\OneKey Optimizer\bin\FBService.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
(Apple Inc.) C:\Program Files (x86)\IQIYI Video\PStyle\mDNSResponder.exe
(Tendyron Corporation) C:\Windows\SysWOW64\D4Mon_ICBC.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
() C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
(Alibaba (China) Co., LTD. All rights reserved.) C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe
(Alibaba Group) C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe
(Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\secbizsrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Lenovo) C:\Windows\System32\LenovoUpdate.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(阿里巴巴(中国)有限公司) C:\Users\Jackson\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
(Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\aliwssv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Tendyron Corporation) C:\Windows\SysWOW64\D4Svr_ICBC.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\ProgramData\Lenovo App Services\Engine\LenovoAppServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\131\Tencentdl.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QQPCRealTimeSpeedup.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\Lenovo PhoneCompanion\adb.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Jackson\AppData\Local\kingsoft\WPS Office\10.1.0.5603\office6\wpscloudsvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 2015-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1392496 2015-02-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323312 2015-03-27] (Intel Corporation)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791368 2015-05-23] ()
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [802800 2015-05-23] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [D4Svr_ICBC.exe] => D4Svr_ICBC.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-09] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QQPCTRAY.EXE [362304 2016-04-21] (Tencent)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [26880 2015-09-18] ()
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe [135864 2015-09-26] (Tencent)
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\Run: [360cloud] => C:\Program Files (x86)\360\360WangPan\360WangPan.exe [14519920 2015-06-03] (360.cn)
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\Run: [GoogleChromeAutoLaunch_405751544B92727DFAF1686AE51B71E6] => C:\Users\Jackson\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\Run: [QyClient] => C:\Program Files (x86)\IQIYI Video\PStyle\QyClient.exe [250280 2016-01-30] (爱奇艺)
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\Run: [QyKernel] => C:\Program Files (x86)\IQIYI Video\PStyle\QyKernel.exe [584088 2016-01-30] (iQIYI.COM)
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\Run: [360sd] => C:\Program Files (x86)\360\360sd\360sdrun.exe [833352 2014-11-17] (360.cn)
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\RunOnce: [Uninstall C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\RunOnce: [Uninstall C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\MountPoints2: {43f84548-0136-11e6-8286-f0761cb6f449} - "G:\autorun.exe"
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\...\MountPoints2: {e26f86d4-55d8-11e5-825a-34e6adc1501f} - "G:\autorun.exe"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jackson\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jackson\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jackson\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QMGCShellExt64.dll [2016-04-21] (Tencent)
ShellIconOverlayIdentifiers: [360FileGuardAntiDel] -> {130DA40A-D640-44D7-9CC6-FAA1CD6B3DEA} => C:\Program Files (x86)\360\360sd\ShellIco.dll [2014-11-18] (360.cn)
ShellIconOverlayIdentifiers: [360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360safe\safemon\360UDiskGuard64.dll [2014-05-06] (360.cn)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jackson\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jackson\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jackson\AppData\Local\MEGAsync\ShellExtX32.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{dc23ddeb-1454-4606-a7de-378e4291e41c}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.qq.com/?unc=Af31026&s=o400493_1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.qq.com/?unc=Af31026&s=o400493_1
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.qq.com/?unc=Af31026&s=o400493_1
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-3484809515-3028016762-758759899-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {AE330E10-0C0C-4664-9BC5-FC949D61C6D8} URL = hxxp://sg.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dsg%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0C0ByC0FyEyEzy0B0A0DtBtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtDtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyByCtB0B0AyCtGtD0A0B0FtGyE0BtB0DtG0ByE0A0BtGtBtDyB0BtDyEtB0E0E0D0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCtDzyyCtB0AyCtGtC0D0D0EtGyEyB0B0DtG0AtC0DyBtGtA0EyCzztBtA0A0EtB0DyByB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyB%26cr%3D2060242961%26a%3Dwncy_frg01_15_41%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {AE330E10-0C0C-4664-9BC5-FC949D61C6D8} URL = hxxp://sg.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dsg%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0C0ByC0FyEyEzy0B0A0DtBtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtDtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyByCtB0B0AyCtGtD0A0B0FtGyE0BtB0DtG0ByE0A0BtGtBtDyB0BtDyEtB0E0E0D0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCtDzyyCtB0AyCtGtC0D0D0EtGyEyB0B0DtG0AtC0DyBtGtA0EyCzztBtA0A0EtB0DyByB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyB%26cr%3D2060242961%26a%3Dwncy_frg01_15_41%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3484809515-3028016762-758759899-1001 -> DefaultScope {AE330E10-0C0C-4664-9BC5-FC949D61C6D8} URL = hxxp://sg.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dsg%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0C0ByC0FyEyEzy0B0A0DtBtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtDtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyByCtB0B0AyCtGtD0A0B0FtGyE0BtB0DtG0ByE0A0BtGtBtDyB0BtDyEtB0E0E0D0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCtDzyyCtB0AyCtGtC0D0D0EtGyEyB0B0DtG0AtC0DyBtGtA0EyCzztBtA0A0EtB0DyByB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyB%26cr%3D2060242961%26a%3Dwncy_frg01_15_41%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3484809515-3028016762-758759899-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-3484809515-3028016762-758759899-1001 -> {4AD43A14-AA87-4d4b-A345-B0BC1C61BC76} URL = hxxp://www.google.cn/search?hl=zh-CN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3484809515-3028016762-758759899-1001 -> {AE330E10-0C0C-4664-9BC5-FC949D61C6D8} URL = hxxp://sg.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_41&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dsg%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0C0ByC0FyEyEzy0B0A0DtBtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtDtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyByCtB0B0AyCtGtD0A0B0FtGyE0BtB0DtG0ByE0A0BtGtBtDyB0BtDyEtB0E0E0D0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCtDzyyCtB0AyCtGtC0D0D0EtGyEyB0B0DtG0AtC0DyBtGtA0EyCzztBtA0A0EtB0DyByB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyB%26cr%3D2060242961%26a%3Dwncy_frg01_15_41%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3484809515-3028016762-758759899-1001 -> {C3BBCD0B-9234-4d36-9151-EC49EE32FCE3} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=28026190_dg&ie=utf-8
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\TSWebMon64.dat [2016-04-21] (Tencent)
BHO: ICBC Anti-Phishing class -> {8BCB0605-D909-4c3b-B490-DEFE88BA95FA} -> C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\Icbc_AntiPhishing_64.dll [2014-06-20] (中国工商银行)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360safe\safemon\safemon64.dll [2014-07-18] (360.cn)
BHO-x32: 360sdbho Class -> {0F4BF955-A127-41B7-A998-369904AA2578} -> C:\Program Files (x86)\360\360sd\360sdbho.dll [2014-04-16] (360.cn)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Ó¦Óñ¦Ò»¼ü°²×°²å¼þ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360safe\safemon\safemon.dll [2014-11-06] (360.cn)
BHO-x32: ICBC Anti-Phishing class -> {BB4491A2-D11A-4c6b-91C0-B53246A3122B} -> C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll [2014-06-20] (中国工商银行)
BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll [2014-07-15] (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Jackson\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2015-12-29] (Tencent)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
DPF: HKLM-x32 {060CA154-DF25-4F03-98AA-FBCDE9D27382} hxxps://mybank.icbc.com.cn/icbc/ICBC_TDRDV.cab
DPF: HKLM-x32 {0EB487C8-E9AC-43A6-8C4C-083999B0622F} hxxps://mybank.icbc.com.cn/icbc/newperbank/certInStall.dll
DPF: HKLM-x32 {36C9539B-49D2-01C7-9C6D-10DACDFEA59C} hxxps://b2c.icbc.com.cn/icbc/newperbank/icbcclean.cab
DPF: HKLM-x32 {746E471A-B6E4-44E3-8F3C-2A09B3A030B4} hxxps://mybank.icbc.com.cn/icbc/icbc_tdrusbkey.cab
DPF: HKLM-x32 {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} hxxps://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: HKLM-x32 {B1FBC1AD-5644-4084-882A-0F8BA85E7506} hxxps://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\8.0.13.18090\KuGoo3DownXControl.ocx [2015-12-07] (广州酷狗计算机科技有限公司)
Handler-x32: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\8.0.13.18090\KuGoo3DownXControl.ocx [2015-12-07] (广州酷狗计算机科技有限公司)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-03-21] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\m5512yr3.default-1456042303227
FF Homepage: hxxp://www.asiaone.com/
www.straitstimes.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo64.dll [2015-03-23] (alipay.com)
FF Plugin: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc64.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl64.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\PStyle\npclient.dll [2016-01-30] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.71C\npwangwang.dll [No File]
FF Plugin-x32: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo.dll [2015-03-23] (alipay.com)
FF Plugin-x32: @alipay.com/npalidcp -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalidcp.dll [2014-07-03] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npaliedit.dll [2014-07-03] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl.dll [2015-03-23] (Alipay.com Inc. )
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\windows\system32\itruscert\NPComBrg701.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @baidu.com/BaiduExpert-npplugin -> C:\Users\Jackson\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\npBDExNP.dll [2015-09-27] (百度在线网络技术(北京)有限公司)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-11] (Intel Corporation)
FF Plugin-x32: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\PStyle\npclient.dll [2016-01-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/npQQGameAssist -> C:\Program Files\Tencent\QQGame\npQQGameAssistPlugin.dll [2015-08-17] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2015-09-26] (Tencent)
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\npQMExtensionsMozilla.dll [2016-04-21] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2015-09-18] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.3.33\Bin\npSSOAxCtrlForPTLogin.dll [2015-08-10] (Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3484809515-3028016762-758759899-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll [2016-02-02] (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
FF Plugin HKU\S-1-5-21-3484809515-3028016762-758759899-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [2016-02-02] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll [2015-03-09] ( )
FF Extension: Developer Tools - toolbar button - C:\Users\Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\m5512yr3.default-1456042303227\extensions\devtoolsmenu@AccessFirefox.org.xpi [2016-04-04]
FF Extension: Web Developer - C:\Users\Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\m5512yr3.default-1456042303227\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-04-04]
FF Extension: iMacros for Firefox - C:\Users\Jackson\AppData\Roaming\Mozilla\Firefox\Profiles\m5512yr3.default-1456042303227\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2016-04-23]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-04-23]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: PDF Architect 4 Creator - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-02-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://sg.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_41&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dsg%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0C0ByC0FyEyEzy0B0A0DtBtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtDtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyByCtB0B0AyCtGtD0A0B0FtGyE0BtB0DtG0ByE0A0BtGtBtDyB0BtDyEtB0E0E0D0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCtDzyyCtB0AyCtGtC0D0D0EtGyEyB0B0DtG0AtC0DyBtGtA0EyCzztBtA0A0EtB0DyByB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyB%26cr%3D2060242961%26a%3Dwncy_frg01_15_41%26os%3DWindows%2B8.1
CHR StartupUrls: Default -> "hxxp://sg.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_41&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dsg%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0C0ByC0FyEyEzy0B0A0DtBtN0D0Tzu0StCtAyBtAtN1L2XzutAtFtCtAtFtDtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyByCtB0B0AyCtGtD0A0B0FtGyE0BtB0DtG0ByE0A0BtGtBtDyB0BtDyEtB0E0E0D0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCtDzyyCtB0AyCtGtC0D0D0EtGyEyB0B0DtG0AtC0DyBtGtA0EyCzztBtA0A0EtB0DyByB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyCyB%26cr%3D2060242961%26a%3Dwncy_frg01_15_41%26os%3DWindows%2B8.1","hxxp://www.google.com/"
CHR Profile: C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07]
CHR Extension: (Google Docs) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]
CHR Extension: (Google Drive) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Full Page Screen Capture) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-04-04]
CHR Extension: (Google Sheets) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07]
CHR Extension: (SiteAdvisor) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-10-07]
CHR Extension: (Google Docs Offline) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Chromium browser automation) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbmjnojfkcohdpkpjmeeijckfbebbon [2016-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (电脑管家上网防护) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-04-04]
CHR Extension: (Instagram for Chrome) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2016-04-16]
CHR Extension: (Gmail) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0207331460949057mcinstcleanup; C:\WINDOWS\TEMP\020733~1.EXE [883024 2015-10-28] (McAfee, Inc.)
S2 360rp; C:\Program Files (x86)\360\360sd\360rps.exe [321096 2014-11-17] (360.cn)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-03-23] (Lenovo Corporation)
R2 Bonjour Service; C:\Program Files (x86)\IQIYI Video\PStyle\mDNSResponder.exe [422808 2016-01-30] (Apple Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [644080 2014-10-23] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-06] (Dropbox, Inc.)
R2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation)
R2 DeviceHealthPluginMgr; C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [244376 2015-01-30] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 FastbootService; C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe [193640 2015-10-22] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19184 2015-03-27] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-12-14] (Intel Corporation)
R2 ICBC Daemon Service; C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\IcbcDaemon_64.exe [486536 2014-06-20] ()
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
S2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [36808 2016-01-29] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-11] (Intel Corporation)
R2 Lenovo OKO Service; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe [2730280 2015-05-26] (Lenovo(beijing) Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016040 2015-04-10] (Lenovo Group Limited)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [625608 2015-03-23] (Lenovo Corporation)
R2 LenovoPAWDService; C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe [133440 2015-05-23] ()
R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe [258544 2014-06-20] (Lenovo(beijing) Limited)
R3 LenovoUpdate; C:\Windows\System32\LenovoUpdate.exe [26608 2016-04-23] (Lenovo)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [218952 2014-08-26] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-01-20] (Lenovo)
R3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-03-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 OKOControlSvc; C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe [367912 2015-06-19] (Lenovo(beijing) Limited)
R2 OnKey Service _ICBC; C:\windows\SysWOW64\D4Ser_ICBC.exe [58672 2010-05-25] (Tendyron Corporation)
R2 pcas; C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe [592856 2015-03-23] (Alipay.com Inc. )
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH)
S2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH)
R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [321520 2015-05-23] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [373232 2015-05-23] (Lenovo)
R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [61696 2015-09-18] (Lenovo)
S2 QiyiService; C:\Program Files (x86)\IQIYI Video\PStyle\QiyiService.exe [466840 2016-01-30] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.)
R2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [102720 2016-04-21] (Tencent)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QQPCRTP.exe [313936 2016-04-21] (Tencent)
U2 QQRepair1e62; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair1e62 [136512 2016-04-23] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [140608 2016-04-23] ()
S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 secbizsrv; C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\secbizsrv.exe [594904 2015-03-23] (Alipay.com Inc. )
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
R2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2015-11-19] (Alibaba (China) Co., LTD. All rights reserved.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-03] (TeamViewer GmbH)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [868592 2016-03-31] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-03-31] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-03-31] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 wpscloudsvr; C:\Users\Jackson\AppData\Local\kingsoft\WPS Office\wpscloudsvr.exe [162560 2016-04-13] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [1769320 2015-08-27] (Alibaba Group)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe [236360 2014-09-09] (360.cn)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-10-23] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [311880 2014-09-22] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [328264 2014-11-04] (360.cn)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72776 2014-12-24] (360.cn)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
S3 AntiRkX64; C:\Windows\System32\Drivers\AntiRKX64.sys [41272 2016-01-27] (Tencent)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [182352 2016-02-03] (360.cn)
S3 cfwids; C:\Windows\system32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-13] (CyberLink)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [72808 2015-10-22] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R3 KMDFVirtualKbd; C:\Windows\System32\drivers\KMDFVirtualKbd.sys [22264 2014-08-05] ()
R3 KMDFVirtualMouse; C:\Windows\System32\drivers\KMDFVirtualMouse.sys [21240 2014-08-05] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3497240 2015-03-24] (Intel Corporation)
S3 QDAntiDrv; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QDAntiDrv64.sys [48056 2015-11-28] (Tencent)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QMUdisk64.sys [184952 2016-04-19] (Tencent)
R2 QQProtectX64; C:\windows\system32\drivers\QQProtectX64.sys [79288 2015-11-28] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QQSysMonX64.sys [154744 2016-04-21] (电脑管家)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [419576 2015-11-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [2973400 2014-11-06] (Realtek Semiconductor Corp.)
R3 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\softaal64.sys [44664 2016-04-21] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [168568 2016-04-23] ()
R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [100056 2016-04-21] (Tencent)
R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-04-21] (Tencent Technology(Shenzhen) Company Limited)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-12-25] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\TS888x64.sys [38520 2016-04-23] (Tencent)
S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\TSDefenseBT64.sys [28984 2016-04-21] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\TsNetHlpX64.sys [57976 2016-04-21] ()
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\TSSysKit64.sys [96888 2016-04-21] (电脑管家)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 17:15 - 2016-04-24 17:16 - 00048616 _____ C:\Users\Jackson\Desktop\FRST.txt
2016-04-24 17:15 - 2016-04-24 17:15 - 00000000 ____D C:\FRST
2016-04-24 17:12 - 2016-04-24 17:15 - 02375680 _____ (Farbar) C:\Users\Jackson\Desktop\FRST64.exe
2016-04-22 13:01 - 2016-04-22 13:07 - 00000000 ____D C:\Program Files (x86)\QPostPro
2016-04-22 13:01 - 2016-04-22 13:01 - 00000000 ____D C:\Users\Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QPostPro
2016-04-21 00:34 - 2016-04-21 00:33 - 00100056 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
2016-04-20 18:22 - 2016-04-20 18:22 - 00000590 _____ C:\Users\Jackson\Desktop\soccertee.txt
2016-04-18 20:31 - 2016-04-18 20:31 - 00000000 ____D C:\Users\Jackson\Desktop\reading
2016-04-17 09:46 - 2016-04-17 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit
2016-04-16 22:23 - 2016-04-16 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-13 18:19 - 2016-04-13 18:30 - 00000000 ____D C:\WINDOWS\Tasks\360Disabled
2016-04-13 18:19 - 2016-04-13 18:19 - 00000000 ____D C:\ProgramData\360safe
2016-04-13 15:43 - 2016-04-13 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-04-13 15:27 - 2016-04-02 12:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 15:27 - 2016-04-02 12:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 15:27 - 2016-04-02 11:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 15:27 - 2016-04-02 11:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 15:27 - 2016-04-02 11:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 15:27 - 2016-04-02 11:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 15:27 - 2016-04-02 11:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 15:27 - 2016-04-02 11:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 15:27 - 2016-04-02 11:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 15:27 - 2016-04-02 11:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 15:27 - 2016-04-02 11:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 15:27 - 2016-04-02 11:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 15:27 - 2016-03-29 18:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 15:27 - 2016-03-29 18:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 15:27 - 2016-03-29 18:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 15:27 - 2016-03-29 18:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 15:27 - 2016-03-29 18:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 15:27 - 2016-03-29 18:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 15:27 - 2016-03-29 18:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 15:27 - 2016-03-29 18:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 15:27 - 2016-03-29 18:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 15:27 - 2016-03-29 17:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 15:27 - 2016-03-29 17:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 15:27 - 2016-03-29 17:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 15:27 - 2016-03-29 17:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 15:27 - 2016-03-29 17:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 15:27 - 2016-03-29 17:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 15:27 - 2016-03-29 17:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 15:27 - 2016-03-29 17:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 15:27 - 2016-03-29 17:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 15:27 - 2016-03-29 16:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 15:27 - 2016-03-29 16:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 15:27 - 2016-03-29 16:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 15:27 - 2016-03-29 16:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 15:27 - 2016-03-29 16:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 15:27 - 2016-03-29 16:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 15:27 - 2016-03-29 16:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 15:27 - 2016-03-29 16:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 15:27 - 2016-03-29 16:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 15:27 - 2016-03-29 15:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 15:27 - 2016-03-29 15:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 15:27 - 2016-03-29 15:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 15:27 - 2016-03-29 15:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 15:27 - 2016-03-29 15:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 15:27 - 2016-03-29 15:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 15:27 - 2016-03-29 15:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 15:27 - 2016-03-29 15:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 15:27 - 2016-03-29 15:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 15:27 - 2016-03-29 15:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 15:27 - 2016-03-29 15:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 15:27 - 2016-03-29 15:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 15:27 - 2016-03-29 15:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 15:27 - 2016-03-29 15:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 15:27 - 2016-03-29 15:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 15:27 - 2016-03-29 15:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 15:27 - 2016-03-29 15:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 15:27 - 2016-03-29 15:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 15:27 - 2016-03-29 15:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 15:27 - 2016-03-29 15:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 15:27 - 2016-03-29 15:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 15:27 - 2016-03-29 15:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 15:27 - 2016-03-29 15:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 15:27 - 2016-03-29 15:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 15:27 - 2016-03-29 15:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 15:27 - 2016-03-29 15:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 15:27 - 2016-03-29 15:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 15:27 - 2016-03-29 15:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 15:27 - 2016-03-29 15:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 15:27 - 2016-03-29 15:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 15:27 - 2016-03-29 15:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 15:27 - 2016-03-29 15:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 15:27 - 2016-03-29 15:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 15:27 - 2016-03-29 15:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 15:27 - 2016-03-29 15:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 15:27 - 2016-03-29 15:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 15:27 - 2016-03-29 15:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 15:27 - 2016-03-29 15:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 15:27 - 2016-03-29 15:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 15:27 - 2016-03-29 15:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 15:27 - 2016-03-29 15:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 15:27 - 2016-03-29 15:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 15:27 - 2016-03-29 15:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 15:27 - 2016-03-29 15:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 15:27 - 2016-03-29 15:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 15:27 - 2016-03-29 15:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 15:27 - 2016-03-29 15:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 15:27 - 2016-03-29 14:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 15:27 - 2016-03-29 14:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 15:27 - 2016-03-29 14:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 15:27 - 2016-03-29 14:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 15:27 - 2016-03-29 14:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 15:27 - 2016-03-29 14:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 15:27 - 2016-03-29 14:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 15:27 - 2016-03-29 14:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 15:27 - 2016-03-29 14:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 15:27 - 2016-03-29 14:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 15:27 - 2016-03-29 14:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 15:27 - 2016-03-29 14:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 15:27 - 2016-03-29 14:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 15:27 - 2016-03-29 14:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 15:27 - 2016-03-29 14:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 15:27 - 2016-03-29 14:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 15:27 - 2016-03-29 14:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 15:27 - 2016-03-29 14:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 15:27 - 2016-03-29 14:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 15:27 - 2016-03-29 14:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 15:27 - 2016-03-29 14:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 15:27 - 2016-03-29 14:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 15:27 - 2016-03-29 14:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 15:27 - 2016-03-29 14:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 15:27 - 2016-03-29 14:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 15:27 - 2016-03-29 14:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 15:27 - 2016-03-29 14:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 15:27 - 2016-03-29 14:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 15:27 - 2016-03-29 14:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 15:27 - 2016-03-29 14:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 15:27 - 2016-03-29 14:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 15:27 - 2016-03-29 14:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 15:27 - 2016-03-29 14:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 15:27 - 2016-03-29 14:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 15:27 - 2016-03-29 14:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 15:27 - 2016-03-29 14:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 15:27 - 2016-03-29 14:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 15:27 - 2016-03-29 14:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 15:27 - 2016-03-29 14:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 15:27 - 2016-03-29 14:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 15:27 - 2016-03-29 14:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 15:27 - 2016-03-29 14:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 15:27 - 2016-03-29 14:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 15:27 - 2016-03-29 14:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 15:27 - 2016-03-29 14:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 15:27 - 2016-03-29 14:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 15:27 - 2016-03-29 14:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 15:27 - 2016-03-29 14:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 15:27 - 2016-03-29 14:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 15:27 - 2016-03-29 13:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 15:27 - 2016-03-29 13:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 15:27 - 2016-03-29 13:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 15:27 - 2016-03-29 13:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 15:27 - 2016-03-29 13:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 15:27 - 2016-03-29 13:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 15:27 - 2016-03-29 13:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 15:27 - 2016-03-29 13:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 15:27 - 2016-03-29 13:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 15:27 - 2016-03-29 13:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 15:27 - 2016-03-29 13:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 15:27 - 2016-03-29 13:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 15:27 - 2016-03-29 13:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 15:27 - 2016-03-29 13:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 15:27 - 2016-03-29 13:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 15:27 - 2016-03-29 13:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 15:27 - 2016-03-29 13:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 15:27 - 2016-03-29 13:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 15:27 - 2016-03-29 13:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 15:26 - 2016-04-02 12:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 15:26 - 2016-04-02 12:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 15:26 - 2016-04-02 11:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 15:26 - 2016-04-02 11:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 15:26 - 2016-04-02 11:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 15:26 - 2016-04-02 11:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 15:26 - 2016-04-02 11:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 15:26 - 2016-04-02 11:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 15:26 - 2016-04-02 11:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 15:26 - 2016-04-02 11:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 15:26 - 2016-04-02 11:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 15:26 - 2016-03-29 18:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 15:26 - 2016-03-29 18:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 15:26 - 2016-03-29 18:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 15:26 - 2016-03-29 18:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 15:26 - 2016-03-29 17:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 15:26 - 2016-03-29 17:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 15:26 - 2016-03-29 17:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 15:26 - 2016-03-29 17:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 15:26 - 2016-03-29 17:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 15:26 - 2016-03-29 17:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 15:26 - 2016-03-29 17:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 15:26 - 2016-03-29 17:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 15:26 - 2016-03-29 17:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 15:26 - 2016-03-29 16:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 15:26 - 2016-03-29 16:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 15:26 - 2016-03-29 16:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 15:26 - 2016-03-29 16:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 15:26 - 2016-03-29 16:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 15:26 - 2016-03-29 16:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 15:26 - 2016-03-29 16:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 15:26 - 2016-03-29 16:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 15:26 - 2016-03-29 16:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 15:26 - 2016-03-29 16:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 15:26 - 2016-03-29 16:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 15:26 - 2016-03-29 16:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 15:26 - 2016-03-29 16:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 15:26 - 2016-03-29 16:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 15:26 - 2016-03-29 16:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 15:26 - 2016-03-29 16:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 15:26 - 2016-03-29 16:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 15:26 - 2016-03-29 15:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 15:26 - 2016-03-29 15:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 15:26 - 2016-03-29 15:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 15:26 - 2016-03-29 15:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 15:26 - 2016-03-29 15:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 15:26 - 2016-03-29 15:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 15:26 - 2016-03-29 15:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 15:26 - 2016-03-29 15:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 15:26 - 2016-03-29 15:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 15:26 - 2016-03-29 15:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 15:26 - 2016-03-29 15:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 15:26 - 2016-03-29 15:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 15:26 - 2016-03-29 15:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 15:26 - 2016-03-29 15:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 15:26 - 2016-03-29 15:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 15:26 - 2016-03-29 15:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 15:26 - 2016-03-29 15:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 15:26 - 2016-03-29 15:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 15:26 - 2016-03-29 15:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 15:26 - 2016-03-29 15:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-13 15:26 - 2016-03-29 15:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 15:26 - 2016-03-29 15:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 15:26 - 2016-03-29 15:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 15:26 - 2016-03-29 15:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 15:26 - 2016-03-29 15:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 15:26 - 2016-03-29 15:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 15:26 - 2016-03-29 15:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 15:26 - 2016-03-29 15:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 15:26 - 2016-03-29 15:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 15:26 - 2016-03-29 15:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 15:26 - 2016-03-29 15:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 15:26 - 2016-03-29 15:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 15:26 - 2016-03-29 15:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 15:26 - 2016-03-29 15:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 15:26 - 2016-03-29 15:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 15:26 - 2016-03-29 15:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 15:26 - 2016-03-29 15:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 15:26 - 2016-03-29 15:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 15:26 - 2016-03-29 15:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 15:26 - 2016-03-29 15:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 15:26 - 2016-03-29 15:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 15:26 - 2016-03-29 15:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 15:26 - 2016-03-29 15:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 15:26 - 2016-03-29 15:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 15:26 - 2016-03-29 15:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 15:26 - 2016-03-29 15:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 15:26 - 2016-03-29 15:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 15:26 - 2016-03-29 15:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 15:26 - 2016-03-29 15:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 15:26 - 2016-03-29 15:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 15:26 - 2016-03-29 15:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 15:26 - 2016-03-29 15:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 15:26 - 2016-03-29 15:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 15:26 - 2016-03-29 15:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 15:26 - 2016-03-29 15:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 15:26 - 2016-03-29 15:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 15:26 - 2016-03-29 15:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 15:26 - 2016-03-29 15:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 15:26 - 2016-03-29 15:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 15:26 - 2016-03-29 15:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 15:26 - 2016-03-29 14:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 15:26 - 2016-03-29 14:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 15:26 - 2016-03-29 14:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 15:26 - 2016-03-29 14:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 15:26 - 2016-03-29 14:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 15:26 - 2016-03-29 14:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 15:26 - 2016-03-29 14:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 15:26 - 2016-03-29 14:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 15:26 - 2016-03-29 14:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 15:26 - 2016-03-29 14:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 15:26 - 2016-03-29 14:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 15:26 - 2016-03-29 14:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 15:26 - 2016-03-29 14:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 15:26 - 2016-03-29 14:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 15:26 - 2016-03-29 14:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 15:26 - 2016-03-29 14:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 15:26 - 2016-03-29 14:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 15:26 - 2016-03-29 14:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 15:26 - 2016-03-29 14:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 15:26 - 2016-03-29 14:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 15:26 - 2016-03-29 14:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 15:26 - 2016-03-29 14:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 15:26 - 2016-03-29 14:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 15:26 - 2016-03-29 14:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 15:26 - 2016-03-29 14:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 15:26 - 2016-03-29 14:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 15:26 - 2016-03-29 14:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 15:26 - 2016-03-29 13:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 15:26 - 2016-03-29 13:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 15:26 - 2016-03-29 13:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 15:26 - 2016-03-29 13:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 15:26 - 2016-03-29 13:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 15:26 - 2016-03-29 13:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 15:26 - 2016-03-29 13:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 15:26 - 2016-03-29 13:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 00:55 - 2016-04-24 17:10 - 00000606 _____ C:\WINDOWS\Tasks\WpsExternal_Jackson_20160413005510.job
2016-04-13 00:55 - 2016-04-24 17:00 - 00000412 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Jackson.job
2016-04-13 00:55 - 2016-04-24 16:20 - 00000412 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Jackson.job
2016-04-13 00:55 - 2016-04-17 23:15 - 00003438 _____ C:\WINDOWS\System32\Tasks\WpsUpdateTask_Jackson
2016-04-13 00:55 - 2016-04-13 10:35 - 00003438 _____ C:\WINDOWS\System32\Tasks\WpsNotifyTask_Jackson
2016-04-13 00:55 - 2016-04-13 00:55 - 00003658 _____ C:\WINDOWS\System32\Tasks\WpsExternal_Jackson_20160413005510
2016-04-13 00:55 - 2016-04-13 00:55 - 00000000 ____D C:\Users\Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2016-04-12 12:32 - 2016-04-17 09:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-10 22:03 - 2016-04-20 17:08 - 00000000 ____D C:\Users\Jackson\Desktop\themeforest-8454561-north-one-page-parallax-wordpress-theme
2016-04-04 10:25 - 2016-04-04 10:25 - 02365304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2016-04-04 10:25 - 2016-04-04 10:25 - 00256968 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2016-04-04 10:21 - 2016-04-04 10:22 - 109262624 _____ (Lenovo ) C:\Users\Jackson\Downloads\SystemInterfaceFoundation.exe
2016-04-04 10:21 - 2016-04-04 10:22 - 109262624 _____ (Lenovo ) C:\Users\Jackson\Downloads\SystemInterfaceFoundation (1).exe
2016-04-03 22:11 - 2016-04-19 13:56 - 00000000 ____D C:\Users\Jackson\Desktop\fish
2016-04-03 16:49 - 2016-04-03 16:49 - 00085595 _____ C:\Users\Jackson\Downloads\Products-Export-2016-April-03-0848.csv
2016-04-03 01:31 - 2016-04-03 01:31 - 00000000 ____D C:\Users\Jackson\Desktop\3rd
2016-04-01 12:53 - 2016-04-01 12:53 - 06516656 _____ (Tim Kosse) C:\Users\Jackson\Downloads\FileZilla_3.16.1_win64-setup.exe
2016-03-29 23:21 - 2016-03-29 23:21 - 01895524 _____ C:\Users\Jackson\Downloads\gothicbu_wordpress52c.sql
2016-03-28 10:56 - 2016-03-28 10:56 - 00000000 ____D C:\WINDOWS\SysWOW64\tab
2016-03-28 10:56 - 2016-03-28 10:56 - 00000000 ____D C:\WINDOWS\SysWOW64\hover
2016-03-27 12:29 - 2016-03-27 12:30 - 00000000 ____D C:\Users\Jackson\AppData\Local\tkdata
2016-03-27 12:28 - 2016-04-23 10:39 - 00001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-03-27 12:28 - 2016-03-27 12:28 - 00000000 ____D C:\ProgramData\TrueKey
2016-03-27 12:27 - 2016-03-27 12:27 - 00000000 ____D C:\Program Files\Intel Security
2016-03-27 12:03 - 2016-03-27 12:03 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-27 11:55 - 2016-04-23 16:13 - 00000000 ____D C:\Program Files\TrueKey
2016-03-27 11:55 - 2016-04-17 09:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-27 11:55 - 2016-04-13 18:30 - 00003104 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 17:08 - 2015-09-27 11:56 - 00000000 ____D C:\Users\Jackson\AppData\Roaming\TaobaoProtect
2016-04-24 17:07 - 2015-09-28 11:31 - 00000484 _____ C:\WINDOWS\Tasks\微软设备健康助手设备检查.job
2016-04-24 17:03 - 2015-10-09 22:35 - 00000000 ____D C:\Users\Jackson\AppData\Roaming\Skype
2016-04-24 16:37 - 2015-09-27 11:56 - 00000478 _____ C:\WINDOWS\Tasks\微软设备健康助手自动更新.job
2016-04-24 11:06 - 2015-09-07 15:39 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{400D2CC3-E493-4F46-99FC-A1556A0D249B}
2016-04-23 16:32 - 2015-12-25 19:06 - 00000000 ____D C:\ProgramData\TXQMPC
2016-04-23 16:30 - 2016-01-10 10:36 - 00000000 ____D C:\Users\Jackson\AppData\LocalLow\360WD
2016-04-23 16:21 - 2015-12-03 18:09 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-23 16:21 - 2015-10-30 15:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-23 16:21 - 2015-10-06 23:58 - 00000000 ___RD C:\Users\Jackson\Dropbox
2016-04-23 16:17 - 2016-01-01 20:50 - 00038520 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
2016-04-23 16:16 - 2015-12-03 17:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-23 16:16 - 2015-09-07 15:22 - 00000000 __SHD C:\Users\Jackson\IntelGraphicsProfiles
2016-04-23 16:15 - 2015-10-06 23:52 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-23 16:15 - 2015-09-28 19:07 - 00000000 ____D C:\ProgramData\DeviceHealth
2016-04-23 16:13 - 2015-12-03 18:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-23 16:13 - 2015-12-03 17:44 - 00153336 _____ C:\WINDOWS\system32\wpbbin.exe
2016-04-23 16:13 - 2015-12-03 17:44 - 00111088 _____ (Lenovo (Beijing) Limited) C:\WINDOWS\system32\LenovoCheck.exe
2016-04-23 16:13 - 2015-12-03 17:44 - 00026608 _____ (Lenovo) C:\WINDOWS\system32\LenovoUpdate.exe
2016-04-23 16:13 - 2015-10-30 14:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-23 16:13 - 2015-09-28 11:31 - 00000462 _____ C:\WINDOWS\Tasks\微软设备健康助手开机检测.job
2016-04-23 16:12 - 2016-02-02 11:23 - 00002441 _____ C:\Users\Jackson\Desktop\todotoday.txt
2016-04-23 16:12 - 2015-10-05 21:45 - 00000000 ____D C:\Users\Jackson\AppData\Roaming\FileZilla
2016-04-23 16:12 - 2015-09-27 14:54 - 00000000 ____D C:\Users\Jackson\AppData\Roaming\KuGou8
2016-04-23 10:54 - 2015-09-27 22:16 - 00000000 ____D C:\Users\Jackson\Desktop\evergreen
2016-04-23 10:40 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-22 18:32 - 2015-09-26 16:52 - 00001456 _____ C:\Users\Jackson\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-22 13:01 - 2015-10-21 15:47 - 00000000 ____D C:\Users\Jackson\Desktop\shortcut
2016-04-22 11:19 - 2015-09-22 20:09 - 00000000 ____D C:\Users\Jackson\AppData\Local\Adobe
2016-04-22 10:13 - 2015-09-27 11:57 - 00000000 ____D C:\Users\Jackson\AppData\Local\aef
2016-04-21 23:04 - 2015-10-19 14:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-21 22:31 - 2015-10-30 15:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-21 01:57 - 2015-09-26 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-04-21 00:33 - 2015-12-25 19:07 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-04-21 00:33 - 2015-12-25 19:05 - 00000000 ____D C:\Users\Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-04-21 00:33 - 2015-09-26 21:05 - 00000000 ____D C:\ProgramData\Tencent
2016-04-20 01:41 - 2015-09-07 15:22 - 00000000 ____D C:\Users\Jackson\AppData\Roaming\Adobe
2016-04-19 14:36 - 2015-05-23 07:27 - 00000000 ____D C:\ProgramData\Lenovo
2016-04-18 23:26 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-18 11:10 - 2015-05-23 08:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-17 13:21 - 2015-09-26 21:06 - 00000000 ____D C:\Users\Jackson\Documents\Tencent Files
2016-04-17 09:45 - 2015-05-23 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-04-17 09:35 - 2015-12-03 17:54 - 00000000 ____D C:\Users\Jackson
2016-04-17 09:30 - 2015-12-03 17:45 - 00543240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-17 09:30 - 2015-09-27 11:56 - 00000490 _____ C:\WINDOWS\Tasks\AliUpdater{3AA31798-D069-4592-8DAC-0AEE7B512CB3}.job
2016-04-17 09:30 - 2015-09-07 15:56 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 09:30 - 2015-09-07 15:56 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 09:29 - 2015-11-21 21:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-17 09:26 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-17 09:26 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-17 09:26 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-17 09:26 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-16 22:24 - 2015-10-06 23:52 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-14 20:55 - 2016-02-23 01:54 - 00003952 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1456163665
2016-04-14 20:55 - 2016-02-23 01:54 - 00001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-14 20:55 - 2016-02-23 01:54 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-14 20:53 - 2015-10-06 23:52 - 00000000 ____D C:\Users\Jackson\AppData\Local\Dropbox
2016-04-13 22:48 - 2015-09-26 21:12 - 00000000 ____D C:\Users\Jackson\AppData\LocalLow\TENCENT
2016-04-13 18:30 - 2016-01-29 20:49 - 00000000 __SHD C:\$360Section
2016-04-13 18:30 - 2015-12-25 19:05 - 00000000 ____D C:\ProgramData\360SD
2016-04-13 18:30 - 2015-09-27 11:56 - 00003104 _____ C:\WINDOWS\System32\Tasks\AliUpdater{3AA31798-D069-4592-8DAC-0AEE7B512CB3}
2016-04-13 18:30 - 2015-09-23 18:04 - 00002868 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jacksong89@hotmail.com
2016-04-13 18:30 - 2015-09-07 15:56 - 00003492 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-13 18:30 - 2015-09-07 15:56 - 00003268 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-13 18:30 - 2015-09-07 15:37 - 00000000 ___RD C:\Users\Jackson\Desktop\old
2016-04-13 18:30 - 2015-05-23 08:22 - 00002240 _____ C:\WINDOWS\System32\Tasks\PDVDServ Task
2016-04-13 18:19 - 2016-01-08 16:41 - 00000000 ____D C:\Users\Jackson\AppData\Roaming\360safe
2016-04-13 18:16 - 2015-12-25 19:05 - 00000000 ____D C:\Program Files\Common Files\360SD
2016-04-13 17:23 - 2015-11-19 12:24 - 00000000 ____D C:\Users\Jackson\Desktop\topaz
2016-04-13 16:51 - 2015-10-30 15:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 16:42 - 2015-09-11 01:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 16:31 - 2015-09-11 01:19 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 15:43 - 2015-11-06 10:02 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-04-13 12:15 - 2015-10-08 14:29 - 00000000 ____D C:\Users\Jackson\Desktop\corprate gift
2016-04-13 10:05 - 2015-09-07 15:22 - 00000000 ____D C:\Users\Jackson\AppData\Local\Packages
2016-04-12 13:19 - 2016-02-01 17:00 - 00000000 ____D C:\Users\Jackson\AppData\Local\PDFCreator
2016-04-09 11:16 - 2015-09-07 15:57 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-07 16:03 - 2015-05-23 08:17 - 00000000 ____D C:\ProgramData\McAfee
2016-04-07 02:32 - 2015-10-30 15:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-07 02:32 - 2015-10-30 15:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-06 13:42 - 2016-02-01 16:46 - 00000000 __SHD C:\360Rec
2016-04-05 10:26 - 2015-12-12 13:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-05 10:26 - 2015-10-09 22:35 - 00000000 ____D C:\ProgramData\Skype
2016-04-04 10:25 - 2015-05-23 08:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-04-04 10:25 - 2015-05-23 07:58 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-04-04 10:25 - 2015-05-23 07:56 - 00000000 ____D C:\Program Files\Lenovo
2016-04-03 23:27 - 2016-03-09 14:57 - 00000000 ____D C:\Users\Jackson\Desktop\topazdoc
2016-04-03 16:33 - 2015-12-25 19:06 - 00000000 ____D C:\WINDOWS\GJFix
2016-04-03 00:24 - 2015-09-07 17:27 - 00000000 ____D C:\Users\Jackson\Desktop\gothic
2016-04-02 14:51 - 2016-01-09 19:41 - 00078679 _____ C:\Users\Jackson\Desktop\ttopaz-list.xlsx
2016-04-02 14:44 - 2016-02-03 00:46 - 00026228 _____ C:\Users\Jackson\Desktop\ttopaz-list.csv
2016-04-01 12:09 - 2015-12-09 21:26 - 00000000 ____D C:\Users\Jackson\Desktop\toppazdone
2016-03-30 12:54 - 2016-01-13 21:56 - 00000000 ____D C:\Users\Jackson\Desktop\ringdesign
2016-03-29 11:57 - 2016-02-28 13:45 - 00000000 ____D C:\Users\Jackson\Desktop\tjjewelry
2016-03-28 00:29 - 2015-05-23 08:17 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-27 12:29 - 2015-05-23 07:37 - 00000000 ____D C:\ProgramData\Intel
2016-03-27 12:28 - 2015-12-03 17:49 - 00000000 ____D C:\Program Files\Intel
2016-03-27 12:28 - 2015-05-23 07:45 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-03-26 22:00 - 2015-11-20 18:30 - 00000000 ____D C:\Users\Jackson\Desktop\stealthdrive
2016-03-26 18:38 - 2015-09-23 18:52 - 00000034 _____ C:\Users\Jackson\AppData\Roaming\AdobeWLCMCache.dat
2016-03-26 15:12 - 2016-02-04 16:31 - 00000000 ____D C:\Users\Jackson\Desktop\boost

==================== Files in the root of some directories =======

2015-09-23 18:52 - 2016-03-26 18:38 - 0000034 _____ () C:\Users\Jackson\AppData\Roaming\AdobeWLCMCache.dat
2015-12-25 19:07 - 2015-12-25 19:07 - 0005120 _____ () C:\Users\Jackson\AppData\Roaming\GiftBag.db
2016-01-18 17:21 - 2016-01-18 17:21 - 0128568 _____ (Tencent) C:\Users\Jackson\AppData\Roaming\t6743a.dll
2015-09-26 21:05 - 2015-09-26 21:05 - 1180640 _____ () C:\Users\Jackson\AppData\Roaming\V95SA03T.TXT
2015-09-26 16:52 - 2016-04-22 18:32 - 0001456 _____ () C:\Users\Jackson\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-01 22:53 - 2015-12-01 23:56 - 0000600 _____ () C:\Users\Jackson\AppData\Local\PUTTY.RND
2015-12-03 17:48 - 2015-12-03 17:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Default\AppData\Local\Temp\SafeFix.dll
C:\Users\Default User\AppData\Local\Temp\SafeFix.dll
C:\Users\Jackson\AppData\Local\Temp\3605F1D.tmp360net.dll
C:\Users\Jackson\AppData\Local\Temp\360sdinstall.exe
C:\Users\Jackson\AppData\Local\Temp\360sd_iqiyi.exe
C:\Users\Jackson\AppData\Local\Temp\downloader.5041.50.328.exe
C:\Users\Jackson\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdolw8b.dll
C:\Users\Jackson\AppData\Local\Temp\IQIYIsetup_playpage.exe
C:\Users\Jackson\AppData\Local\Temp\KGUpdater.exe
C:\Users\Jackson\AppData\Local\Temp\masauto_runxx.dl.dll
C:\Users\Jackson\AppData\Local\Temp\masblog_runxx.dl.dll
C:\Users\Jackson\AppData\Local\Temp\masflag_runxx.dl.dll
C:\Users\Jackson\AppData\Local\Temp\PCMgr_Setup_11_4_17315_206.exe
C:\Users\Jackson\AppData\Local\Temp\PCMgr_Setup_11_6_17602_210.exe
C:\Users\Jackson\AppData\Local\Temp\PPTV(pplive)_3.5.3.0066_forqd1182.exe
C:\Users\Jackson\AppData\Local\Temp\QQPCDownload40055.exe
C:\Users\Jackson\AppData\Local\Temp\QYAgent_runxx.dl.dll
C:\Users\Jackson\AppData\Local\Temp\repair.exe
C:\Users\Jackson\AppData\Local\Temp\setup_7.0.0.1020.exe
C:\Users\Jackson\AppData\Local\Temp\Setup_iqiyi.exe
C:\Users\Jackson\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jackson\AppData\Local\Temp\W.P.S.5041.50.328.exe
C:\Users\Jackson\AppData\Local\Temp\{686AF296-B1C9-4E13-9305-5E7E27F6621D}-47.0.2526.111_47.0.2526.106_chrome_updater_3stage.exe
C:\Users\Jackson\AppData\Local\Temp\{CE40893B-63A9-4902-8AA1-C8B70C9FE47A}-49.0.2623.87_48.0.2564.116_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-21 23:09

==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 24 April 2016 - 08:18 PM

Greetings zhijie and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am not sure this is malware related but we will see.

Does this make any sense to you?

ÎÒ¼ÒÎÒÉè¼Æ ÖÇÄÜ°æ (HKLM-x32\...\{21A43D51-CC1C-4758-A819-1007D0D55C27}) (Version: - )
ÎÒ¼ÒÎÒÉè¼Æ6.5 (HKLM-x32\...\{F5E98A21-AF4B-45A5-8DC0-B1BB6D0CDA24}) (Version: - )

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jackson\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jackson\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jackson\AppData\Local\MEGAsync\ShellExtX32.dll No File
SearchScopes: HKU\S-1-5-21-3484809515-3028016762-758759899-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-3484809515-3028016762-758759899-1001 -> {4AD43A14-AA87-4d4b-A345-B0BC1C61BC76} URL = 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
C:\Users\Default\AppData\Local\Temp\SafeFix.dll
C:\Users\Default User\AppData\Local\Temp\SafeFix.dll
C:\Users\Jackson\AppData\Local\Temp\3605F1D.tmp360net.dll
C:\Users\Jackson\AppData\Local\Temp\360sdinstall.exe
C:\Users\Jackson\AppData\Local\Temp\360sd_iqiyi.exe
C:\Users\Jackson\AppData\Local\Temp\downloader.5041.50.328.exe
C:\Users\Jackson\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdolw8b.dll
C:\Users\Jackson\AppData\Local\Temp\IQIYIsetup_playpage.exe
C:\Users\Jackson\AppData\Local\Temp\KGUpdater.exe
C:\Users\Jackson\AppData\Local\Temp\masauto_runxx.dl.dll
C:\Users\Jackson\AppData\Local\Temp\masblog_runxx.dl.dll
C:\Users\Jackson\AppData\Local\Temp\masflag_runxx.dl.dll
C:\Users\Jackson\AppData\Local\Temp\PCMgr_Setup_11_4_17315_206.exe
C:\Users\Jackson\AppData\Local\Temp\PCMgr_Setup_11_6_17602_210.exe
C:\Users\Jackson\AppData\Local\Temp\PPTV(pplive)_3.5.3.0066_forqd1182.exe
C:\Users\Jackson\AppData\Local\Temp\QQPCDownload40055.exe
C:\Users\Jackson\AppData\Local\Temp\QYAgent_runxx.dl.dll
C:\Users\Jackson\AppData\Local\Temp\repair.exe
C:\Users\Jackson\AppData\Local\Temp\setup_7.0.0.1020.exe
C:\Users\Jackson\AppData\Local\Temp\Setup_iqiyi.exe
C:\Users\Jackson\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jackson\AppData\Local\Temp\W.P.S.5041.50.328.exe
C:\Users\Jackson\AppData\Local\Temp\{686AF296-B1C9-4E13-9305-5E7E27F6621D}-47.0.2526.111_47.0.2526.106_chrome_updater_3stage.exe
C:\Users\Jackson\AppData\Local\Temp\{CE40893B-63A9-4902-8AA1-C8B70C9FE47A}-49.0.2623.87_48.0.2564.116_chrome_updater.exe
浏览器保护 (HKLM-x32\...\BrowserProtect) (Version: 4.1.14.344 - Baidu Inc.) <==== ATTENTION
电脑管家11.6 (HKLM-x32\...\QQPCMgr) (Version: 11.6.17602.210 - 腾讯科技(深圳)有限公司) <==== ATTENTION
Task: {022D291A-154E-4B69-A63E-F24A7CBD0055} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {16D77BB9-7B81-4226-B6A7-C7031E5653EE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {28C1AD10-6729-4817-825B-C1990EC9712D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3691E67A-CE7A-41A8-8082-D40E07892CE3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {632B4F60-C9E9-4930-93D0-6E8890BFC4C5} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {748FC24C-1C0F-41FA-A948-00B54FE40AD9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7D32D497-BB8E-4E3A-B6F5-2E4B59BF100A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {90CAC99B-8A72-44F1-AB33-8F452A00D3B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C858E219-9420-4850-84E5-07D588914AC9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CA18FFFC-B30E-4B35-A345-FCCCD8EB103D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FE38F58F-1436-4B5A-AC74-D2DD97B5DCDB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Folder: C:\ProgramData\TXQMPC
Folder: C:\Users\Jackson\AppData\Roaming\KuGou8
hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize entries?
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 24 April 2016 - 10:29 PM

Hi Oh My!,

 

Thanks for the reply,

 

Heres my updates

 

 

  • Recognize entries?

These two entries i am not sure what they are.

 

  • Fixlog

as attached as can't paste, this log is too long.

 

  • System Summary Information

as attached.

  • Update on computer behavior

 

Movement of mouse is smoother now, but the clicking/draggng is not performing fluently as it should be. now i am still taking note of it.

 

 

 

Thanks!

Zhijie

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 25 April 2016 - 09:23 AM

Greetings,

Thank you for the information. Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • Copy and paste the following into the white box:

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall

  • Check the Export keys radio button.
  • Press the Go button and attach the report to your reply
===================================================

Uninstalling/Reinstalling a Device Driver

----------
  • Remove any attached USB mouse
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Mice and other pointing devices section by clicking + sign
  • Right click on every entry except for Lenovo Virtual Mouse Device (or other similar name) select Uninstall, then OK
  • Reboot your computer
  • Attach your USB mouse and allow the drivers to load
  • Check your mouse performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached registry report
  • Did the mouse drivers uninstall and reinstall properly
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 25 April 2016 - 12:32 PM

hi oh my!,

 

 

Heres the updates

 

 

  • Attached registry report

as attached

 

  • Did the mouse drivers uninstall and reinstall properly

it installed by itself properly

 

  • Update on computer behavior

After i restart, the mouse seems abit more normal, most prob less resources are taken, but its still laggy.  Some drag and drops are hard to perform as its not fluent.

 

 

A few quick notes. could it be upgrading of windows 10? or teamviewer?

 

Thanks!

Zhijie

 

 

 

 

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 25 April 2016 - 02:50 PM

Greetings,

Don't think those upgrades should cause this.

Can you tell me if you have the same issues after booting into Safe Mode with Networking?

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:regfind
{21A43D51-CC1C-4758-A819-1007D0D55C27}
{F5E98A21-AF4B-45A5-8DC0-B1BB6D0CDA24}
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Copy and paste the contents of the report in your reply or, if necessary, zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode?
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 25 April 2016 - 10:27 PM

hi Oh My!,

 

Thanks for the prompt reply. heres my findings

 

 

  • Safe Mode?

Safemode the mouse seems normal. not lagging

 

  • SystemLook log

as attached

 

 

 

Thanks!

Zhijie

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 26 April 2016 - 08:42 AM

Thanks for the information. Please do this.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your mouse performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 26 April 2016 - 10:41 PM

Hi Oh My!,

 

Thanks for the reply,

 

After i rebooted, the mouse is still in not fluent condition. still same as before.

 

Thanks

Zhijie



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 27 April 2016 - 11:02 AM

Thanks, I am assuming the "reboot" was into the Clean Boot state.

Please complete the below.

===================================================

Reversing Clean Boot State
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Normal Startup on the General tab
  • Click OK
  • When you are prompted, click Restart
===================================================

Disabling a Device Through Device Manager

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the Mice and other pointing devices section by clicking + sign
  • Right click on the Lenovo Virtual Mouse Device (or other similar name) entry and select Disable
  • Click Yes on the warning screen
  • Test your USB mouse behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Mouse?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 28 April 2016 - 12:32 PM

hi Oh My!,

 

Thanks for the reply.

 

I have tried disabling it and it worked for a while. but it resumes little choppy after 1 or 2 hrs. so i am not sure if its just happens coincidental timing that i turned it off.

 

Is it because there is something running intensively in the background without my consent?

 

Thanks

ZJ

 

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 28 April 2016 - 05:09 PM

Greetings,

Going by the memory usage information in the Addition.txt log (29%) I would say no.

Please do these things.

===================================================

Registry Fix

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{21A43D51-CC1C-4758-A819-1007D0D55C27}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F5E98A21-AF4B-45A5-8DC0-B1BB6D0CDA24}]
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg.
  • Click Save.
  • Double click fix.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete fix.reg after use.
  • Reboot your computer
===================================================

HijackThis

--------------------
  • Download HijackThis and save it to your desktop
  • Double click the HijackThis icon, then select Run
  • If prompted select I Accept
  • Click on Do a system scan and save a logfile
  • Ignore any warning regarding the Hosts file
  • A report will be generated and will appear on your desktop as an open Notepad document
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the Registry file merge?
  • HJT report

Edited by Oh My!, 28 April 2016 - 07:08 PM.
Changed autoruns to HJT

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 29 April 2016 - 01:48 AM

Hi Oh My!,

 

The file did not merge. as attached is the error msg : errorfor fixreg.jpg

 

This is the hijackthis log, as as attached

 

Thanks

 

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:45:11 PM, on 29/4/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)

FIREFOX: 46.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\aliwssv.exe
C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
C:\Users\Jackson\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\D4Svr_ICBC.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\Users\Jackson\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.qq.com/?unc=Af31026&s=o400493_1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.qq.com/?unc=Af31026&s=o400493_1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: 360sdbho Class - {0F4BF955-A127-41B7-A998-369904AA2578} - C:\Program Files (x86)\360\360sd\360sdbho.dll
O2 - BHO: PDF Architect 4 Helper - {38279E1A-7019-40C1-B579-E99DFB3312E8} - C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll
O2 - BHO: QPMIEHelper - {50F4150A-48B2-417A-BE4C-C83F580FB904} - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360safe\safemon\safemon.dll
O2 - BHO: Öйú¹¤ÉÌÒøÐÐBHO - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll
O2 - BHO: QQMiniDL Helper Class - {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll
O2 - BHO: AccountProtect - {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\Jackson\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll
O3 - Toolbar: PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [D4Svr_ICBC.exe] D4Svr_ICBC.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QQPCTray.exe"  /regrun
O4 - HKLM\..\Run: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe
O4 - HKCU\..\Run: [QQ2009] "C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe" /background
O4 - HKCU\..\Run: [360cloud] "C:\Program Files (x86)\360\360WangPan\360WangPan.exe" /autostart
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_405751544B92727DFAF1686AE51B71E6] "C:\Users\Jackson\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [QyClient] "C:\Program Files (x86)\IQIYI Video\PStyle\QyClient.exe" autostart
O4 - HKCU\..\Run: [QyKernel] "C:\Program Files (x86)\IQIYI Video\PStyle\QyKernel.exe"
O4 - HKCU\..\Run: [360sd] "C:\Program Files (x86)\360\360sd\360sdrun.exe"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: ʹÓÃQQÏÂÔØÖúÊÖÏÂÔØ - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.baidu.com
O15 - Trusted Zone: http://*.taobao.com
O16 - DPF: {060CA154-DF25-4F03-98AA-FBCDE9D27382} (TDRDV Class) - https://mybank.icbc.com.cn/icbc/ICBC_TDRDV.cab
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (certInStall Class) - https://mybank.icbc.com.cn/icbc/newperbank/certInStall.dll
O16 - DPF: {36C9539B-49D2-01C7-9C6D-10DACDFEA59C} (Axcleanctrl Class) - https://b2c.icbc.com.cn/icbc/newperbank/icbcclean.cab
O16 - DPF: {746E471A-B6E4-44E3-8F3C-2A09B3A030B4} (Token Class) - https://mybank.icbc.com.cn/icbc/icbc_tdrusbkey.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} (InfoSecICBCNetSign Class) - https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou\KGMusic\8013~1.180\KUGOO3~1.OCX
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou\KGMusic\8013~1.180\KUGOO3~1.OCX
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: McAfee Application Installer Cleanup (0228201461812651) (0228201461812651mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\022820~1.EXE (file missing)
O23 - Service: 360 ?????????? (360rp) - 360.cn - C:\Program Files (x86)\360\360sd\360rps.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVControlCenter - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\IQIYI Video\PStyle\mDNSResponder.exe
O23 - Service: CCSDK - Unknown owner - C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: FastbootService - Lenovo - C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: ICBC Daemon Service - Unknown owner - C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\IcbcDaemon_64.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Biometric and Context Agent Service (IntelBCAsvc) - Intel® Corporation - C:\Program Files\Intel\BCA\pabeSvc64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo OKO Service - Lenovo(beijing) Limited - C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
O23 - Service: Lenovo Settings Service - Lenovo Group Limited - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
O23 - Service: Lenovo AVFramework Camera Privacy Controller (LENOVO.CAMMUTE) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\cammute.exe
O23 - Service: Lenovo AVFramework Microphone Volume Controller and Dolby Interface (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
O23 - Service: Lenovo AVFramework Virtual Camera Controller Service (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo PAWD Service (LenovoPAWDService) - Unknown owner - C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
O23 - Service: LenovoSetSvr - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
O23 - Service: lupdate (LenovoUpdate) - Unknown owner - C:\WINDOWS\System32\LenovoUpdate.exe (file missing)
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: OKOControlSvc - Lenovo(beijing) Limited - C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
O23 - Service: OnKey Service _ICBC - Tendyron Corporation - C:\windows\SysWOW64\D4Ser_ICBC.exe
O23 - Service: Alipay payment client security service (pcas) - Alipay.com Inc.  - C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe
O23 - Service: PDF Architect 4 - pdfforge GmbH - C:\Program Files\PDF Architect 4\ws.exe
O23 - Service: PDF Architect 4 CrashHandler - pdfforge GmbH - C:\Program Files\PDF Architect 4\crash-handler-ws.exe
O23 - Service: PDF Architect 4 Creator - pdfforge GmbH - C:\Program Files\PDF Architect 4\creator-ws.exe
O23 - Service: PDF Architect 4 Manager - © pdfforge GmbH. - C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE
O23 - Service: IQIYI Video Platform Service (QiyiService) - BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD. - C:\Program Files (x86)\IQIYI Video\PStyle\QiyiService.exe
O23 - Service: QPCore Service (QPCore) - Tencent - C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe
O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QQPCRTP.exe
O23 - Service: QQRepairf19 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: QQRepairFixSVC - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Alipay security business service (secbizsrv) - Alipay.com Inc.  - C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\secbizsrv.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: ShareItSvc - SHAREit Technologies Co.Ltd - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TBSecSvc - Alibaba (China) Co., LTD. All rights reserved. - C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: Intel Security True Key Service Helper (TrueKeyServiceHelper) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WPS Office Cloud Service (wpscloudsvr) - Zhuhai Kingsoft Office Software Co.,Ltd - C:\Users\Jackson\AppData\Local\kingsoft\WPS Office\wpscloudsvr.exe
O23 - Service: wwbizsrv - Alibaba Group - C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe
O23 - Service: ???? (ZhuDongFangYu) - 360.cn - C:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe

--
End of file - 20627 bytes
 

Attached Files



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 29 April 2016 - 09:18 AM

Greetings,

Do you have another USB mouse you can try on your computer?

Please download to your Desktop and attempt the registry import again.

There are some autorun entries in the HJT report, not all of which are necessary to start upon computer boot up. Though I don't know this is directly related to your mouse issue I am running out of software options to try to resolve it. I am going to provide some background information for you then list things you can disable if you'd like. I will provide the instructions to do that but you will need to determine which items to check.

Just in case you are unfamiliar with autoruns let me explain the concept so that you understand what happens.

Many programs, when installed, create a registry entry which instructs the program to launch at system startup whether or not that program is essential or advantageous to run in the background. By disabling the autorun feature we do not delete or otherwise prohibit the program from running, it is just that it does automatically run regardless of whether or not you are going to use it. Think of it like a car. You know sometime today you are going to use the car to go to the store. The car can be in one of two conditions before you actually use it. You can leave the car running all day long even though you aren't going to use it for several hours (enabling autorun) or you can start the car when you are ready (disabling autorun then launching a program). Either way the car will work for you it is just a matter of how ready your car will be when it is time. Just as gas is wasted by leaving the car running, your computer resources are "wasted" because they are not really being used.

You can review the list and select which things you don't need to be running all the time. If you are not sure you can research (Google) the entry or just leave the item unchecked and ask me about it.

If you have any questions let me know.

===================================================

HiJack This Fix

--------------------
  • Launch HijackThis
  • Click Do a system scan only
  • Place a checkmark next to the following entries:

O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_405751544B92727DFAF1686AE51B71E6] "C:\Users\Jackson\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [QyClient] "C:\Program Files (x86)\IQIYI Video\PStyle\QyClient.exe" autostart
O4 - HKCU\..\Run: [QyKernel] "C:\Program Files (x86)\IQIYI Video\PStyle\QyKernel.exe"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jackson\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe

  • Close all other windows and browsers except HijackThis and press Fix checked.
  • Upon completion reboot your computer
  • Check computer startup time
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Registry import?
  • Another mouse?
  • HJT report
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 zhijie

zhijie
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 01 May 2016 - 09:09 AM

hi oh my!,
 
Thanks for the help, heres the update.
  • Registry import?
Its successfully updated
  • Another mouse?
tried but still same prob
  • HJT report
as attached
  • Update on computer behavior
the mouse seem abit better, bit as the usage duration increases, it cmes back again. could it be my browser is taking up too much resource?
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:05:30 PM, on 30/4/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)

FIREFOX: 46.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\aliwssv.exe
C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
C:\Windows\SysWOW64\D4Svr_ICBC.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
C:\Users\Jackson\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Jackson\Desktop\fixmouse\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.qq.com/?unc=Af31026&s=o400493_1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.qq.com/?unc=Af31026&s=o400493_1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: 360sdbho Class - {0F4BF955-A127-41B7-A998-369904AA2578} - C:\Program Files (x86)\360\360sd\360sdbho.dll
O2 - BHO: PDF Architect 4 Helper - {38279E1A-7019-40C1-B579-E99DFB3312E8} - C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll
O2 - BHO: QPMIEHelper - {50F4150A-48B2-417A-BE4C-C83F580FB904} - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360safe\safemon\safemon.dll
O2 - BHO: Öйú¹¤ÉÌÒøÐÐBHO - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll
O2 - BHO: QQMiniDL Helper Class - {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll
O2 - BHO: AccountProtect - {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\Jackson\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll
O3 - Toolbar: PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [D4Svr_ICBC.exe] D4Svr_ICBC.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QQPCTRAY.EXE" /regrun /qqrepair
O4 - HKLM\..\Run: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe
O4 - HKCU\..\Run: [QQ2009] "C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe" /background
O4 - HKCU\..\Run: [360cloud] "C:\Program Files (x86)\360\360WangPan\360WangPan.exe" /autostart
O4 - HKCU\..\Run: [360sd] "C:\Program Files (x86)\360\360sd\360sdrun.exe"
O8 - Extra context menu item: ʹÓÃQQÏÂÔØÖúÊÖÏÂÔØ - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.baidu.com
O15 - Trusted Zone: http://*.taobao.com
O16 - DPF: {060CA154-DF25-4F03-98AA-FBCDE9D27382} (TDRDV Class) - https://mybank.icbc.com.cn/icbc/ICBC_TDRDV.cab
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (certInStall Class) - https://mybank.icbc.com.cn/icbc/newperbank/certInStall.dll
O16 - DPF: {36C9539B-49D2-01C7-9C6D-10DACDFEA59C} (Axcleanctrl Class) - https://b2c.icbc.com.cn/icbc/newperbank/icbcclean.cab
O16 - DPF: {746E471A-B6E4-44E3-8F3C-2A09B3A030B4} (Token Class) - https://mybank.icbc.com.cn/icbc/icbc_tdrusbkey.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} (InfoSecICBCNetSign Class) - https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou\KGMusic\8013~1.180\KUGOO3~1.OCX
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou\KGMusic\8013~1.180\KUGOO3~1.OCX
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: 360 ?????????? (360rp) - 360.cn - C:\Program Files (x86)\360\360sd\360rps.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVControlCenter - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\IQIYI Video\PStyle\mDNSResponder.exe
O23 - Service: CCSDK - Unknown owner - C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: FastbootService - Lenovo - C:\Program Files\Lenovo\OneKey Optimizer\bin\FbService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: ICBC Daemon Service - Unknown owner - C:\Program Files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\IcbcDaemon_64.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Biometric and Context Agent Service (IntelBCAsvc) - Intel® Corporation - C:\Program Files\Intel\BCA\pabeSvc64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo OKO Service - Lenovo(beijing) Limited - C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOUpdataService.exe
O23 - Service: Lenovo Settings Service - Lenovo Group Limited - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
O23 - Service: Lenovo AVFramework Camera Privacy Controller (LENOVO.CAMMUTE) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\cammute.exe
O23 - Service: Lenovo AVFramework Microphone Volume Controller and Dolby Interface (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
O23 - Service: Lenovo AVFramework Virtual Camera Controller Service (LENOVO.TVTVCAM) - Lenovo Corporation - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo PAWD Service (LenovoPAWDService) - Unknown owner - C:\Program Files\Lenovo PhoneCompanion\LPAWDService.exe
O23 - Service: LenovoSetSvr - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Settings\x86\LenovoSetSvr.exe
O23 - Service: lupdate (LenovoUpdate) - Unknown owner - C:\WINDOWS\System32\LenovoUpdate.exe (file missing)
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: OKOControlSvc - Lenovo(beijing) Limited - C:\Program Files\Lenovo\OneKey Optimizer\bin\OKOControlSvc.exe
O23 - Service: OnKey Service _ICBC - Tendyron Corporation - C:\windows\SysWOW64\D4Ser_ICBC.exe
O23 - Service: Alipay payment client security service (pcas) - Alipay.com Inc. - C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe
O23 - Service: PDF Architect 4 - pdfforge GmbH - C:\Program Files\PDF Architect 4\ws.exe
O23 - Service: PDF Architect 4 CrashHandler - pdfforge GmbH - C:\Program Files\PDF Architect 4\crash-handler-ws.exe
O23 - Service: PDF Architect 4 Creator - pdfforge GmbH - C:\Program Files\PDF Architect 4\creator-ws.exe
O23 - Service: PDF Architect 4 Manager - © pdfforge GmbH. - C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE
O23 - Service: IQIYI Video Platform Service (QiyiService) - BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD. - C:\Program Files (x86)\IQIYI Video\PStyle\QiyiService.exe
O23 - Service: QPCore Service (QPCore) - Tencent - C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe
O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17602.210\QQPCRTP.exe
O23 - Service: QQRepair9b6 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: QQRepairFixSVC - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Alipay security business service (secbizsrv) - Alipay.com Inc. - C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\secbizsrv.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: ShareItSvc - SHAREit Technologies Co.Ltd - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TBSecSvc - Alibaba (China) Co., LTD. All rights reserved. - C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: Intel Security True Key Service Helper (TrueKeyServiceHelper) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WPS Office Cloud Service (wpscloudsvr) - Zhuhai Kingsoft Office Software Co.,Ltd - C:\Users\Jackson\AppData\Local\kingsoft\WPS Office\wpscloudsvr.exe
O23 - Service: wwbizsrv - Alibaba Group - C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe
O23 - Service: ???? (ZhuDongFangYu) - 360.cn - C:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe

--
End of file - 18972 bytes

 
 
 
Thanks!

Attached Files


Edited by Oh My!, 01 May 2016 - 02:11 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users