Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit malware adware infected


  • This topic is locked This topic is locked
3 replies to this topic

#1 iamwhy

iamwhy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 02 July 2016 - 11:12 PM

Hi, my computer is infected with trojan, rootkit malware adware. Please help.

 

I have run malwarebytes anti-rootkit and adwcleaner. I did not cleanup the malwarebytes yet. Please give me some advice on what to do. Thanks.

 

The log for adwcleaner is 

 

# AdwCleaner v5.201 - Logfile created 03/07/2016 at 01:06:30
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-01.1 [Server]
# Operating system : Windows 8  (X64)
# Username : A - HI
# Running from : C:\Users\A\Downloads\adwcleaner_5.201.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : bd0001
Service Found : bd0002
Service Found : BDMWrench_x64
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}
 
***** [ Web browsers ] *****
 
[C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : balabolka.en.softonic.com
===================
The log for malwarebytes anti-rootkit is 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.2.9200 Windows 8 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.17556
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 8469852160, free: 5278236672
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.2.9200 Windows 8 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.17556
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 8469852160, free: 5352521728
 
Downloaded database version: v2016.07.03.02
Downloaded database version: v2016.05.27.01
Downloaded database version: v2016.06.29.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     07/03/2016 12:19:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\DsArk64.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\Tpkd.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\DRIVERS\360FsFlt.sys
\SystemRoot\system32\DRIVERS\360Box64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\360netmon.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp6.sys
\SystemRoot\system32\DRIVERS\VBoxNetLwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\360AntiHacker64.sys
\SystemRoot\System32\Drivers\360Camera64.sys
\SystemRoot\System32\Drivers\360Hvm64.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\ckldrv.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\BAPIDRV64.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\??\C:\Windows\system32\drivers\360reskit64.sys
\SystemRoot\system32\DRIVERS\360qpesv64.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\system32\drivers\mlkumidi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbfiltr.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\wacomvhid.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\wacommousefilter.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\QQProtectX64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\360LanProtect.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\DRIVERS\IntelHaxm.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\PECKP_x64.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\DRIVERS\360AvFlt.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.07.03.02
  rootkit: v2016.05.27.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800984c520, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800984b040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800984c520, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8007751e00, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800774e7f0, DeviceName: \Device\0000004e\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A3362226
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 4093702828
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 7f6ea309-1bab-4d4a-9090-5f8ed778c7
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 4093702828
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 7f6ea309-1bab-4d4a-9090-5f8ed778c7
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 1911a6cf-3fb3-482e-a9c-adf7ec2c1936
    FirstLBA 2048  Last LBA 616447
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID da68fad7-b4a8-4234-84d1-1e8656d17d2a
    FirstLBA 616448  Last LBA 2459647
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b2d0ea0c-64c2-4535-bf3c-6acf8653ab2a
    FirstLBA 2459648  Last LBA 2721791
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID af029779-e09a-4a94-88c3-333d9f956017
    FirstLBA 2721792  Last LBA 784130047
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 30a505e4-fe71-4789-b286-cd6486f3b475
    FirstLBA 784130048  Last LBA 1911560191
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID af4e95d7-e18b-444b-aef5-e5c637ba81d
    FirstLBA 1911560192  Last LBA 1953523711
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is compressed (flags = 1)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is compressed (flags = 1)
File "C:\Windows\System32\admwprox.dll" is compressed (flags = 1)
File "C:\Windows\System32\ahadmin.dll" is compressed (flags = 1)
File "C:\Windows\System32\iisreset.exe" is compressed (flags = 1)
File "C:\Windows\System32\iisrstap.dll" is compressed (flags = 1)
File "C:\Windows\System32\iisRtl.dll" is compressed (flags = 1)
File "C:\Windows\System32\wamregps.dll" is compressed (flags = 1)
File "C:\Windows\System32\xpssvcs.dll" is compressed (flags = 1)
File "C:\Windows\SysWOW64\admwprox.dll" is compressed (flags = 1)
File "C:\Windows\SysWOW64\ahadmin.dll" is compressed (flags = 1)
File "C:\Windows\SysWOW64\iisreset.exe" is compressed (flags = 1)
File "C:\Windows\SysWOW64\iisrstap.dll" is compressed (flags = 1)
File "C:\Windows\SysWOW64\iisRtl.dll" is compressed (flags = 1)
File "C:\Windows\SysWOW64\wamregps.dll" is compressed (flags = 1)
File "C:\Windows\SysWOW64\xpssvcs.dll" is compressed (flags = 1)
Infected file C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Agalaxy\gma.dll could not be remediated because backup file is not available
Infected file C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Agalaxy\uninst.exe could not be remediated because backup file is not available
Infected file C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\clover\gma.dll could not be remediated because backup file is not available
Infected: HKLM\SOFTWARE\CLASSES\thunder --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\thunder --> [Trojan.Agent]
Scan finished
 

 



BC AdBot (Login to Remove)

 


#2 iamwhy

iamwhy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 03 July 2016 - 12:09 AM

There is the FRST log:

 

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by A (administrator) on HI (03-07-2016 14:54:13)
Running from C:\Users\A\Desktop
Loaded Profiles: A &  (Available Profiles: A)
Platform: Windows 8 (X64) Language: 英语(美国)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(360.cn) C:\Program Files (x86)\360\360sd\360rps.exe
(360.cn) C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Alibaba Group) C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(360.cn) C:\Program Files (x86)\360\360sd\360sd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(360.cn) C:\Program Files (x86)\360\360Safe\safemon\360tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Tendyron Corporation) C:\Windows\SysWOW64\DBSvr_SPDB.exe
(360.cn) C:\Program Files (x86)\360\360Safe\SoftMgr\SML\SoftMgrLite.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
(360.cn) C:\Program Files (x86)\360\360sd\360rp.exe
(Malwarebytes) C:\Users\A\Desktop\mbar\mbar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-09] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-25] (ASUS)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360tray.exe [395176 2016-06-19] (360.cn)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8897712 2016-07-03] (AVAST Software)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\Run: [360sd] => C:\Program Files (x86)\360\360sd\360sdrun.exe [833352 2014-11-17] (360.cn)
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [10240 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\Policies\Explorer: [] 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\MountPoints2: {2187089a-b486-11e3-be9d-08606e115f3a} - "F:\ESRI.exe" 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\MountPoints2: {5fddcc77-a5d9-11e4-bed0-08606e115f3a} - "F:\Loader.exe" 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\MountPoints2: {71bd4da0-2631-11e5-bef1-08606e115f3a} - "G:\spdb.exe" 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\MountPoints2: {d40c828c-e928-11e5-bf16-08606e115f3a} - "F:\spdb.exe" 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [360sd] => C:\Program Files (x86)\360\360sd\360sdrun.exe [833352 2014-11-17] (360.cn)
HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [10240 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [] 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2187089a-b486-11e3-be9d-08606e115f3a} - "F:\ESRI.exe" 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5fddcc77-a5d9-11e4-bed0-08606e115f3a} - "F:\Loader.exe" 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {71bd4da0-2631-11e5-bef1-08606e115f3a} - "G:\spdb.exe" 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d40c828c-e928-11e5-bf16-08606e115f3a} - "F:\spdb.exe" 
ShellIconOverlayIdentifiers: [       360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360Safe\safemon\360UDiskGuard64.dll [2016-04-12] (360.cn)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-03] (AVAST Software)
ShellIconOverlayIdentifiers: [360FileGuardAntiDel] -> {130DA40A-D640-44D7-9CC6-FAA1CD6B3DEA} => C:\Program Files (x86)\360\360sd\ShellIco.dll [2014-11-18] (360.cn)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [BFDLinkIconOverlay] -> {F9D0EFE7-1939-4156-B6E9-0006A5FDDC4E} => C:\Program Files (x86)\Baofeng\StormPlayer\BFDesktopShell64.dll No File
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(618).dll [2013-06-20] (深圳市迅雷网络技术有限公司)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A0AA80C8-2231-4F3D-A5B7-6A8580CED669}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{AD953C1C-685C-49F1-9FBE-E1D0A003A25B}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKU\S-1-5-21-2954409459-184384724-1730954954-1004 -> DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
SearchScopes: HKU\S-1-5-21-2954409459-184384724-1730954954-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2954409459-184384724-1730954954-1004 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
SearchScopes: HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
SearchScopes: HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-03] (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon64.dll [2016-04-15] (360.cn)
BHO-x32: 360sdbho Class -> {0F4BF955-A127-41B7-A998-369904AA2578} -> C:\Program Files (x86)\360\360sd\360sdbho.dll [2014-04-16] (360.cn)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon.dll [2016-06-05] (360.cn)
DPF: HKLM-x32 {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} hxxps://site.cmbchina.com/download/CMBEdit.cab
DPF: HKLM-x32 {E3C65E2D-AC99-4E11-884C-E313C870A662} hxxps://www.yintongcard.com/ics-mallweb/ocx/zyt/PowerEnterBOCEP.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\bo86t131.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-20] ()
FF Plugin: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\4.6.0.3481\npAlipaydhc64.dll [2014-11-19] (Alipay.com Inc. )
FF Plugin: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\4.6.0.3481\npAliSecCtrl64.dll [2014-11-19] (Alipay.com Inc. )
FF Plugin: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\PStyle\npclient.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-16] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll [No File]
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll [2014-04-22] (360.cn)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-20] ()
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.46C\npwangwang.dll [No File]
FF Plugin-x32: @alipay.com/npalidcp -> C:\Program Files (x86)\alipay\aliedit\4.6.0.3481\npalidcp.dll [2014-07-03] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npaliedit -> C:\Program Files (x86)\alipay\aliedit\4.6.0.3481\npaliedit.dll [2014-07-03] (Alipay.com co.,ltd)
FF Plugin-x32: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\4.6.0.3481\npAlipaydhc.dll [2014-11-19] (Alipay.com Inc. )
FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\4.6.0.3481\npAliSecCtrl.dll [2014-11-19] (Alipay.com Inc. )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @baidu.com/npBdyyPlugin -> C:\Program Files (x86)\baidu\BaiduPlayer\4.0.2.53\npbdyy.dll [No File]
FF Plugin-x32: @baidu.com/npxbdsetup -> C:\Windows\Downloaded Program Files\189095000\npxbdsetup.dll [No File]
FF Plugin-x32: @baidu.com/npxbdyy -> C:\Program Files (x86)\baidu\BaiduPlayer\4.0.2.53\npxbdyy.dll [No File]
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\A\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [No File]
FF Plugin-x32: @baofeng.com/npBFWebBrowserPlugin -> C:\Program Files (x86)\Baofeng\StormPlayer\npBFWebBrowserPlugin.dll [No File]
FF Plugin-x32: @baofeng.com/npWebStorm -> C:\Program Files (x86)\Baofeng\StormPlayer\webplayer\npWebStrom.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @csii.com.cn/powerenter-spdb,version=1.0.0.8 -> C:\Program Files (x86)\SPDB Ebank Security\nppowerenter-spdb.dll [2011-09-20] (CSII)
FF Plugin-x32: @csii.com.cn/powersign-spdb,version=1.0.0.4 -> C:\Program Files (x86)\SPDB Ebank Security Suite\np_spdbsign_nie_v5.dll [2013-10-17] (CSII )
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @itstructures.com/ffactivex -> C:\Program Files (x86)\JJPlayer\npWebPlayer.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [No File]
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [No File]
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [No File]
FF Plugin-x32: @silveraegis.cn/isecurity-spdbank,version=2.4.51.0 -> C:\Program Files (x86)\SPDB Ebank Security Suite\np_spdbsafe_nie_v5.dll [2014-03-25] (北京银盾思创网络技术有限公司)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-02] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2010-09-02] (Wacom, Inc.)
FF Plugin-x32: @xigua.com/npxgax -> C:\Program Files (x86)\xigua\2.12.0.5\npxgax.dll [2014-09-30] ()
FF Plugin-x32: @xunlei.com/DapCtrl -> C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(617).dll [2013-04-27] (ShenZhen Thunder Networking Technologies Ltd.)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll [No File]
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2013-08-24] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @1.qq.com/npqqwebgame -> C:\Users\A\AppData\Roaming\Tencent\WebGamePlugin\1.0.3.9\npqqwebgame.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @360.cn/360MMPlugin -> C:\Program Files (x86)\360\360Safe\MobileMgr\np360MMPlugIn.dll [2015-06-03] (360.cn)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll [2016-01-27] (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [2016-01-27] ( )
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @alipay.com/npalicert -> C:\Users\A\AppData\Roaming\alipay\cf\npalicdo.dll [2014-09-03] (alipay.com)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @talk.google.com/GoogleTalkPlugin -> C:\Users\A\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @talk.google.com/O1DPlugin -> C:\Users\A\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @tools.google.com/Google Update;version=3 -> C:\Users\A\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @tools.google.com/Google Update;version=9 -> C:\Users\A\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\A\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-25] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2013-08-24] ( )
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004: youku.com/YoukuAgent -> C:\Users\A\AppData\Roaming\ytmediacenter\npYoukuAgent.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @1.qq.com/npqqwebgame -> C:\Users\A\AppData\Roaming\Tencent\WebGamePlugin\1.0.3.9\npqqwebgame.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @360.cn/360MMPlugin -> C:\Program Files (x86)\360\360Safe\MobileMgr\np360MMPlugIn.dll [2015-06-03] (360.cn)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npAliSSOLogin.dll [2016-01-27] (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.60.00C\npwangwang.dll [2016-01-27] ( )
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @alipay.com/npalicert -> C:\Users\A\AppData\Roaming\alipay\cf\npalicdo.dll [2014-09-03] (alipay.com)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\A\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\A\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\A\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\A\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\A\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-25] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll [No File]
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2013-08-24] ( )
FF Plugin HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: youku.com/YoukuAgent -> C:\Users\A\AppData\Roaming\ytmediacenter\npYoukuAgent.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll [2015-01-29] ( )
FF Plugin ProgramFiles/Appdata: C:\Users\A\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\A\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Extension: Zotero Word for Windows Integration - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\bo86t131.default\extensions\zoteroWinWordIntegration@zotero.org [2016-04-27]
FF Extension: Mason - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\bo86t131.default\extensions\{F632A5EA-F825-4AE7-94B5-233CFBA9F423}.xpi [2016-05-22]
FF Extension: PDF Download - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\bo86t131.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2016-05-22]
FF Extension: FoxVox - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\bo86t131.default\extensions\foxvox@wordit.com [2016-05-22]
FF Extension: Greasemonkey - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\bo86t131.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-05-22]
FF Extension: Zotero - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\bo86t131.default\extensions\zotero@chnm.gmu.edu.xpi [2016-05-22]
FF Extension: Print Edit - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\bo86t131.default\extensions\printedit@DW-dev.xpi [2016-05-22]
FF Extension: Flash and Video Download - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\bo86t131.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-07-01]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\bo86t131.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2015-11-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-03]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-04-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files\McAfee\MSK [2013-08-11] [not signed]
FF HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Program Files\Youdao\Dict\stable\extensions\firefox
FF Extension: Youdao Word Capturer - C:\Program Files\Youdao\Dict\stable\extensions\firefox [2014-07-16] [not signed]
FF HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Program Files\Youdao\Dict\stable\extensions\firefox
 
Chrome: 
=======
CHR Profile: C:\Users\A\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Fair AdBlock App (by STANDS)) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2016-06-25]
CHR Extension: (Avast SafePrice) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-07-03]
CHR Extension: (Avira Browser Safety) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-03]
CHR Extension: (Avast Online Security) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-03]
CHR Extension: (Fair AdBlock (by STANDS)) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 360rp; C:\Program Files (x86)\360\360sd\360rps.exe [321096 2014-11-17] (360.cn)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [596360 2014-06-21] (Autodesk Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-12] (Adobe Systems) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe [1443704 2013-05-28] (Flexera Software LLC)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-03] (AVAST Software)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S3 Crypkey License; C:\Windows\system32\crypserv.exe [126976 2009-05-30] (CrypKey (Canada) Ltd.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68344 2013-01-03] (Robert McNeel & Associates)
R3 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3D Max\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-08] (Native Instruments GmbH) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
S3 OnKey Service of DB USB KEY for SPDB; C:\Windows\SysWOW64\DBSer_SPDB.exe [55608 2014-03-13] ()
S3 pcas; C:\Program Files (x86)\alipay\aliedit\4.6.0.3481\pcas.exe [558880 2014-11-19] (Alipay.com Inc. )
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 secbizsrv; C:\Program Files (x86)\alipay\aliedit\4.6.0.3481\secbizsrv.exe [385824 2014-11-19] (Alipay.com Inc. )
S3 SogouUpdate; C:\Program Files (x86)\SogouInput\7.9.0.7576\SogouUpdate.exe [367552 2016-03-21] (Sogou.com Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 wampapache64; C:\Program Files\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; C:\Program Files\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WebServeTD; C:\Program Files (x86)\YouKu\tudouClient\WebServeTD.exe [353840 2015-11-20] (TODO: <公司名>)
S3 WiFiKeyService; C:\Program Files (x86)\WiFiMasterKey\WiFiKeyService.exe [58680 2015-03-12] (上海连尚科技有限公司)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-07] (Microsoft Corporation)
R2 wwbizsrv; C:\Program Files (x86)\Alibaba\wwbizsrv\wwbizsrv.exe [1769320 2016-01-27] (Alibaba Group)
S3 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2013-08-24] (深圳市迅雷网络技术有限公司)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe [237168 2015-12-03] (360.cn)
S3 BaiduYunUtility; C:\Users\A\AppData\Roaming\baidu\BaiduYunGuanjia\YunUtilityService.exe [X]
S3 BDYYSWSvc; C:\Program Files (x86)\baidu\BaiduPlayer\4.0.2.53\plugins\BaiduYYSWPlugin\5.0.0.129\BDYYSWSvc.exe [X]
S2 QPCore; "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-05-29] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-10-23] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [321616 2015-11-22] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-04-18] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [389864 2016-05-12] (360.cn)
R1 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [244304 2016-03-11] (360安全中心)
R2 360LanProtect; C:\Windows\system32\DRIVERS\360LanProtect.sys [39496 2014-04-21] (360.cn)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [81128 2016-06-27] (360.cn)
R1 360qpesv; C:\Windows\System32\DRIVERS\360qpesv64.sys [231656 2016-06-08] (360.cn)
R1 360reskit64; C:\Windows\system32\drivers\360reskit64.sys [68176 2016-03-10] (360.cn)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-07-03] (AVAST Software)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-11-01] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [182352 2016-02-12] (360.cn)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
S3 DgSafe; C:\Windows\SysWOW64\drivers\DgSafe.sys [470800 2014-10-27] (MyDrivers.com)
R0 DsArk; C:\Windows\System32\drivers\DsArk64.sys [135760 2015-08-27] (360.cn)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-07-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-03] (Malwarebytes)
R3 mlkumidi; C:\Windows\system32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [29688 2009-06-13] ()
R2 PECKbdProtector; C:\Windows\system32\drivers\PECKP_x64.SYS [53088 2014-09-04] (CSII)
R2 QQProtectX64; C:\Windows\system32\drivers\QQProtectX64.sys [64952 2015-06-09] (Tencent)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [103272 2009-05-21] (PACE Anti-Piracy, Inc.) [File not signed]
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2014-05-31] () [File not signed]
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-07] (Microsoft Corporation)
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S1 BDMWrench_x64; system32\DRIVERS\BDMWrench_x64.sys [X]
U0 msahci; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVCx32: qwxfpq -> no filepath.
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2029-01-27 11:36 - 2029-01-27 11:36 - 00000000 ____D C:\Users\A\Documents\Max
2016-07-03 14:54 - 2016-07-03 14:54 - 00000636 _____ C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2016-07-03 14:53 - 2016-07-03 14:54 - 00047606 _____ C:\Users\A\Desktop\FRST.txt
2016-07-03 14:53 - 2016-07-03 14:53 - 00000000 ____D C:\Users\A\AppData\Local\CrashDumps
2016-07-03 14:46 - 2016-07-03 14:54 - 00000000 ____D C:\FRST
2016-07-03 12:26 - 2016-07-03 12:26 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\A\Downloads\rkill.exe
2016-07-03 12:25 - 2016-07-03 12:26 - 22851472 _____ (Malwarebytes ) C:\Users\A\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2016-07-03 12:19 - 2016-07-03 13:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-03 12:19 - 2016-07-03 12:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-03 12:18 - 2016-07-03 12:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-03 12:18 - 2016-07-03 12:18 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-03 12:16 - 2016-07-03 12:16 - 00000000 ____D C:\Users\A\Desktop\mbar
2016-07-03 12:14 - 2016-07-03 12:14 - 00000000 ____D C:\Users\A\AppData\Roaming\Avira
2016-07-03 12:12 - 2016-04-04 17:07 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-07-03 12:12 - 2016-04-04 17:07 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-07-03 12:12 - 2016-04-04 17:07 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-07-03 12:12 - 2016-04-04 17:07 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-07-03 12:05 - 2016-07-03 12:05 - 02390016 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
2016-07-03 12:02 - 2016-07-03 12:03 - 16563352 _____ (Malwarebytes Corp.) C:\Users\A\Downloads\mbar-1.09.3.1001.exe
2016-07-03 12:02 - 2016-07-03 12:03 - 16563352 _____ (Malwarebytes Corp.) C:\Users\A\Downloads\mbar-1.09.3.1001 (1).exe
2016-07-03 02:38 - 2016-07-03 02:38 - 00291296 _____ C:\Windows\Minidump\070316-67500-01.dmp
2016-07-03 01:40 - 2016-07-03 01:40 - 00000000 ____D C:\Users\A\AppData\Local\CEF
2016-07-03 01:25 - 2016-07-03 01:25 - 00290912 _____ C:\Windows\Minidump\070316-50734-01.dmp
2016-07-03 01:16 - 2016-07-03 01:16 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-07-03 01:16 - 2016-07-03 01:16 - 00003878 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1467472614
2016-07-03 01:16 - 2016-07-03 01:16 - 00001039 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-07-03 01:16 - 2016-07-03 01:16 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-03 01:15 - 2016-07-03 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-03 01:15 - 2016-07-03 01:15 - 00001208 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-07-03 01:12 - 2016-07-03 01:12 - 00001924 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-07-03 01:12 - 2016-07-03 01:12 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-07-03 01:12 - 2016-07-03 01:12 - 00000000 ____D C:\Users\A\AppData\Roaming\AVAST Software
2016-07-03 01:12 - 2016-07-03 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-07-03 01:11 - 2016-07-03 01:12 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-03 01:11 - 2016-07-03 01:11 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-03 01:11 - 2016-07-03 01:11 - 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-03 01:11 - 2016-07-03 01:11 - 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-07-03 01:11 - 2016-07-03 01:11 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-03 01:11 - 2016-07-03 01:11 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-03 01:11 - 2016-07-03 01:11 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-03 01:11 - 2016-07-03 01:11 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-07-03 01:11 - 2016-07-03 01:11 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-07-03 01:11 - 2016-07-03 01:11 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-07-03 01:11 - 2016-07-03 01:11 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-03 01:11 - 2016-07-03 01:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-03 01:09 - 2016-07-03 01:09 - 00001217 _____ C:\Users\A\Desktop\AdwCleaner[S2].txt
2016-07-03 01:08 - 2016-07-03 01:16 - 00000000 ____D C:\Program Files\AVAST Software
2016-07-03 01:07 - 2016-07-03 01:16 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-03 01:00 - 2016-07-03 01:01 - 06883040 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-03 00:52 - 2016-07-03 00:52 - 00026002 _____ C:\Users\A\Desktop\AdwCleaner[S1].txt
2016-07-03 00:49 - 2016-07-03 00:56 - 11438608 _____ (SurfRight B.V.) C:\Users\A\Downloads\HitmanPro_x64.exe
2016-07-03 00:43 - 2016-07-03 00:43 - 06253640 _____ (AVAST Software) C:\Users\A\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-07-03 00:42 - 2016-07-03 01:42 - 00000000 ____D C:\AdwCleaner
2016-07-03 00:40 - 2016-07-03 00:46 - 22851472 _____ (Malwarebytes ) C:\Users\A\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-03 00:39 - 2016-07-03 00:41 - 03712064 _____ C:\Users\A\Downloads\adwcleaner_5.201.exe
2016-07-03 00:32 - 2016-07-03 00:33 - 00291624 _____ C:\Windows\Minidump\070316-46937-01.dmp
2016-07-02 22:17 - 2016-07-02 22:17 - 00000000 _____ C:\Users\A\Desktop\1.txt
2016-07-02 18:50 - 2016-07-02 18:53 - 00028938 _____ C:\Users\A\Desktop\e.txt
2016-07-02 18:45 - 2016-07-02 18:47 - 00028040 _____ C:\Users\A\Desktop\d.txt
2016-07-02 18:43 - 2016-07-02 18:43 - 00035037 _____ C:\Users\A\Desktop\ping.txt
2016-07-02 14:24 - 2016-07-03 00:36 - 00002287 _____ C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-02 14:24 - 2016-07-03 00:36 - 00002257 _____ C:\Users\A\Desktop\Google Chrome.lnk
2016-07-02 13:00 - 2016-07-02 13:00 - 00000000 ____D C:\Users\A\AppData\Roaming\360mobilemgr
2016-07-02 12:20 - 2016-07-02 12:20 - 00291336 _____ C:\Windows\Minidump\070216-46203-01.dmp
2016-07-01 23:51 - 2016-07-03 00:59 - 00003630 _____ C:\Windows\System32\Tasks\googleupdatetaskmachinecore
2016-07-01 23:51 - 2016-07-01 23:51 - 00987728 _____ (Google Inc.) C:\Users\A\Downloads\ChromeSetup(1).exe
2016-07-01 23:29 - 2016-07-01 23:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\A\Downloads\rkill.com
2016-07-01 23:26 - 2016-07-03 12:12 - 00000000 ____D C:\ProgramData\Avira
2016-07-01 23:26 - 2016-07-03 12:12 - 00000000 ____D C:\Program Files (x86)\Avira
2016-07-01 23:23 - 2016-07-01 23:24 - 04657056 _____ (Avira Operations GmbH & Co. KG) C:\Users\A\Downloads\avira_en_av_57766e7829ed9__ws.exe
2016-07-01 04:12 - 2016-07-01 04:12 - 00290760 _____ C:\Windows\Minidump\070116-39203-01.dmp
2016-06-30 22:53 - 2016-06-30 22:53 - 00001074 _____ C:\Users\Public\Desktop\360杀毒.lnk
2016-06-30 22:39 - 2016-07-03 06:50 - 00000091 _____ C:\HaxLogs.txt
2016-06-30 22:28 - 2016-06-30 22:28 - 00000000 ____D C:\Windows\pss
2016-06-30 19:30 - 2016-06-30 19:30 - 00000000 ___HD C:\$SysReset
2016-06-30 19:29 - 2016-06-30 19:29 - 01497474 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-30 19:28 - 2016-06-30 19:28 - 00000000 ____D C:\inetpub
2016-06-29 15:35 - 2016-06-29 15:35 - 06569088 _____ (Tim Kosse) C:\Users\A\Downloads\FileZilla_3.19.0_win64-setup.exe
2016-06-27 21:35 - 2016-06-27 21:35 - 00021218 _____ C:\Users\A\Downloads\WebDriver-PHP-master.zip
2016-06-27 20:22 - 2016-06-27 20:22 - 02736710 _____ C:\Users\A\Downloads\chromedriver_win32.zip
2016-06-27 20:08 - 2016-06-27 20:08 - 00000000 ____D C:\Users\A\AppData\Roaming\迅雷游戏
2016-06-25 14:21 - 2016-06-25 14:40 - 00000000 ____D C:\Users\A\AppData\LocalLow\XiGuaPlayer
2016-06-25 14:21 - 2016-06-25 14:40 - 00000000 ____D C:\Users\A\AppData\LocalLow\xigua
2016-06-25 14:21 - 2016-06-25 14:39 - 00001957 _____ C:\ckcore.txt
2016-06-25 14:21 - 2016-06-25 14:21 - 00000000 ____D C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\西瓜
2016-06-25 14:21 - 2016-06-25 14:21 - 00000000 ____D C:\Program Files (x86)\xigua
2016-06-25 14:19 - 2016-06-25 14:21 - 00000000 ____D C:\Users\Public\Documents\temp
2016-06-25 14:16 - 2016-06-25 14:17 - 22230480 _____ (西瓜) C:\Users\A\Downloads\xigua_2_12_0_5.exe
2016-06-25 13:18 - 2016-06-25 13:34 - 00009575 _____ C:\Users\A\Downloads\wp-theme-step-6.zip
2016-06-24 09:58 - 2016-06-24 09:58 - 00000000 ____D C:\Users\A\AppData\Local\Screenhero,_Inc
2016-06-24 09:58 - 2016-06-24 09:58 - 00000000 ____D C:\Users\A\AppData\Local\Screenhero
2016-06-24 09:57 - 2016-06-24 13:57 - 00000000 ____D C:\Users\A\AppData\Roaming\Screenhero, Inc
2016-06-24 09:57 - 2016-06-24 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screenhero
2016-06-24 09:57 - 2016-06-24 09:57 - 00000000 ____D C:\Program Files (x86)\Screenhero, Inc
2016-06-24 09:56 - 2016-06-24 09:56 - 32991560 _____ (Screenhero, Inc.) C:\Users\A\Downloads\Screenhero-Latest-setup.exe
2016-06-22 20:10 - 2016-06-22 20:10 - 00028621 _____ C:\Users\A\Downloads\夜凝夕3花事了 (1).txt
2016-06-22 02:09 - 2016-06-22 02:09 - 00028621 _____ C:\Users\A\Downloads\夜凝夕3花事了.txt
2016-06-22 00:49 - 2016-06-22 00:49 - 00226485 _____ C:\Users\A\Downloads\《夜凝夕2飞烟》飞烟.txt
2016-06-22 00:49 - 2016-06-22 00:49 - 00226389 _____ C:\Users\A\Downloads\夜凝夕2飞烟.txt
2016-06-13 01:07 - 2016-06-13 01:07 - 08421795 _____ C:\Users\A\Downloads\wordpress-4.5.2.zip
2016-06-11 03:28 - 2016-06-11 03:28 - 00000200 _____ C:\Users\A\.gitconfig
2016-06-11 02:22 - 2016-06-11 02:28 - 166800898 _____ C:\Users\A\Downloads\daydream.love-20160610-162031-823.wpress
2016-06-10 23:36 - 2016-06-10 23:52 - 209934901 _____ C:\Users\A\Downloads\daydream.love-20160610-133524-217.wpress
2016-06-10 23:07 - 2016-06-10 23:08 - 35898738 _____ C:\Users\A\Downloads\sg_backup_20160610130534.sgbp
2016-06-09 15:47 - 2016-06-09 15:47 - 00000000 ____D C:\Users\A\AppData\Roaming\yiwanzhushou
2016-06-09 15:47 - 2016-06-09 15:47 - 00000000 ____D C:\Program Files (x86)\yiwanplayer
2016-06-07 14:39 - 2016-06-07 14:40 - 26688128 _____ (FonePaw ) C:\Users\A\Downloads\iphone-data-recovery.exe
2016-06-05 04:19 - 2016-06-05 04:19 - 00000000 ____D C:\Users\A\AppData\Local\fontconfig
2016-06-05 04:11 - 2016-07-03 00:55 - 00000000 ____D C:\Program Files (x86)\FormatFactory
2016-06-05 04:06 - 2016-06-05 04:10 - 45844424 _____ (FreeTime) C:\Users\A\Downloads\FormatFactory_3.9.0.0_setup.1461565090.exe
2016-06-05 02:52 - 2016-06-05 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-03 14:52 - 2013-08-10 17:33 - 00000000 ____D C:\Users\A\Downloads\software
2016-07-03 14:51 - 2013-08-06 20:09 - 00000000 ____D C:\Users\A\AppData\Roaming\360safe
2016-07-03 14:49 - 2013-12-21 02:05 - 00000000 __SHD C:\Users\A\AppData\Roaming\360Quarant
2016-07-03 14:49 - 2013-12-21 02:05 - 00000000 __SHD C:\$360Section
2016-07-03 13:06 - 2013-09-06 14:27 - 00000494 _____ C:\Windows\Tasks\MATLAB R2012b 启动加速器.job
2016-07-03 12:01 - 2013-08-06 20:17 - 00000000 ____D C:\Users\A\AppData\LocalLow\360WD
2016-07-03 08:23 - 2012-07-26 18:12 - 00000000 ____D C:\Windows\rescache
2016-07-03 07:13 - 2013-08-06 20:49 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2954409459-184384724-1730954954-1004
2016-07-03 06:49 - 2014-05-21 20:44 - 00000001 _____ C:\Windows\system32\Drivers\360Hvm64.dat
2016-07-03 06:49 - 2012-07-26 17:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-03 03:41 - 2014-11-12 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度影音
2016-07-03 03:41 - 2013-08-08 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¶àÃ×ÒôÀÖ
2016-07-03 02:38 - 2013-09-08 09:42 - 00000000 ____D C:\Windows\Minidump
2016-07-03 02:37 - 2016-05-06 16:06 - 1570550663 _____ C:\Windows\MEMORY.DMP
2016-07-03 02:11 - 2016-05-05 02:17 - 00000000 ____D C:\Users\A\AppData\Roaming\ytmediacenter
2016-07-03 02:11 - 2016-04-15 11:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-07-03 01:58 - 2014-01-10 10:04 - 00000000 ____D C:\Users\A\AppData\Roaming\360SuperKiller
2016-07-03 01:29 - 2013-08-06 20:05 - 00000000 ____D C:\Users\A
2016-07-03 01:25 - 2013-08-06 17:19 - 00000000 _RSHD C:\360SANDBOX
2016-07-03 01:22 - 2014-02-11 17:14 - 00000000 ____D C:\ProgramData\Skype
2016-07-03 01:15 - 2014-03-01 18:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-03 01:10 - 2012-08-02 18:40 - 00464360 _____ C:\Windows\system32\prfh0804.dat
2016-07-03 01:10 - 2012-08-02 18:40 - 00157760 _____ C:\Windows\system32\prfc0804.dat
2016-07-03 01:10 - 2012-07-26 17:28 - 01565010 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-03 01:10 - 2012-07-26 15:37 - 00000000 ____D C:\Windows\Inf
2016-07-03 00:59 - 2013-08-06 17:22 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-07-03 00:59 - 2012-07-26 15:26 - 00786432 ___SH C:\Windows\system32\config\BBI
2016-07-02 23:32 - 2013-08-06 20:29 - 00000000 ____D C:\Users\A\AppData\LocalLow\SogouPY
2016-07-02 13:01 - 2013-08-08 20:41 - 00000000 ____D C:\Program Files (x86)\DuoMi
2016-07-02 12:59 - 2013-08-09 00:09 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-02 12:59 - 2013-08-06 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心
2016-07-01 23:33 - 2014-01-17 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2016-06-30 22:51 - 2014-02-12 06:48 - 00000000 ____D C:\Program Files\Common Files\360SD
2016-06-30 22:49 - 2013-11-18 12:55 - 00000000 ____D C:\ProgramData\360SD
2016-06-30 22:15 - 2012-07-26 18:12 - 00000000 ____D C:\Windows\system32\NDF
2016-06-30 19:28 - 2012-07-26 18:12 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-06-30 19:28 - 2012-07-26 18:12 - 00000000 ____D C:\Windows\system32\inetsrv
2016-06-30 18:54 - 2015-12-06 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.0.0f4 (64-bit)
2016-06-30 15:48 - 2012-07-26 18:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-28 03:55 - 2013-08-09 00:49 - 00001042 _____ C:\Users\A\AppData\Roaming\coreavc.ini
2016-06-27 21:23 - 2015-04-12 19:01 - 00000000 ____D C:\Program Files\wamp
2016-06-27 20:07 - 2013-08-24 11:49 - 00000000 ____D C:\Users\Public\Thunder Network
2016-06-27 15:13 - 2013-08-06 17:19 - 00081128 _____ (360.cn) C:\Windows\system32\Drivers\360netmon.sys
2016-06-27 01:30 - 2013-11-16 12:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-26 12:17 - 2016-05-28 13:55 - 00000000 ____D C:\Users\A\AppData\Local\heroku
2016-06-20 12:07 - 2013-08-09 00:08 - 00003720 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-20 11:43 - 2013-08-07 15:21 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-19 00:53 - 2016-01-15 02:17 - 00000000 ____D C:\Users\A\AppData\Roaming\obs-studio
2016-06-15 10:53 - 2014-01-14 12:53 - 00000000 ____D C:\ProgramData\Unity
2016-06-08 19:19 - 2015-07-03 23:10 - 00231656 _____ (360.cn) C:\Windows\system32\Drivers\360qpesv64.sys
2016-06-08 13:26 - 2016-02-13 13:49 - 00000000 ____D C:\Users\A\AppData\Local\atom
2016-06-08 13:26 - 2015-04-29 13:03 - 00000000 ____D C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2016-06-08 13:24 - 2016-02-13 13:49 - 00000000 ____D C:\Users\A\AppData\Local\SquirrelTemp
2016-06-05 04:11 - 2013-09-06 22:05 - 00000000 ____D C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\格式工厂
 
==================== Files in the root of some directories =======
 
2016-04-24 14:31 - 2016-05-20 21:44 - 0000132 _____ () C:\Users\A\AppData\Roaming\Adobe PNG Format CC Prefs
2013-09-05 23:59 - 2015-09-13 22:36 - 0000132 _____ () C:\Users\A\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-09-10 14:36 - 2016-03-16 17:15 - 0000132 _____ () C:\Users\A\AppData\Roaming\Adobe PNG 格式 CC 首选项
2015-08-05 23:56 - 2015-12-05 18:51 - 0000034 _____ () C:\Users\A\AppData\Roaming\AdobeWLCMCache.dat
2013-12-07 14:45 - 2014-08-07 21:32 - 0001078 _____ () C:\Users\A\AppData\Roaming\base64.cer
2013-08-09 00:49 - 2016-06-28 03:55 - 0001042 _____ () C:\Users\A\AppData\Roaming\coreavc.ini
2015-10-12 23:50 - 2015-10-12 23:50 - 1097696 _____ () C:\Users\A\AppData\Roaming\V95SA03T.TXT
2016-03-16 14:23 - 2016-03-28 19:47 - 0000600 _____ () C:\Users\A\AppData\Roaming\winscp.rnd
2016-03-12 13:44 - 2016-03-14 14:23 - 0001404 _____ () C:\Users\A\AppData\Local\Adobe 存储为 Web 所用格式 13.0 Prefs
2016-05-02 23:58 - 2016-05-24 03:40 - 0000032 _____ () C:\Users\A\AppData\Local\temp.tmp
2014-07-31 11:42 - 2014-07-31 11:42 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-08-05 11:42 - 2012-07-30 16:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
 
Some files in TEMP:
====================
C:\Users\A\AppData\Local\Temp\360SafeIME.exe
C:\Users\A\AppData\Local\Temp\574A0A21.exe
C:\Users\A\AppData\Local\Temp\avgnt.exe
C:\Users\A\AppData\Local\Temp\libeay32.dll
C:\Users\A\AppData\Local\Temp\msvcr120.dll
C:\Users\A\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-03 07:14
 
==================== End of FRST.txt ============================
 
 
Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by A (2016-07-03 14:55:22)
Running from C:\Users\A\Desktop
Windows 8 (X64) (2013-08-06 04:39:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
A (S-1-5-21-2954409459-184384724-1730954954-1004 - Administrator - Enabled) => C:\Users\A
Administrator (S-1-5-21-2954409459-184384724-1730954954-500 - Administrator - Disabled)
Guest (S-1-5-21-2954409459-184384724-1730954954-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: 360杀毒 (Disabled - Up to date) {6F7A6B22-2309-7CD0-AF79-D11A4916C60C}
AS: 360安全卫士 (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
360安全卫士 (HKLM-x32\...\360安全卫士) (Version: 10.2.0.2001 - 360安全中心)
360杀毒 (HKLM-x32\...\360SD) (Version: 5.0.0.7033 - 360安全中心)
ÃÀͼ¿´¿´ 2.2.7 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\ÃÀͼ¿´¿´) (Version: 2.2.7 - Meitu, Inc.)
ÃÀͼ¿´¿´ 2.2.7 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ÃÀͼ¿´¿´) (Version: 2.2.7 - Meitu, Inc.)
Ableton Live 9 Suite (HKLM\...\{D18A9963-D560-4C56-8B88-A8B79CB9FFB8}) (Version: 9.0.0.0 - Ableton)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) - Chinese Simplified (HKLM-x32\...\{AC76BA86-7AD7-2052-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Antares Auto-Tune Evo VST (HKLM-x32\...\{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}) (Version: 6.00.0009 - Antares Audio Technologies)
Apophysis 2.0 (HKLM-x32\...\Apophysis 2.0) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{AFADB5DC-3ABC-421F-9DAD-BDABE511258B}) (Version: 4.0.51117.1 - Microsoft Corporation)
ArcGIS 10.2 for Desktop (HKLM-x32\...\ArcGIS 10.2 for Desktop) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2 for Desktop (x32 Version: 10.2.3348 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2 License Manager (HKLM-x32\...\ArcGIS 10.2 License Manager) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2 License Manager (x32 Version: 10.2.3348 - Environmental Systems Research Institute, Inc.) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Atom (HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\atom) (Version: 1.8.0 - GitHub Inc.)
Atom (HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\atom) (Version: 1.8.0 - GitHub Inc.)
AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.1.149.0 - Autodesk)
Autodesk 3ds Max 2015 (Version: 17.1.149.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)
Autodesk 3ds Max 2015 SP1 (HKLM\...\Autodesk 3ds Max 2015 SP1) (Version: 17.1.149.0 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.155.0 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{C897D9EC-13C6-4A22-ABF7-33F2126A7DB6}) (Version: 3.0.8.0 - Autodesk, Inc.)
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk Revit 2014 (HKLM\...\Autodesk Revit 2014) (Version: 13.07.22211 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.166.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.166.0 - Autodesk) Hidden
Autodesk Workflows 2014 (HKLM\...\{11672AB2-3D48-4D38-9123-719E5FF93333}) (Version: 4.0.19.0 - Autodesk, Inc.)
AV Voice Changer Software DIAMOND 7.0 (HKLM-x32\...\AV Voice Changer Software DIAMOND 7.0) (Version: 7.0.29 - Avnex Ltd.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3d9e0476-943f-4962-99dc-b9c937a43840}) (Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.65.9690 - Avira Operations GmbH & Co. KG) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.10.0.575 - Ilya Morozov)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.4-5 - Wacom Technology Corp.)
BBE Sonic Maximizer Plugin (HKLM-x32\...\BBE Sonic Maximizer Plugin) (Version: 1.0.0.0 - BBE Sound)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chaotica 1.1.1 (HKLM-x32\...\{BFC168FD-F6D5-4742-8E33-B3FC61E78C30}) (Version: 1.1.1 - Glare Technologies Limited)
CINEMA 4D 15.037 (HKLM\...\MAXON12664043) (Version: 15.037 - MAXON Computer GmbH)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.0.0.91 - Citrix Systems, Inc.)
CMBEdit (HKLM-x32\...\{10DF5555-D134-4C2E-9D32-71BEE4025C0F}) (Version: 1.2.0.0 - China Merchants Bank)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.7.0 - oldsch00l)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Edirol HQ Orchestral VSTi v1.03 (HKLM-x32\...\Edirol HQ Orchestral VSTi v1.03) (Version:  - )
Electric Sheep 2.7b34 (HKLM-x32\...\Electric Sheep) (Version: 2.7b34 - Electricsheep)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
e-tax 2015 (HKLM-x32\...\{9D19C250-CE9A-4BF0-91C8-031665D54D16}) (Version: 2.10.541 - Australian Taxation Office)
Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
FormatFactory (HKLM-x32\...\FormatFactory) (Version: 3.9.0.0 - FreeTime)
Free AMR Player (HKLM-x32\...\Free AMR Player_is1) (Version: 1.0 - Free Converting)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1242.41000 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
gecoForGH09 (HKLM-x32\...\{2FB08C71-A43A-421C-9D90-7F6FB5532ADC}) (Version: 1.0.37 - uto Ursula Frick Thomas Grabner)
Genymotion version 2.5.3 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.5.3 - Genymobile)
Git version 2.7.4 (HKLM\...\Git_is1) (Version: 2.7.4 - The Git Development Community)
Git version 2.8.0 (HKLM-x32\...\Git_is1) (Version: 2.8.0 - The Git Development Community)
GitHub (HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\5f7eb300e2ea4ebf) (Version: 3.0.15.0 - GitHub, Inc.)
GitHub (HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5f7eb300e2ea4ebf) (Version: 3.0.15.0 - GitHub, Inc.)
Google Books Downloader version 2.3 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grasshopper for Rhino 5 (HKLM-x32\...\Grasshopper for Rhino 5) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Heroku Toolbelt 3.43.2 (HKLM-x32\...\Heroku Toolbelt_is1) (Version: 3.43.2 - Heroku, Inc.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Minihost Modular (HKLM-x32\...\IL Minihost Modular) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
INCENDIA EX V (HKLM-x32\...\12031B46-075F-4028-A7B6-CA6218BB65E2_is1) (Version:  - Incendia.Net)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)
iTudou (HKLM-x32\...\iTudou) (Version: 4.1.3.4082 - youkutudou, Inc.)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Karamba (HKLM-x32\...\{16B52E13-B82D-4CC6-AE8C-FB623DF6C1B5}) (Version: 1.0.4 - Clemens Preisinger)
KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.0 64 bit - Luxion ApS)
KeyShot4 4.1 64 bit (HKLM-x32\...\KeyShot4_64) (Version: 4.1 64 bit - Luxion ApS)
Lumion 3.0.1 (HKLM\...\Lumion 3.0.1_is1) (Version: 3.0.1 - Act-3D B.V.)
Lumion 4.0.2 (HKLM\...\Lumion 4.0.2_is1) (Version: 4.0.2 - Act-3D B.V.)
LunchBox v0.35 (HKLM-x32\...\{B12A9E24-56AF-4C15-8E53-3A7421588D7F}) (Version: 1.0.0 - Nathan Miller)
LUXONIX Purity (HKLM-x32\...\LUXONIX_Purity) (Version: 1.2.5 - LUXONIX)
Makehuman (HKLM-x32\...\Makehuman) (Version:  - )
Maxwell 3 (HKLM-x32\...\Maxwell 3) (Version:  - )
Maxwell for Rhino x64 (HKLM\...\{BF008E85-058E-49A3-B365-60E8DA7AA456}) (Version: 3.0.0 - Next Limit Technologies)
Maxwell Shell Extension (x64) (HKLM\...\{7636B8E9-4F52-41F7-A3B2-526E97F2879F}) (Version: 3.0.0 - Next Limit Technologies)
Mendeley Desktop 1.10.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.10.1 - Mendeley Ltd.)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (简体中文) (HKLM-x32\...\{94E3F4E2-EAED-4586-9214-7D51FCC4104D}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 目标包(简体中文) (HKLM-x32\...\{0CD84516-2E09-4996-A170-0907E40703AD}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help 更新 (KB963678) (HKLM-x32\...\{90120000-0016-0804-0000-0000000FF1CE}_PROPLUS_{CECF0828-8F1F-4205-86B9-61683BAF0321}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help 更新 (KB963677) (HKLM-x32\...\{90120000-001A-0804-0000-0000000FF1CE}_PROPLUS_{CB739C4F-6ABE-4CB2-BC90-57583893094F}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help 更新 (KB963669) (HKLM-x32\...\{90120000-0018-0804-0000-0000000FF1CE}_PROPLUS_{833A1F95-EEEB-47D3-B13F-3243AB2E7FA5}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help 更新 (KB963665) (HKLM-x32\...\{90120000-001B-0804-0000-0000000FF1CE}_PROPLUS_{53A3BCC0-3278-4729-8718-D17DEC19DE48}) (Version:  - Microsoft)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{5642384f-2a89-46d3-acd5-bfe8bf6e8b2f}) (Version: 14.0.24720.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MusicLab RealGuitar (HKLM\...\{1864B4F0-8888-5A57-9930-C2B307597966}) (Version: 3.0 - MusicLab, Inc.)
MusicLab RealLPC (HKLM\...\{38209080-8888-4418-8117-D190FC71BF58}) (Version: 3.0 - MusicLab, Inc.)
MusicLab RealStrat (HKLM\...\{58206080-8888-4418-8117-D190FC71BF58}) (Version: 3.0 - MusicLab, Inc.)
MusicLab Virtual MIDI Driver (HKLM\...\{A30B7FD7-04A1-46e1-ABDF-FD592C113253}) (Version: 2.0.1.0 - MusicLab, Inc.)
ѸÀ×7 (HKLM-x32\...\thunder_is1) (Version:  - ѸÀ×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.0.6361 - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NaturalReaderFree (HKLM-x32\...\{262EFBD9-A907-490F-81F4-561FDD3A8C5C}) (Version: 1.00.0000 - Naturalsoft limited)
NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
Node.js (HKLM-x32\...\{2F1FD6AA-40C4-4A64-AD78-9784DDA34FBE}) (Version: 5.9.1 - Node.js Foundation)
NVIDIA HD 音频驱动程序 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX 系统软件 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA 图形驱动程序 333.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.17 - NVIDIA Corporation)
OBS Multiplatform (HKLM-x32\...\OBS Multiplatform) (Version: 0.12.3 - OBS Project)
Online Plug-in (x32 Version: 14.0.0.91 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)
Overture 4.1 (HKLM-x32\...\Overture 4.1) (Version:  - )
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PNGGauntlet (HKLM-x32\...\{B2D251E2-A78B-42C2-9D94-695A8CCC17E9}) (Version: 3.1.1 - Ben Hollis)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Python 3.3.2 (HKLM-x32\...\{92389de9-939e-341b-a076-1d52d7dbca71}) (Version: 3.3.2150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Resolume Arena 4.1.6 (HKLM-x32\...\Resolume Arena 4.1.6_is1) (Version: 4.1.6 - Resolume)
Resolume DXV Codec 2.2 (HKLM-x32\...\Resolume DXV Codec 2.2_is1) (Version: 2.2 - Resolume VOF)
Revit 2014 (Version: 13.07.22211 - Autodesk) Hidden
Revit 2014 COLLADA exporter for Lumion users (ver. 2.12) (HKLM-x32\...\{8634DDB6-E4C3-48D1-8BD3-97D153A4843F}_is1) (Version: 2.12 - Act-3D B.V.)
Revit 2014 Language Pack - English (Version: 13.07.22211 - Autodesk) Hidden
Rhinoceros 5 (64-bit) (HKLM\...\{9495069A-920E-4C31-BFF8-559F93479D42}) (Version: 5.1.30103.0145 - Robert McNeel & Associates)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Ruby 2.1.7-p400 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\{64763A89-6347-43AF-833F-3840615C62AE}_is1) (Version: 2.1.7-p400 - RubyInstaller Team)
Ruby 2.1.7-p400 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{64763A89-6347-43AF-833F-3840615C62AE}_is1) (Version: 2.1.7-p400 - RubyInstaller Team)
Ruby 2.2.4-p230 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\{F4249FFD-42CD-4404-9534-170D074544F4}_is1) (Version: 2.2.4-p230 - RubyInstaller Team)
Ruby 2.2.4-p230 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{F4249FFD-42CD-4404-9534-170D074544F4}_is1) (Version: 2.2.4-p230 - RubyInstaller Team)
Ruby 2.2.4-p230-x64 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.4-p230 - RubyInstaller Team)
Ruby 2.2.4-p230-x64 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.4-p230 - RubyInstaller Team)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
ScoreCloud Studio (HKLM-x32\...\ScoreCloud) (Version: 3.4 - DoReMIR Music Research)
ScorpionSaver (HKLM-x32\...\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Screenhero (HKLM-x32\...\{120CB963-3BFA-475D-B884-D79809CF0BA1}) (Version: 2.3.0500 - Screenhero, Inc.)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.8.3.304115 - Linden Research, Inc.)
SecureW2 Enterprise Client 3.1.4 MSI Installer (HKLM-x32\...\{E38E0ADA-18E9-4F90-A271-73CB08609E70}) (Version: 3.1.4.0 - SecureW2)
Self-service Plug-in (x32 Version: 4.0.0.40674 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Songsmith (HKLM-x32\...\{30906093-42C6-4968-AEDD-B915972CF0DB}) (Version: 12.08.2700 - Microsoft Research)
SourceGear DiffMerge 4.2.0.697.stable (x64) (HKLM\...\{F6BEC317-F689-4158-B1F0-F229B794CFBA}) (Version: 4.2.0.697 - SourceGear, LLC)
SourceTree (HKLM-x32\...\SourceTree 1.8.3) (Version: 1.8.3 - Atlassian)
SourceTree (x32 Version: 1.8.3 - Atlassian) Hidden
Spotify (HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotify (HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg Hypersonic VSTi DXi v2.0 (HKLM-x32\...\Steinberg Hypersonic VSTi DXi_is1) (Version:  - )
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
StyleWriter 4 (HKLM-x32\...\{7DA5A2D5-8CB8-465E-96DB-9A6CCB490A86}) (Version: 4.01.05 - Editor Software (UK) Ltd)
Sublime Text Build 3103 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TC Native Bundle v3.1 (HKLM-x32\...\TC Native Bundle v3.1) (Version:  - )
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Thunder BHO Platform 2.2.0.1087 (HKLM-x32\...\Thunder BHO Platform) (Version:  - )
Triivi 2.0 (HKLM-x32\...\Triivi) (Version:  - )
TypeScript Power Tool (x32 Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.4.0 (HKLM-x32\...\{33e2204a-4ec6-4458-895a-47e2a404d990}) (Version: 1.7.24720.0 - Microsoft Corporation)
UnblockCn 1.7.0.2 (HKLM-x32\...\UnblockCn) (Version: 1.7.0.2 - 帕沃)
Unity (HKLM-x32\...\Unity) (Version: 5.0.0f4 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
V-Ray for Rhinoceros 5 x64 adv (HKLM-x32\...\V-Ray for Rhinoceros 5 x64 adv 1.50.22564) (Version: 1.50.22564 - Chaos Software, Ltd)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version:  - Herv?Leclerc (HeL))
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Weaverbird (HKLM-x32\...\{64F3A4A0-B019-4FE0-95FB-4D1AB342E412}) (Version: 0.9.0.1 - Piacentino Architecture)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.7 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.5 - Wacom Technology Corp.)
WiFi万能钥匙 2.0.8 (HKLM-x32\...\{64F2A3E8-CC58-4E86-8468-23EB6A214707}_is1) (Version: 2.0.8 - 上海连尚网络科技有限公司)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (64 位) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
上海浦东发展银行网上银行安全控件 v4.0 (HKLM-x32\...\{9BE6AB55-241C-4665-BC09-0C7F71ED2D84}_is1) (Version:  - SPDB)
上海浦东发展银行网上银行安全控件 v5.0 (HKLM-x32\...\{7161BFED-CF2A-48BC-AF97-6E8D4ABEDE7E}_is1) (Version:  - SPDB)
上海浦东发展银行网银管家 v1.0.0.7 (HKLM-x32\...\{6B09878D-62DD-45B4-BE9F-225628C43553}_is1) (Version:  - 上海浦东发展银行)
优酷加速组件 (HKLM-x32\...\YoukuClient) (Version: 6.7.2.11138 - youkutudou, Inc.)
天地融 SPDB CSP 版本1.0.0.7 (HKLM-x32\...\AAAAAAAA-7118-4eae-A408-9AF720A1F08D) (Version: 1007 - )
屏幕录像专家 共享版 V2013 Build0628 (HKLM-x32\...\{06790BAF-E880-4701-99B1-037BC450ABAA}_is1) (Version:  - tlxsoft)
微软拼音简捷 2012 流行词汇更新 (KB2723161) (HKLM-x32\...\{301FC5F5-7BF6-4CA3-9DB1-5936DF0850B4}) (Version: 15.0.1800 - Microsoft)
招商银行一网通网盾 (HKLM-x32\...\CMBWebProtect) (Version:  - )
搜狗壁纸 1.9x正式版 (HKLM-x32\...\SogouWallPaper) (Version: 1.9.0.1535 - Sogou.com)
搜狗拼音输入法 7.9正式版 (HKLM-x32\...\Sogou Input) (Version: 7.9.0.7576 - Sogou.com)
支付宝安全控件 4.6.0.3481 (HKLM-x32\...\alieditplus) (Version: 4.6.0.3481 - Alipay.com Co., Ltd.)
支付宝数字证书组件 2.5.0.0 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\AlipayCert) (Version: 2.5.0.0 - Alipay.com Co., Ltd.)
支付宝数字证书组件 2.5.0.0 (HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\AlipayCert) (Version: 2.5.0.0 - Alipay.com Co., Ltd.)
易改 0.9.2.4 (HKLM-x32\...\{CA216CEC-3AF4-4DB5-AD17-EDF4038D7A54}_is1) (Version: 0.9.2.4 - 硅易科技)
有道词典 (HKLM-x32\...\有道词典) (Version: 6.2 - 网易公司)
橙光文字游戏制作工具[64位] 1.27.102.0827 (HKLM-x32\...\橙光文字游戏制作工具[64位]) (Version: 1.27.102.0827 - 北京六趣网络科技有限公司)
百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.3 - 百度在线网络技术(北京)有限公司)
百度影音4.0.2.53 (HKLM-x32\...\BaiduPlayer) (Version: 4.0.2 - 百度在线网络技术(北京)有限公司)
硕鼠 0.4.7.7 正式版 (HKLM-x32\...\硕鼠) (Version: 0.4.7.7 正式版 - flvcd.com)
美图秀秀 4.0.1  (HKLM-x32\...\美图秀秀) (Version:  - 美图网)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 7.7.16077.0 - 腾讯科技(深圳)有限公司)
西瓜 (HKLM-x32\...\西瓜) (Version:  - )
迅雷看看播放器 (HKLM-x32\...\迅雷看看播放器) (Version: 4.9.12.1909 - 迅雷网络技术有限公司)
迅雷看看高清播放组件 (HKLM-x32\...\迅雷看看高清播放组件) (Version: 1.0.0.157 - 迅雷网络技术有限公司)
阿里旺旺2014Beta1 (HKLM-x32\...\阿里旺旺2014Beta1) (Version:  - 阿里巴巴(中国)有限公司)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2954409459-184384724-1730954954-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\A\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2954409459-184384724-1730954954-1004_Classes\CLSID\{08D512D2-7D97-4E22-B7DB-82791106C086}\InprocServer32 -> C:\Users\A\AppData\Roaming\alipay\cf\alicdo_x64.dll (Alipay)
CustomCLSID: HKU\S-1-5-21-2954409459-184384724-1730954954-1004_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2954409459-184384724-1730954954-1004_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2954409459-184384724-1730954954-1004_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\AliWangWang\8.60.00C\AliIMX_64.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-2954409459-184384724-1730954954-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2954409459-184384724-1730954954-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\A\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2954409459-184384724-1730954954-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\A\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2954409459-184384724-1730954954-1004_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2954409459-184384724-1730954954-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\A\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01D5C04F-43F7-49F0-96AE-36F47D1F3D10} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-25] (ASUS)
Task: {0330076E-4AA4-4A30-A280-F3B4459F96F9} - \AutoKMS -> No File <==== ATTENTION
Task: {0481F6EF-9B47-45ED-9E51-7562A117021D} - System32\Tasks\AdobeAAMUpdater-1.0-Hi-Saya => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {604D66AE-C906-4DEA-939A-3F76C8F67BA6} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)
Task: {68F2B025-72FA-4B09-82B1-787D6FD55515} - System32\Tasks\MATLAB R2012b 启动加速器 => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe
Task: {789828F5-5C7D-48A2-BE99-18C8D6B47192} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-25] (ASUSTek Computer Inc.)
Task: {873512CC-B022-4FBF-879C-DC05B3F57984} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2954409459-184384724-1730954954-1004Core => C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-12] (Google Inc.)
Task: {97F0E27F-EE6F-4BA1-AAF5-82FF206274D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-20] (Adobe Systems Incorporated)
Task: {9E7FAC4C-F488-4C17-A41D-6DA3217B4AA1} - \Screenhero Daemon -> No File <==== ATTENTION
Task: {9ECA7FEC-402B-4634-A5C1-118CC6CE3E1C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-03] (AVAST Software)
Task: {AEC84203-0B3B-4F58-A698-BBA33E8C26B0} - System32\Tasks\ProtectBaiduPlayer => C:\Program Files (x86)\baidu\BaiduPlayer\4.0.1.81\bdyyProtect.exe
Task: {BD31A3B8-49D1-44B5-AACD-C433D0A7C9E2} - System32\Tasks\SafeZone scheduled Autoupdate 1467472614 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {CA10F139-A474-4534-A4ED-676DDEE37960} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2954409459-184384724-1730954954-1004UA => C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-12] (Google Inc.)
Task: {DD49E2B4-BBB4-4F68-9E22-FD4A105163B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E187518F-01C4-495A-9FD2-9B2915699A4B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-03] (AVAST Software)
Task: {E25675CD-7984-4088-8DB3-48FABDB7127C} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-saya370@qq.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {E5045580-0754-435D-8D51-DB15B84CC472} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-01] (AsusTek)
Task: {EDFE942C-77DE-4485-92B8-48003CD8F144} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\MATLAB R2012b 启动加速器.job => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.4-p230-x64\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby22-x64\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.2.4-p230\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby22\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.1.7-p400\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Program Files (x86)\Heroku\ruby-2.1.7\bin\setrbvars.bat
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-10-27 01:17 - 2014-05-14 07:49 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-12-26 09:43 - 2014-05-14 08:17 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-09 22:32 - 2010-10-13 10:41 - 01182576 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-08-25 11:26 - 2012-08-25 11:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-08 13:52 - 2014-03-18 10:10 - 00080312 _____ () C:\Windows\system32\IGFXEXPS.DLL
2012-07-26 17:58 - 2012-07-26 17:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2016-07-02 12:59 - 2016-06-23 23:26 - 02336584 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-07-02 12:59 - 2016-06-23 23:25 - 00107336 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\libegl.dll
2016-07-02 12:59 - 2016-06-23 12:27 - 31514816 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\PepperFlash\pepflashplayer.dll
2016-07-03 01:11 - 2016-07-03 01:11 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-03 01:11 - 2016-07-03 01:11 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-03 12:01 - 2016-07-03 12:01 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\16070201\algo.dll
2014-07-31 11:50 - 2014-06-21 16:19 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-07-31 11:50 - 2014-06-21 16:19 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2012-08-25 11:17 - 2012-08-25 11:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-12-26 09:43 - 2014-05-14 07:49 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-06-30 16:59 - 2016-06-30 16:59 - 00564136 _____ () C:\Program Files (x86)\360\360Safe\safemon\safehmpg.dll
2013-07-11 18:09 - 2015-01-21 15:32 - 00098416 _____ () C:\Program Files (x86)\360\360Safe\360Verify.dll
2016-07-03 01:11 - 2016-07-03 01:11 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-12-26 09:39 - 2012-06-26 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-03-13 12:15 - 2014-03-13 12:15 - 01256248 _____ () C:\Windows\SYSTEM32\DBPinpad_SPDB.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\A\Cookies:tZHizv9U0RsfWnHXW460j [2138]
AlternateDataStreams: C:\Users\A\AppData\Local\D4iis08lNBu0z:jAUozep2obNqWlLpectYw [2250]
AlternateDataStreams: C:\Users\A\AppData\Local\d61yNyrArl:AUAqp3luZQ9UEdichPGdChTK [1974]
AlternateDataStreams: C:\Users\A\AppData\Local\Temporary Internet Files:Cx7doLsrBf3BDEA3IeX5LJWWk [2280]
AlternateDataStreams: C:\ProgramData\Microsoft:FqfZF6zQ0CBNVGpFSyfW [2378]
AlternateDataStreams: C:\ProgramData\Microsoft:fr9idVpCP8ro3P85TRx1QpJnH [2192]
AlternateDataStreams: C:\ProgramData\Microsoft:WXGIGcJ60eb4sk6NvlKk [2306]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\.DEFAULT\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\.DEFAULT\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\.DEFAULT\...\taobao.com -> hxxp://taobao.com
IE trusted site: HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\cfca.com.cn -> hxxp://www.cfca.com.cn
IE trusted site: HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\com.cn -> hxxps://cardsonline.spdbccc.com.cn
IE trusted site: HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\spdb.com.cn -> hxxps://ebank.spdb.com.cn
IE trusted site: HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\spdb.com.cn -> hxxp://ebank.spdb.com.cn
IE trusted site: HKU\S-1-5-21-2954409459-184384724-1730954954-1004\...\spdbccc.com.cn -> hxxps://cardsonline.spdbccc.com.cn
IE trusted site: HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\cfca.com.cn -> hxxp://www.cfca.com.cn
IE trusted site: HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\com.cn -> hxxps://cardsonline.spdbccc.com.cn
IE trusted site: HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\spdb.com.cn -> hxxps://ebank.spdb.com.cn
IE trusted site: HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\spdb.com.cn -> hxxp://ebank.spdb.com.cn
IE trusted site: HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\spdbccc.com.cn -> hxxps://cardsonline.spdbccc.com.cn
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 15:26 - 2016-06-15 14:40 - 00001379 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2954409459-184384724-1730954954-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\A\Desktop\unity sell assets\lowpoly-island-asset store\screen_3840x2160_2016-05-19_03-43-55.png
HKU\S-1-5-21-2954409459-184384724-1730954954-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\A\Desktop\unity sell assets\lowpoly-island-asset store\screen_3840x2160_2016-05-19_03-43-55.png
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CDE0BAB8-63A4-452F-834F-386FEAC9E8A8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{157D9B7A-F12F-4BF6-9197-C107DA9CD20C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8A709175-0AD0-4C83-8B6C-2432C621D1E0}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe
FirewallRules: [{D0EE7C4F-6781-44C5-9DB1-3664DCC6E5E7}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe
FirewallRules: [{ED38340C-CD4E-4C40-8BD7-DD83073B0B5F}] => (Allow) C:\Program Files (x86)\360\360Safe\LiveUpdate360.exe
FirewallRules: [{65C6A5DD-5CCB-403B-9BE9-D2ACB21B3105}] => (Allow) C:\Program Files (x86)\360\360Safe\LiveUpdate360.exe
FirewallRules: [{561A9373-F1C9-4387-A341-FEAB722DA4BF}] => (Allow) C:\Program Files\KeyShot4\bin\keyshot4.exe
FirewallRules: [{4F52D96E-9632-45FA-8479-AF6D9FB02C67}] => (Allow) C:\Program Files\KeyShot4\bin\keyshot4.exe
FirewallRules: [{B6F0D537-6B0C-4E39-87CE-74E5C71ABF54}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\speed_viewer_i.exe
FirewallRules: [{79299996-74B6-4D73-9566-A35C14106ED2}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\speed_viewer_i.exe
FirewallRules: [{5F8176BD-F39A-458C-ABD1-7129A4882FB3}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\lsp_check.exe
FirewallRules: [{70F33CAD-62D3-44F4-AB19-D8BCDEFD7445}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\lsp_check.exe
FirewallRules: [{43583BF7-C8EA-4C0D-946A-ED4CBC939959}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{6F34DFD6-E624-472E-AB2F-B5498B304C4C}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{4F8C4980-6CA9-48A1-9305-9884BEF69B74}] => (Allow) LPort=33674
FirewallRules: [{596162DB-5A7C-4E8A-A23A-72E545D6DD84}] => (Allow) LPort=33673
FirewallRules: [{469021CE-7CB6-451C-BF3E-839EE7EF40B5}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\net_monitor_i.exe
FirewallRules: [{2B727A45-875A-4A71-90A8-BE1D82B8FCA4}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\net_monitor_i.exe
FirewallRules: [{C646FC3D-2150-45C8-BA53-654811EB022F}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\lsp_check.exe
FirewallRules: [{01EDB542-DE15-4E12-B2C8-49E3C68C99E1}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\lsp_check.exe
FirewallRules: [{C02A4F44-5C3E-41C0-AABE-6BB9A0C31772}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{5807D392-8DB4-435C-917B-6E0CCBB02B22}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{0E01DC97-FA27-4834-8DD8-650130AC8EF5}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\xmp.exe
FirewallRules: [{980B2C76-7C70-4C07-9DEC-BDB49747A0EB}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\xmp.exe
FirewallRules: [{E455CE47-D767-462C-8CF2-10602F16B0D3}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XLLiveUD.exe
FirewallRules: [{D6A0C137-604D-424B-9036-46A04A7C17F1}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XLLiveUD.exe
FirewallRules: [{B2E4388B-EC1A-47FB-93A2-AA8E4CFE0ABF}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XLBugReport.exe
FirewallRules: [{319C4EFB-1F47-4491-AB8F-001CCD0B1B3C}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XLBugReport.exe
FirewallRules: [{CB523AB5-C3BD-4A91-B7EC-CDF6788605F9}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.208_1111\ThunderPlatform.exe
FirewallRules: [{A080BFF1-F872-456E-8609-34FF4EF27B35}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.208_1111\ThunderPlatform.exe
FirewallRules: [{1DEBBEDF-2F37-496A-BA68-CDF0B0388E5D}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.208_1111\XLBugReport.exe
FirewallRules: [{FB9B958C-A469-4DB1-89E1-A3A89C35AF40}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.208_1111\XLBugReport.exe
FirewallRules: [{5AA34895-A897-4A62-8B23-556C5637822C}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Xmp.exe
FirewallRules: [{CF0F2178-D730-4E0E-AF8B-548DBC492F0F}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Xmp.exe
FirewallRules: [{6F710480-C177-459C-ABAA-502E34175A99}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\ThunderServiceLite.exe
FirewallRules: [{79B9FF7A-1045-405B-A925-A0E756ADBD3F}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\ThunderServiceLite.exe
FirewallRules: [{2F8D90FA-54C0-4AD3-8085-D6FAF37F6A90}] => (Block) %ProgramFiles%\Lumion 3.0.1\Lumion.exe
FirewallRules: [{7CF6B2D4-4849-4123-A28A-9ED4FB8E4510}] => (Block) %ProgramFiles%\Lumion 3.0.1\Lumion.exe
FirewallRules: [{917D01A4-2B6B-4DFD-B71E-52A2DCAAC2E6}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.208_1111\thunderplatform.exe
FirewallRules: [{BF0DA190-90E8-4DA7-B5BC-480993AFA071}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.208_1111\thunderplatform.exe
FirewallRules: [{D18CBD83-1AB3-469C-B0D6-F23E53901A59}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{BF8FF2E4-C653-4504-8D43-C5C05B3C3506}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{E4CA9BBC-3052-470B-B923-775646157AD9}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XLLiveUD.exe
FirewallRules: [{B488AC43-5312-45FE-87A8-B6269E844178}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XLLiveUD.exe
FirewallRules: [{FB810A76-BB1C-4295-8C9E-527FB805F2DE}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XLBugReport.exe
FirewallRules: [{5F17586B-4745-4106-8798-1A21C414D016}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\Program\XLBugReport.exe
FirewallRules: [{C9E6BA62-ADB2-4B00-A255-10A497A1EB21}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\TP\ThunderPlatform.exe
FirewallRules: [{0FAF5C60-32C3-4480-8079-DCF6725C9AE8}] => (Allow) C:\Program Files (x86)\Thunder Network\Xmp\TP\ThunderPlatform.exe
FirewallRules: [{36353874-61DE-497A-8367-BDA7C0414BA5}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\ThunderServiceLite.exe
FirewallRules: [{288DBD71-2153-4509-92EB-5AE29FC36DC8}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\ThunderServiceLite.exe
FirewallRules: [{B4A73EED-8F03-43C0-9EEE-575FF7BCC9E6}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\KanKanLive.exe
FirewallRules: [{660847D6-603A-47BE-98F5-022B4E66D354}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\KanKanLive.exe
FirewallRules: [{6BC34A1D-9F87-4F68-B05C-AC5FFE2972A3}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\XLBugReport.exe
FirewallRules: [{E1546CB8-562C-4471-9A99-01B7F493BF21}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\Kankan\XLBugReport.exe
FirewallRules: [{3902C788-D754-42E6-B992-70FDCD0B40F2}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLLiveUD.exe
FirewallRules: [{404CB773-0E52-41AD-90F5-D3D1C11B647B}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLLiveUD.exe
FirewallRules: [{FC2C07F6-BDA7-4100-908E-893DAE37AEA1}] => (Allow) C:\Users\Public\Thunder Network\KanKan\Pusher\XmpTipWnd.1.0.0.73.exe
FirewallRules: [{334795AE-FD29-481A-AAC1-928731CF0269}] => (Allow) C:\Users\Public\Thunder Network\KanKan\Pusher\XmpTipWnd.1.0.0.73.exe
FirewallRules: [TCP Query User{794BD92F-8D8C-4F87-80F3-DE7E31B1825B}C:\program files\processing-2.1\java\bin\java.exe] => (Allow) C:\program files\processing-2.1\java\bin\java.exe
FirewallRules: [UDP Query User{C5A24D25-EE0E-47D3-A919-E7B30FBEE113}C:\program files\processing-2.1\java\bin\java.exe] => (Allow) C:\program files\processing-2.1\java\bin\java.exe
FirewallRules: [{2BFB9921-5E7F-4169-B0E6-BE026CE8E541}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360tray.exe
FirewallRules: [{B632173F-D0BC-46C9-AF9C-CBB2267F9DBB}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360tray.exe
FirewallRules: [{011AB3CB-FF2C-4AAC-85C5-8E36C94B5B7A}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{A4344F2B-0CAB-4E66-A86F-64C51554823B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{D8515DC1-0617-4FF0-A108-221D09B7BDE3}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{EB96CECE-E9D2-44F4-9AB6-58AA68254653}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{D92660F7-6D0E-4B31-BE0A-C596950BF9A2}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{5BBC637E-C7E5-4CF1-BADD-1B60B5279996}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [TCP Query User{6647DAAA-334C-4A57-BE8A-5BB18F967A05}C:\program files\autodesk\maya\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya\maya2014\bin\maya.exe
FirewallRules: [UDP Query User{BE224634-79BE-4276-990E-3BA3D23A4345}C:\program files\autodesk\maya\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya\maya2014\bin\maya.exe
FirewallRules: [TCP Query User{7DEED4D4-F00B-4D7A-9F3A-BF794E1501F5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{F178A6D9-46B0-419C-9E75-AFCFF8E7042F}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{BDC4DFBB-AA17-4904-8FFA-5921FBD7DFEE}C:\program files (x86)\360\360sd\360sdupd.exe] => (Allow) C:\program files (x86)\360\360sd\360sdupd.exe
FirewallRules: [UDP Query User{D01936A2-44A8-4014-90EF-0F036BE5D72B}C:\program files (x86)\360\360sd\360sdupd.exe] => (Allow) C:\program files (x86)\360\360sd\360sdupd.exe
FirewallRules: [TCP Query User{ED37E68B-D2B3-4F5E-B099-BA81DE8E2AD7}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{FB3E0134-5C70-477D-BDA6-47E8EC2C4C92}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [TCP Query User{32241512-CA62-4759-8B37-2B029DBAA3FB}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{869E5DF3-4BF4-4400-B09F-FB8F586A86D0}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{F1BDDE7C-D8A7-41DB-9776-C0F025BAAAAC}C:\program files (x86)\resolume arena 4.1.6\arena.exe] => (Block) C:\program files (x86)\resolume arena 4.1.6\arena.exe
FirewallRules: [UDP Query User{2CD6DC10-D33B-45F5-8554-3171FBCC2CFB}C:\program files (x86)\resolume arena 4.1.6\arena.exe] => (Block) C:\program files (x86)\resolume arena 4.1.6\arena.exe
FirewallRules: [TCP Query User{B649C9D4-794A-4D12-9766-F16C320F4FC1}C:\program files (x86)\vvvv_45beta31.2_x86\vvvv.exe] => (Allow) C:\program files (x86)\vvvv_45beta31.2_x86\vvvv.exe
FirewallRules: [UDP Query User{02B7EFF4-7964-4D07-8C7C-8D6306140EFE}C:\program files (x86)\vvvv_45beta31.2_x86\vvvv.exe] => (Allow) C:\program files (x86)\vvvv_45beta31.2_x86\vvvv.exe
FirewallRules: [TCP Query User{CEAFFA86-ECD8-4BE1-A735-3056BD3AC43A}C:\program files (x86)\image-line\minihost\minihostmodular.exe] => (Allow) C:\program files (x86)\image-line\minihost\minihostmodular.exe
FirewallRules: [UDP Query User{4C36A000-21BD-4496-8DDE-0867CD735408}C:\program files (x86)\image-line\minihost\minihostmodular.exe] => (Allow) C:\program files (x86)\image-line\minihost\minihostmodular.exe
FirewallRules: [TCP Query User{23C9F55E-2F29-4294-9CB7-1CA29513DABB}C:\program files (x86)\360\360safe\360leakfixer.exe] => (Allow) C:\program files (x86)\360\360safe\360leakfixer.exe
FirewallRules: [UDP Query User{216D06CA-328D-4C24-9C4B-7CDFE440E71B}C:\program files (x86)\360\360safe\360leakfixer.exe] => (Allow) C:\program files (x86)\360\360safe\360leakfixer.exe
FirewallRules: [TCP Query User{937AD67D-A706-4B5C-BFFC-E31AC6635E92}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Allow) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe
FirewallRules: [UDP Query User{7239D740-D210-47DB-A7B0-A47D2858B499}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Allow) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe
FirewallRules: [TCP Query User{B2CFAFFF-A49B-4EF7-BF34-59AAE59DAAAF}C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{0617395A-6AFD-468A-BA82-C62C04B6C158}C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{74D3340C-D548-40C4-9219-CA36C46186CD}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Block) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{274AA4CB-6A38-4869-95FE-3AB624CF15E5}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Block) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{A4B15057-D2DD-4CB7-8276-27AD9EB285E2}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{4AB48284-D2B7-4408-9C44-438DC25977A0}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{5C3F2E26-F6EE-48FF-B63C-FB154E030413}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [{D13BA754-2A9B-4909-B353-F93A4896F33D}] => (Allow) C:\Program Files\Autodesk\3D Max\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{8D9F14CA-DF8D-47FF-AC5D-AF6122919569}] => (Allow) C:\Program Files\Autodesk\3D Max\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{FB9AB9AA-A68E-4602-9405-E631EE9E65E6}] => (Allow) C:\Program Files\Autodesk\3D Max\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{3E25833B-2A0F-413E-B0B4-21E949452FFA}] => (Allow) C:\Program Files\Autodesk\3D Max\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{D576BA2F-2360-48F6-A328-80E39971913D}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot5.exe
FirewallRules: [{FCF9E747-A50D-4A75-9223-CE55BBBE9F05}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{33058BD9-9C78-4E5F-AC71-A7FBF8B0AFE0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AB8F5D02-EE90-4D44-9ACB-D34A66AF7B9C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{2E88D93B-5EF9-4A08-83D2-E36F280A74E9}C:\users\a\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\a\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F13E61A6-C1DD-412C-9DAF-5373F13350D7}C:\users\a\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\a\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4323DA2B-19DA-4E70-A9D2-415F991C3FC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0372405-8C9A-4A88-B9F7-03E51FAE92A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{062B26DF-6FE4-4DDA-8E97-970756BF5166}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6AC3D3DB-0F87-4CD3-B770-4322E62E8061}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{FCF37EAA-EB7D-4473-9FF3-D91F07907843}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{9187D279-7DDC-4536-8006-59A617D5697C}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{0C791911-11B0-4B51-9364-CDD3F0291917}C:\program files\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\program files\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{69EE642F-E700-4EE2-A7E6-3CC86919913D}C:\program files\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\program files\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{2800575F-B864-40D8-9379-42ED72136D5B}] => (Block) C:\program files\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{63CB5B39-6525-457D-BE14-F7116462C963}] => (Block) C:\program files\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{DC766EAB-54F6-4057-8A9E-6B46A0864EB1}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [UDP Query User{F8C6C584-D0E3-4D9C-B0D9-1D332D01E4FF}C:\program files (x86)\aliwangwang\aliim.exe] => (Allow) C:\program files (x86)\aliwangwang\aliim.exe
FirewallRules: [TCP Query User{7B0F9613-1C26-4019-BA84-B97A8597B3BF}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{190FC98B-D670-4F89-A587-BD2CA6982A29}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{7090D05A-3024-485A-BA31-BDBC11E4F052}C:\program files\java\jdk1.7.0_45\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_45\bin\java.exe
FirewallRules: [UDP Query User{AC7E3F05-56DF-4D81-97FE-095D485B7FF3}C:\program files\java\jdk1.7.0_45\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_45\bin\java.exe
FirewallRules: [TCP Query User{B84823EC-21FC-41F4-8E9F-FC73CD5A4075}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{5AC8FC74-9AC3-4884-8BAB-6745E66A63B2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{2A520C93-2AA4-40F5-A06E-1387E0908B3A}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{10A417C2-2A12-49E3-B8C1-BB07B2AB4A7E}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{4CA5CF40-74DC-42B6-A5C8-5A404A2E1116}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3A9E1129-9367-4F3C-9DE4-215D5480E37C}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{A71C3519-BF62-4771-9A35-823E7947DDA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5EB6255D-49DF-413D-89D8-2AD7560CAD56}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4324F51C-8D3F-4B25-AA63-8CA7F6393D47}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{B9F03DFC-A8A4-41D1-B008-B6E19F37878F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{4D64C5C5-FE92-4632-A31B-786A2B82D409}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{3AFCD8F4-59A2-4F0E-B353-EC0CEBFA4880}C:\program files\unity_5.3\editor\unity.exe] => (Allow) C:\program files\unity_5.3\editor\unity.exe
FirewallRules: [UDP Query User{15594D23-BA74-4DCD-BD2E-591D7DAA0DFF}C:\program files\unity_5.3\editor\unity.exe] => (Allow) C:\program files\unity_5.3\editor\unity.exe
FirewallRules: [TCP Query User{D2DA1CC8-8998-4233-AB01-0F51C7912779}C:\program files\unity_5.0\editor\unity.exe] => (Allow) C:\program files\unity_5.0\editor\unity.exe
FirewallRules: [UDP Query User{656FBA1F-AB7B-488C-B3B7-7ED29674633C}C:\program files\unity_5.0\editor\unity.exe] => (Allow) C:\program files\unity_5.0\editor\unity.exe
FirewallRules: [TCP Query User{FEA25BBE-85ED-40FF-ABD3-660C220ABE4C}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe
FirewallRules: [UDP Query User{DC956A74-E380-4818-9CCC-DF8CB66496D3}C:\program files (x86)\nodejs\node.exe] => (Allow) C:\program files (x86)\nodejs\node.exe
FirewallRules: [TCP Query User{37200D22-A003-46D9-8F7F-0F05BED5B474}C:\ruby22\bin\ruby.exe] => (Allow) C:\ruby22\bin\ruby.exe
FirewallRules: [UDP Query User{8910BC60-86EC-412D-8108-349E7F543BF6}C:\ruby22\bin\ruby.exe] => (Allow) C:\ruby22\bin\ruby.exe
FirewallRules: [{9D34A3BE-4A18-43D0-870B-C3E606FF00AF}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGTool.exe
FirewallRules: [{4EBC68F2-48B5-4BF5-BF39-DDC4C8B4FDAA}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGTool.exe
FirewallRules: [{53E6DC62-93D4-486F-AF47-37BCCD7B0163}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGTool.exe
FirewallRules: [{31B0D5E3-A152-40AF-823D-FD98E04B0441}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGTool.exe
FirewallRules: [{BFFE8A2B-D826-4A07-B422-AFCEB0629339}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGTool.exe
FirewallRules: [{5E4D3BFF-A94E-40C6-9E3C-B4FB5D0C627F}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGTool.exe
FirewallRules: [{9573515D-75AC-4060-A2AD-24A891397401}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\PinyinUp.exe
FirewallRules: [{61E89A11-5885-4B61-A11B-E33DF402065E}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\PinyinUp.exe
FirewallRules: [{C584C90F-D7A0-459F-BD4A-A6CA9B30F2FD}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\PinyinUp.exe
FirewallRules: [{A57EAAF7-2B97-4C4F-8DAC-66BEBF7EEA82}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\PinyinUp.exe
FirewallRules: [{035E13EB-5274-4BA5-9CBA-77FB6A83AC45}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\PinyinUp.exe
FirewallRules: [{10BB05F0-7C9C-47B8-8EF9-B0EE22D306F9}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\PinyinUp.exe
FirewallRules: [{76F80C98-E72C-436A-AFE1-DE0CCD1E3023}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGDownload.exe
FirewallRules: [{3FFADED0-67C2-405B-B85D-7A1D4B3894DA}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGDownload.exe
FirewallRules: [{8D29E30B-4D44-4C6C-9257-9BC589A3B74B}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGDownload.exe
FirewallRules: [{453A5553-4321-4759-A7FF-728AE53B2FF2}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGDownload.exe
FirewallRules: [{5853E7AD-96E4-44A0-8D69-B4F362F305FC}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGDownload.exe
FirewallRules: [{432EE3EB-3B99-452C-923B-F781622D9BDA}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGDownload.exe
FirewallRules: [{3E907BBD-AC3C-45FD-9720-120229567EDC}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SogouCloud.exe
FirewallRules: [{26F60136-6199-4AD7-A295-418874EA7FD5}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SogouCloud.exe
FirewallRules: [{1ADBF652-F717-4F24-9037-417ADEFBE0C1}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SogouCloud.exe
FirewallRules: [{C4F967A5-9CCC-4F79-9644-3BAD35CC4B8A}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SogouCloud.exe
FirewallRules: [{66707CBA-2055-43F1-B321-390396E66B20}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SogouCloud.exe
FirewallRules: [{10DF8F96-AB1C-4D46-86DD-500BC1079FE0}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SogouCloud.exe
FirewallRules: [{43485DF5-0CEC-4CAC-8638-C5ECA17C514F}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{A811AAA4-4483-4CBC-B78C-3D288D3384A4}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{A8BA44DD-A6C6-4C08-8AC8-DF30C43094A6}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{EB927665-852F-46DF-922F-8F031570437F}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B52D9E32-A10E-4FD9-9EC5-012B9A5F43D1}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{22866962-B1C4-4B48-BB3E-33431ED9D996}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{B386480A-B061-4F58-A311-67911188245E}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\userNetSchedule.exe
FirewallRules: [{31DB6282-BEBD-4FE0-A939-BD05A7189C4A}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\userNetSchedule.exe
FirewallRules: [{C6EEAF43-3E89-482A-852C-77F3734BA07F}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\userNetSchedule.exe
FirewallRules: [{75355373-5203-45E8-98CD-1889807ED881}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\userNetSchedule.exe
FirewallRules: [{90039E54-D209-4C78-B2E1-956CA9811F4F}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\userNetSchedule.exe
FirewallRules: [{0A1660AF-7D30-4C91-A6C9-E4FF16E1F14D}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\userNetSchedule.exe
FirewallRules: [{C9B61C7F-B1CC-408E-A85E-5D4A07D572F0}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGMedalLoader.exe
FirewallRules: [{86AB051F-A4EB-4CC2-AAFB-569A1176C1F9}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGMedalLoader.exe
FirewallRules: [{0FD1B919-CCEC-465F-8B30-7F342F89A530}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGMedalLoader.exe
FirewallRules: [{B3618A22-F3AC-487D-A1C1-1949D8289604}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGMedalLoader.exe
FirewallRules: [{F4BB6DDD-4BD1-4A87-9510-46D1E62BDCF6}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGMedalLoader.exe
FirewallRules: [{4CC18B69-72EA-4A2B-AE02-02C5AA2F9FA1}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7576\SGMedalLoader.exe
FirewallRules: [{BD72D7EA-6DA8-4259-9C64-7C8DCB8DAFB2}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{5EA93889-C84B-4004-AC36-28D47A1CD5BA}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{4D80940F-2BB5-46D7-B83D-7572D3DD3020}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{024E13E4-55EA-433A-8EBB-E8E1A4FA84B3}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{9D5C6A95-FA3A-4146-9CF3-76452349D131}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{5D4B4229-2DBB-460D-AADC-F5A4167B685F}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [TCP Query User{0004F6BA-E3A1-449B-9706-49A7521BED1F}C:\python33\python.exe] => (Allow) C:\python33\python.exe
FirewallRules: [UDP Query User{D304B860-8FCD-450A-984F-009768C99F32}C:\python33\python.exe] => (Allow) C:\python33\python.exe
FirewallRules: [{3C48179B-55AB-4CC8-9E3F-691FB279F945}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DFD0303A-53D7-4CA4-B268-51A17505D58A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C502233D-7EEE-47BE-BC6F-DF1A7EDE4C99}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D74D25AD-EAB3-432A-B334-7E70E7047319}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{341F2B4D-C94D-4054-92FF-8A3FDE7773CB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{70C27FCA-0247-458F-B202-3A4EC3E925B2}] => (Allow) C:\Users\A\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{1963A5B5-9E09-4294-9113-D44C6BD1F0A0}] => (Allow) C:\Users\A\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{804BB93A-D03C-4C18-B675-12AF715B747A}] => (Allow) C:\Users\A\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [TCP Query User{2D21B13B-1340-4002-964C-C138DA34FFB3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8CABBFB5-AFCD-4ED8-85E7-9A41B901DEFD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{F36D621D-5272-447C-BC0B-B472E4C923AC}C:\program files (x86)\youku\tudouclient\ikuacc.exe] => (Allow) C:\program files (x86)\youku\tudouclient\ikuacc.exe
FirewallRules: [UDP Query User{83C55F7D-9589-43B6-AA6E-E652E23DE955}C:\program files (x86)\youku\tudouclient\ikuacc.exe] => (Allow) C:\program files (x86)\youku\tudouclient\ikuacc.exe
FirewallRules: [{A531A65B-3A32-4CC9-994A-74C72E361BF0}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{410E90FB-951B-427B-A4DC-4C70A2F9E0B9}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{03C647B1-C8B4-43EF-B310-D09DDA647268}] => (Allow) C:\Program Files (x86)\360\360Safe\netmon\360SpeedTest.exe
FirewallRules: [{DD0389F8-EA46-4796-A41A-3064784FE44C}] => (Allow) C:\Program Files (x86)\360\360Safe\netmon\360SpeedTest.exe
FirewallRules: [TCP Query User{CA12635E-B51E-44FC-9847-C003A859348A}C:\program files (x86)\xigua\2.12.0.5\xgtray.exe] => (Allow) C:\program files (x86)\xigua\2.12.0.5\xgtray.exe
FirewallRules: [UDP Query User{6023AC94-2B34-44D0-9D14-A3BE2DC551EC}C:\program files (x86)\xigua\2.12.0.5\xgtray.exe] => (Allow) C:\program files (x86)\xigua\2.12.0.5\xgtray.exe
FirewallRules: [TCP Query User{CD8E3870-1B6A-4460-8F2F-2FB021542F9B}C:\program files (x86)\xigua\2.12.0.5\xgengine.exe] => (Allow) C:\program files (x86)\xigua\2.12.0.5\xgengine.exe
FirewallRules: [UDP Query User{A61CD14F-ECE7-46D1-BC21-111F31148EDB}C:\program files (x86)\xigua\2.12.0.5\xgengine.exe] => (Allow) C:\program files (x86)\xigua\2.12.0.5\xgengine.exe
FirewallRules: [TCP Query User{F0EEF3E6-4827-47BD-B7C5-8890CE91C9BA}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{C1E38796-3605-4D8F-BB3B-BADF2706B6AF}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{66FD3F69-267B-4786-A645-A758919CEE16}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Meitu\KanKan\KanKan.exe] => Enabled:KanKan
 
==================== Restore Points =========================
 
02-07-2016 00:10:19 20160702
03-07-2016 01:20:58 ASU_MSI_TRAN
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/03/2016 02:53:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: FRST64.exe,版本: 2.7.2016.0,时间戳: 0x577796d8
错误模块名称: FRST64.exe,版本: 2.7.2016.0,时间戳: 0x577796d8
异常代码: 0xc0000005
错误偏移量: 0x0000000000026519
错误进程 ID: 0x2318
错误应用程序启动时间: 0xFRST64.exe0
错误应用程序路径: FRST64.exe1
错误模块路径: FRST64.exe2
报告 ID: FRST64.exe3
错误程序包全名: FRST64.exe4
错误程序包相对应用程序 ID: FRST64.exe5
 
Error: (07/03/2016 02:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: SearchIndexer.exe,版本: 7.0.9200.16579,时间戳: 0x51635d0c
错误模块名称: ntdll.dll,版本: 6.2.9200.17438,时间戳: 0x55a41b15
异常代码: 0xc0000374
错误偏移量: 0x00000000000ea539
错误进程 ID: 0x1fbc
错误应用程序启动时间: 0xSearchIndexer.exe0
错误应用程序路径: SearchIndexer.exe1
错误模块路径: SearchIndexer.exe2
报告 ID: SearchIndexer.exe3
错误程序包全名: SearchIndexer.exe4
错误程序包相对应用程序 ID: SearchIndexer.exe5
 
Error: (07/03/2016 12:16:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: 程序 avscan.exe 版本 15.0.17.264 停止与 Windows 交互并关闭。要查看是否有关于该问题的详细信息,请检查操作中心控制面板中的问题历史记录。
 
进程 ID: 1eb8
 
开始时间: 01d1d4d0a8e056d8
 
终止时间: 18155
 
应用程序路径: C:\program files (x86)\avira\antivirus\avscan.exe
 
报告 ID: 10faed5a-40c4-11e6-bf34-08606e115f3a
 
错误程序包全名: 
 
错误程序包相对应用程序 ID:
 
Error: (07/03/2016 12:04:50 PM) (Source: Avira File Signature Verification) (EventID: 0) (User: )
Description: WinVerifyTrust failed with error code 2148098064 (last error: -2146869232) for file C:\ProgramData\Avira\Launcher\Temp\avira_antivirus_en-us.exe, size=222838584, md5=5eeb722ccb4da29437dafc0245a77cab
 
Error: (07/03/2016 07:16:53 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search 服务已停止,因为索引器有问题: The catalog is corrupt。
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/03/2016 07:16:53 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 搜索服务已在索引{id=4811 - enduser\mssearch2\search\search\common\include\jetwrap.hxx (877)}中检测到损坏的数据文件。该服务将尝试通过重建索引来自动更正此问题。
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (07/03/2016 07:16:49 AM) (Source: ESENT) (EventID: 474) (User: )
Description: SearchIndexer (4852) Windows: 由于页面校验和不匹配,从文件“C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb”中偏移量 51412992 (0x0000000003108000) (数据库第 SearchIndexer0 页)读取的 32768 (0x00008000) 字节的数据库页面验证失败。存储的校验和是 [0000000000560000:0000007d62b9d011:0000000000560000:0000007d62b9f011],而计算的校验和是 [00000620cf875c8f:0000000000000000:0000000000000000:0000000000000000]。读取操作将失败,出现错误 -1018 (0xfffffc06)。如果此情况持续存在,请从以前的备份中还原数据库。此问题可能是因硬件故障引起的。请与硬件供应商联系,寻求进一步的问题诊断帮助。
 
Error: (07/03/2016 06:53:54 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostex (4412) WebCacheLocal: 由于系统错误 32 (0x00000020):“另一个程序正在使用此文件,进程无法访问。 ”,打开文件“C:\Users\A\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat”进行读/写访问的尝试失败。打开文件操作将失败,并出现错误 -1032 (0xfffffbf8)。
 
Error: (07/03/2016 06:53:43 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostex (4412) WebCacheLocal: 由于系统错误 32 (0x00000020):“另一个程序正在使用此文件,进程无法访问。 ”,打开文件“C:\Users\A\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat”进行读/写访问的尝试失败。打开文件操作将失败,并出现错误 -1032 (0xfffffbf8)。
 
Error: (07/02/2016 12:30:22 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
 
System errors:
=============
Error: (07/03/2016 02:51:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search 服务意外地终止,这种情况已经出现了 1 次。以下的修正操作将在 30000 毫秒内运行: Restart the service。
 
Error: (07/03/2016 12:19:36 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HI)
Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes' Anti-Malware (portable)\S-1-5-21-2954409459-184384724-1730954954-1004-1-ntuser.dat
 
Error: (07/03/2016 12:19:03 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HI)
Description: 0x8000002a117\??\C:\ProgramData\Malwarebytes' Anti-Malware (portable)\S-1-5-21-2954409459-184384724-1730954954-1004-0-UsrClass.dat
 
Error: (07/03/2016 12:19:03 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: HI)
Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes' Anti-Malware (portable)\S-1-5-21-2954409459-184384724-1730954954-1004-0-ntuser.dat
 
Error: (07/03/2016 07:50:40 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: 在卷 C: 上的文件系统结构中发现了损坏。
 
A corruption was found in a file system index structure.  The file reference number is 0x200000014c204.  The name of the file is "\Windows\assembly\NativeImages_v4.0.30319_64\System.Compba577418#\214e418d0d73d4b4e54e72667fa7e57a".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (07/03/2016 07:49:20 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: OS\Device\HarddiskVolumeShadowCopy132
 
Error: (07/03/2016 07:47:24 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: 在卷 C: 上的文件系统结构中发现了损坏。
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (07/03/2016 07:27:38 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: C:\Device\HarddiskVolume42
 
Error: (07/03/2016 07:20:46 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: 在卷 C: 上的文件系统结构中发现了损坏。
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (07/03/2016 06:52:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: 由于下列错误,vcs 服务启动失败: 
%%577 = Windows 无法验证此文件的数字签名。某软件或硬件最近有所更改,可能安装了签名错误或损毁的文件,或者安装的文件可能是来路不明的恶意软件。
 
 
 
CodeIntegrity:
===================================
  Date: 2016-07-03 06:52:10.868
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-03 02:42:40.056
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-03 01:27:20.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-03 01:03:45.050
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-03 00:35:13.014
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-02 12:46:53.183
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-02 12:22:46.881
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-01 23:14:37.686
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-01 22:50:48.397
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-07-01 04:14:45.318
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Avnex\vcs64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 8077.48 MB
Available physical RAM: 4286.11 MB
Total Virtual: 16269.48 MB
Available Virtual: 11074.54 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:112.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:537.6 GB) (Free:517.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A3362226)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:25 AM

Posted 06 July 2016 - 10:06 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.


  Can you please run FRST again and post the new FRST.txt along with what problems you are experiencing.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:25 AM

Posted 11 July 2016 - 04:11 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users