Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some unknown program is trying to change my homepage & some pop-up ads


  • This topic is locked This topic is locked
27 replies to this topic

#1 shinn

shinn

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 02 December 2016 - 10:11 AM

Hi, there is an unknown program seemingly trying to change my home page in the Internet Explorer to http:///. and there are signs of funny ads popping out. 

 

Appreciate any assistance. Thank you.

 

******

 

My FRST.txt log is below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
Ran by anime (administrator) on DESKTOP-E1SJRSE (02-12-2016 22:57:58)
Running from C:\Users\anime\Downloads
Loaded Profiles: anime (Available Profiles: anime)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TODO: <公司名>) C:\Program Files (x86)\YouKu\tudouClient\WebServeTD.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe
(Trend Media Corporation Limited) C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe
(youku.com) C:\Users\anime\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\QYAppPlugin\mobileassistantplugin\AndroidService.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-10] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3885616 2015-07-24] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [602032 2015-08-07] (Waves Audio Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-02] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YoukuMediaCenter] => C:\Users\anime\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [3141200 2016-04-22] (youku.com)
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [BaiduYunGuanjia] => C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\baidunetdisk.exe [7674912 2016-11-10] ()
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [BaiduYunDetect] => C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe [1051680 2016-11-11] ()
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [FlashGet 3] => C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe [3377256 2013-04-18] (Trend Media Corporation Limited)
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [YoukuMediaCenter] => C:\Users\anime\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [3141200 2016-04-22] (youku.com)
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [HCDNClient] => C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\QyKernel.exe [582728 2016-05-17] (iQIYI.COM)
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe [109888 2016-09-12] (Tencent)
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [GoogleChromeAutoLaunch_591B146E795C8658F43234B02EB0B2AA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [921192 2016-11-09] (Google Inc.)
ShellIconOverlayIdentifiers: [   Report64] -> {C7D0BD5D-B11A-47DB-BB14-7F930B3F7705} => C:\Users\anime\AppData\Roaming\ytmediacenter\X64\report64.dll [2015-10-10] (Youku.com)
ShellIconOverlayIdentifiers: [   YoukuModShlExt64] -> {314711D6-6B45-4AF7-83D8-DCD8537FD241} => C:\Users\anime\AppData\Roaming\ytmediacenter\X64\coreplay64.dll [2015-12-08] (Youku.com)
ShellIconOverlayIdentifiers-x32: [   Report] -> {32C50D96-7A9E-4F3E-8763-F74D86AFEDC2} => C:\Users\anime\AppData\Roaming\ytmediacenter\report.dll [2015-10-10] (Youku.com)
ShellIconOverlayIdentifiers-x32: [   YoukuModShlExt] -> {9071723E-9F41-4A8C-9CC2-EB6F94BA9B9E} => C:\Users\anime\AppData\Roaming\ytmediacenter\coreplay.dll [2015-12-08] (Youku.com)
Startup: C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\爱奇艺PPS.lnk [2016-07-25]
ShortcutTarget: 爱奇艺PPS.lnk -> C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\QyClient.exe (爱奇艺)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a6f2dd61-ae87-4794-8757-31bbe61daac0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f7fcef74-d059-411e-853d-7cb90b398733}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-237224756-2638106951-3263937477-1001 -> DefaultScope {4FAEC076-D28A-4595-AA05-9C112B544941} URL = 
SearchScopes: HKU\S-1-5-21-237224756-2638106951-3263937477-1001 -> {4FAEC076-D28A-4595-AA05-9C112B544941} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-15] (Microsoft Corporation)
BHO: YoukuEyeOnIE64 Class -> {509DC5B8-F673-4102-B86E-5BF20BF4EE54} -> C:\Users\anime\AppData\Roaming\ytmediacenter\X64\ykcool64.dll [2015-12-25] (Youku.com)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-11-15] (Microsoft Corporation)
BHO-x32: YoukuEyeOnIE Class -> {7DC4B5B6-C122-44C4-825C-B310513A47CB} -> C:\Users\anime\AppData\Roaming\ytmediacenter\ykcool.dll [2015-12-25] (Youku.com)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\anime\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-11-01] (Trend Media Group)
BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll [2014-07-15] (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\anime\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2016-09-16] (Tencent)
BHO-x32: °®ÆæÒÕÖúÊÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\Accelerator\IEHelper.dll [2016-05-17] (爱奇艺)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-10-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\npclient.dll [2016-05-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2016-11-11] (Baidu.com, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\npclient.dll [2016-05-17] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2016-09-12] (Tencent)
FF Plugin-x32: @qq.com/QQlive -> C:\Program Files (x86)\Tencent\QQLive\9.14.1503.0\npQQLive.dll [2016-07-15] (Tencent)
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2016-02-26] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.4.3\Bin\npSSOAxCtrlForPTLogin.dll [2016-05-05] (Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-237224756-2638106951-3263937477-1001: @1.qq.com/npqqwebgame -> C:\Users\anime\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.3\npqqwebgame.dll [2015-10-20] ( )
FF Plugin HKU\S-1-5-21-237224756-2638106951-3263937477-1001: youku.com/YoukuAgent -> C:\Users\anime\AppData\Roaming\ytmediacenter\npYoukuAgent.dll [2015-12-09] (Youku)
FF Plugin HKU\S-1-5-21-237224756-2638106951-3263937477-1001: youku.com/YoukuAgent_x86_64 -> C:\Users\anime\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll [2015-12-09] (Youku)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://hao.360.cn/?src=lm&ls=n580357bf91"
CHR Profile: C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default [2016-12-02]
CHR Extension: (Google Slides) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-13]
CHR Extension: (Google Docs) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-13]
CHR Extension: (Google Drive) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-13]
CHR Extension: (YouTube) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-16]
CHR Extension: (Google Sheets) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-13]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-11-19]
CHR Extension: (Pinterest Save Button) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Tumblr Savior) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2016-08-30]
CHR Extension: (Gmail) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-20] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Bonjour Service; C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\mDNSResponder.exe [420424 2016-06-28] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-10-30] (Microsoft Corporation)
S2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [438416 2016-05-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [363664 2016-05-12] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [166152 2016-10-03] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
S2 QiyiService; C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\QiyiService.exe [416328 2016-06-28] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.)
R2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [115520 2016-09-28] (Tencent)
S2 QQLiveService; C:\Program Files (x86)\Tencent\QQLive\9.14.1503.0\LiveService.dll [35944 2016-07-15] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-22] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-10] (Synaptics Incorporated)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [564144 2015-07-08] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WebServeTD; C:\Program Files (x86)\YouKu\tudouClient\WebServeTD.exe [353840 2015-11-20] (TODO: <公司名>)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [4043544 2015-07-17] (Intel Corporation)
S3 QDAntiDrv; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QDAntiDrv64.sys [57464 2016-06-27] (Tencent)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-09-01] (Realtek                                            )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-28] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [48296 2015-07-10] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-02 22:57 - 2016-12-02 22:59 - 00026676 _____ C:\Users\anime\Downloads\FRST.txt
2016-12-02 22:57 - 2016-12-02 22:57 - 02411520 _____ (Farbar) C:\Users\anime\Downloads\FRST64.exe
2016-12-02 22:57 - 2016-12-02 22:57 - 00000000 ____D C:\FRST
2016-12-02 22:50 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\超霸传奇
2016-12-02 22:50 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\legendGame
2016-12-02 22:50 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\37游戏
2016-12-02 22:50 - 2016-12-02 22:50 - 00000000 ____D C:\Program Files (x86)\legendGame
2016-12-02 22:45 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\soft
2016-12-02 22:45 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\data
2016-12-02 22:45 - 2016-12-02 22:45 - 00001217 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\网址导航.lnk
2016-12-02 22:45 - 2016-12-02 22:45 - 00001211 ____R C:\ProgramData\Microsoft\Windows\Start Menu\网址导航.lnk
2016-12-02 22:45 - 2016-12-02 22:45 - 00001191 _____ C:\网址导航.lnk
2016-12-02 22:45 - 2016-12-02 22:45 - 00000144 _____ C:\网址导航.url
2016-12-02 22:13 - 2016-12-02 22:48 - 606937943 _____ C:\Users\anime\Downloads\老九门 南派三叔cut版 第36集.mp4.baiduyun.p.downloading
2016-12-02 22:12 - 2016-12-02 22:12 - 00000000 ___HD C:\OneDriveTemp
2016-12-01 23:07 - 2016-12-02 22:48 - 611609136 _____ C:\Users\anime\Downloads\老九门 南派三叔cut版 第35集.mp4.baiduyun.p.downloading
2016-12-01 23:06 - 2016-12-02 22:48 - 706203376 _____ C:\Users\anime\Downloads\老九门 南派三叔cut版 第34集.mp4.baiduyun.p.downloading
2016-12-01 21:23 - 2016-12-01 23:08 - 612501783 _____ C:\Users\anime\Downloads\老九门 南派三叔cut版 第33集.mp4
2016-11-30 22:38 - 2016-11-30 23:01 - 726355902 _____ C:\Users\anime\Downloads\老九门 南派三叔cut版 第32集.mp4
2016-11-30 22:31 - 2016-11-30 22:31 - 00021464 _____ C:\Users\anime\Downloads\agents-of-shield-fourth-season_HI_english-1455163.zip
2016-11-27 13:19 - 2016-11-27 13:20 - 530695630 _____ C:\Users\anime\Downloads\[Ajin2.com] Ajin Season 2 Episode 8 [720p] [Subbed].mkv
2016-11-22 23:33 - 2016-11-29 00:21 - 00000000 ____D C:\Users\anime\Downloads\CX Votes
2016-11-22 23:17 - 2016-11-26 21:22 - 00000000 ____D C:\Users\anime\Downloads\老九门.全集..EP01-48.2016.HD720P.X264.AAC.Mandarin.CHS.Mp4Ba
2016-11-22 23:17 - 2016-11-22 23:17 - 00185993 _____ C:\Users\anime\Downloads\[BtTang.com]老九门.全集..EP01-48.2016.HD720P.X264.AAC.Mandarin.CHS.Mp4Ba.torrent
2016-11-20 23:08 - 2016-11-20 23:08 - 00243084 _____ C:\Users\anime\Downloads\estatement_20161101_4524198801691891_SGD.pdf
2016-11-20 21:04 - 2016-11-20 21:06 - 590127475 _____ C:\Users\anime\Downloads\[Ajin2.com] Ajin Season 2 Episode 7 [720p] [Subbed].mkv
2016-11-14 21:31 - 2016-11-16 00:38 - 54267947 _____ C:\Users\anime\Downloads\爱剪辑-珍惜.mp4
2016-11-13 22:35 - 2016-11-14 00:57 - 58596181 _____ C:\Users\anime\Downloads\爱剪辑-手掌心.mp4
2016-11-13 15:44 - 2016-11-13 15:44 - 00001113 _____ C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2016-11-13 15:44 - 2016-11-13 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-11-13 15:43 - 2016-11-13 15:43 - 00000000 ____D C:\ProgramData\Sony
2016-11-13 15:43 - 2016-11-13 15:43 - 00000000 ____D C:\Program Files (x86)\Sony
2016-11-13 15:36 - 2016-11-16 00:46 - 00024845 _____ C:\Users\anime\Downloads\pastlife.mep
2016-11-11 23:25 - 2016-11-11 23:25 - 00001435 _____ C:\Users\Public\Desktop\Free Dailymotion Download.lnk
2016-11-11 21:10 - 2016-11-11 21:10 - 00001069 _____ C:\Users\anime\Desktop\百度网盘.lnk
2016-11-11 21:10 - 2016-11-11 21:10 - 00000000 ____D C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度网盘
2016-11-10 22:51 - 2016-11-02 19:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 22:51 - 2016-11-02 19:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 22:51 - 2016-11-02 19:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 22:51 - 2016-11-02 19:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 22:51 - 2016-11-02 19:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 22:51 - 2016-11-02 19:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 22:51 - 2016-11-02 19:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 22:51 - 2016-11-02 19:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 22:51 - 2016-11-02 19:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 22:51 - 2016-11-02 19:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 22:51 - 2016-11-02 19:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 22:51 - 2016-11-02 19:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 22:51 - 2016-11-02 19:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 22:51 - 2016-11-02 19:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 22:51 - 2016-11-02 18:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 22:51 - 2016-11-02 18:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 22:51 - 2016-11-02 18:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 22:51 - 2016-11-02 18:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 22:51 - 2016-11-02 18:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 22:51 - 2016-11-02 18:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 22:51 - 2016-11-02 18:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 22:51 - 2016-11-02 18:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 22:51 - 2016-11-02 18:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 22:51 - 2016-11-02 18:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 22:51 - 2016-11-02 18:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 22:51 - 2016-11-02 18:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 22:51 - 2016-11-02 18:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 22:51 - 2016-11-02 18:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 22:51 - 2016-11-02 18:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 22:51 - 2016-11-02 18:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 22:51 - 2016-11-02 18:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 22:51 - 2016-11-02 18:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 22:51 - 2016-11-02 18:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 22:51 - 2016-11-02 18:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 22:51 - 2016-11-02 18:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 22:51 - 2016-11-02 18:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 22:51 - 2016-11-02 18:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 22:51 - 2016-11-02 18:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 22:51 - 2016-11-02 18:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 22:51 - 2016-11-02 18:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 22:51 - 2016-11-02 18:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 22:51 - 2016-11-02 18:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 22:51 - 2016-11-02 18:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 22:51 - 2016-11-02 18:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 22:51 - 2016-11-02 18:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 22:51 - 2016-11-02 18:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 22:51 - 2016-11-02 18:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 22:51 - 2016-11-02 18:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 22:51 - 2016-11-02 18:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 22:51 - 2016-11-02 18:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 22:51 - 2016-11-02 18:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 22:51 - 2016-11-02 18:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 22:51 - 2016-11-02 18:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 22:51 - 2016-11-02 18:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 22:51 - 2016-11-02 18:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 22:51 - 2016-11-02 18:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 22:51 - 2016-11-02 18:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 22:51 - 2016-11-02 18:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 22:51 - 2016-11-02 18:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 22:51 - 2016-11-02 18:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 22:51 - 2016-08-02 12:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-10 22:50 - 2016-11-02 20:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 22:50 - 2016-11-02 20:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 22:50 - 2016-11-02 19:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 22:50 - 2016-11-02 19:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 22:50 - 2016-11-02 19:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 22:50 - 2016-11-02 19:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 22:50 - 2016-11-02 19:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 22:50 - 2016-11-02 19:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 22:50 - 2016-11-02 19:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 22:50 - 2016-11-02 18:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 22:50 - 2016-11-02 18:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 22:50 - 2016-11-02 18:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 22:50 - 2016-11-02 18:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 22:50 - 2016-11-02 18:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 22:50 - 2016-11-02 18:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 22:50 - 2016-11-02 18:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 22:50 - 2016-11-02 18:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 22:50 - 2016-11-02 18:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 22:50 - 2016-11-02 18:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 22:50 - 2016-11-02 18:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 22:50 - 2016-11-02 18:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 22:50 - 2016-11-02 18:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 22:50 - 2016-11-02 18:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 22:50 - 2016-11-02 18:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 22:50 - 2016-11-02 18:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 22:50 - 2016-11-02 18:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 22:50 - 2016-11-02 18:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 22:50 - 2016-11-02 17:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 22:50 - 2016-11-02 17:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 22:44 - 2016-11-02 19:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-10 22:44 - 2016-11-02 19:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-10 22:44 - 2016-11-02 19:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-10 22:44 - 2016-11-02 18:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-10 22:44 - 2016-11-02 18:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-10 22:44 - 2016-11-02 18:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-10 22:44 - 2016-11-02 18:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-10 22:44 - 2016-11-02 18:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-10 22:44 - 2016-11-02 18:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-10 22:44 - 2016-11-02 18:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-10 22:44 - 2016-11-02 18:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-10 22:44 - 2016-11-02 18:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-10 22:44 - 2016-11-02 18:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-10 22:44 - 2016-11-02 18:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-10 22:44 - 2016-11-02 18:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-10 22:44 - 2016-11-02 18:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-10 22:44 - 2016-11-02 18:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-10 22:44 - 2016-11-02 18:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-10 22:44 - 2016-11-02 18:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-10 22:44 - 2016-11-02 18:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-10 22:44 - 2016-11-02 18:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-10 22:44 - 2016-11-02 18:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-10 22:44 - 2016-11-02 18:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-10 22:44 - 2016-11-02 18:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-10 22:44 - 2016-11-02 18:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-10 22:44 - 2016-11-02 18:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-10 22:44 - 2016-11-02 18:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-10 22:44 - 2016-11-02 18:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-10 22:44 - 2016-11-02 18:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-10 22:44 - 2016-11-02 18:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-10 22:44 - 2016-11-02 18:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-10 22:44 - 2016-11-02 18:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-10 22:44 - 2016-11-02 18:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-10 22:44 - 2016-11-02 18:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-10 22:44 - 2016-11-02 18:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-10 22:44 - 2016-11-02 18:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-10 22:44 - 2016-11-02 18:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-10 22:44 - 2016-11-02 18:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-10 22:44 - 2016-11-02 18:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-10 22:44 - 2016-11-02 16:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-10 22:43 - 2016-11-02 19:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-10 22:43 - 2016-11-02 19:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-10 22:43 - 2016-11-02 19:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-10 22:43 - 2016-11-02 19:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-10 22:43 - 2016-11-02 19:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-10 22:43 - 2016-11-02 19:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-10 22:43 - 2016-11-02 19:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-10 22:43 - 2016-11-02 19:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-10 22:43 - 2016-11-02 19:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-10 22:43 - 2016-11-02 19:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-10 22:43 - 2016-11-02 19:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-10 22:43 - 2016-11-02 19:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-10 22:43 - 2016-11-02 19:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-10 22:43 - 2016-11-02 19:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-10 22:43 - 2016-11-02 19:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-10 22:43 - 2016-11-02 18:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-10 22:43 - 2016-11-02 18:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-10 22:43 - 2016-11-02 18:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-10 22:43 - 2016-11-02 18:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-10 22:43 - 2016-11-02 18:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-10 22:43 - 2016-11-02 18:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-10 22:43 - 2016-11-02 18:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-10 22:43 - 2016-11-02 18:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-10 22:43 - 2016-11-02 18:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-10 22:43 - 2016-11-02 18:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-10 22:43 - 2016-11-02 18:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-10 22:43 - 2016-11-02 18:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-10 22:43 - 2016-11-02 18:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-10 22:43 - 2016-11-02 18:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-10 22:43 - 2016-11-02 18:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-10 22:43 - 2016-11-02 18:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-10 22:43 - 2016-11-02 18:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-10 22:43 - 2016-11-02 18:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-10 22:43 - 2016-11-02 18:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-10 22:43 - 2016-11-02 18:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-10 22:43 - 2016-11-02 18:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-10 22:43 - 2016-11-02 18:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-10 22:43 - 2016-11-02 18:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-10 22:43 - 2016-11-02 18:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-10 22:43 - 2016-11-02 18:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-10 22:43 - 2016-11-02 18:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-10 22:43 - 2016-11-02 18:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-10 22:43 - 2016-11-02 18:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-10 22:43 - 2016-11-02 18:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-10 22:43 - 2016-11-02 18:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-10 22:43 - 2016-11-02 18:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-10 22:43 - 2016-11-02 18:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-10 22:43 - 2016-11-02 18:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-10 22:43 - 2016-11-02 18:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-10 22:43 - 2016-11-02 18:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-10 22:43 - 2016-11-02 18:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-10 22:43 - 2016-11-02 18:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-10 22:43 - 2016-11-02 18:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-10 22:43 - 2016-11-02 18:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-10 22:43 - 2016-11-02 18:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-10 22:43 - 2016-11-02 18:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-10 22:43 - 2016-11-02 18:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-10 22:43 - 2016-11-02 18:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-10 22:43 - 2016-11-02 18:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-10 22:43 - 2016-11-02 18:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-10 22:43 - 2016-11-02 18:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-10 22:43 - 2016-11-02 18:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-10 22:42 - 2016-11-02 19:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-10 22:42 - 2016-11-02 19:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-10 22:42 - 2016-11-02 19:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-10 22:42 - 2016-11-02 19:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-10 22:42 - 2016-11-02 19:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-10 22:42 - 2016-11-02 19:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-10 22:42 - 2016-11-02 19:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-10 22:42 - 2016-11-02 19:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-10 22:42 - 2016-11-02 19:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-10 22:42 - 2016-11-02 18:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-10 22:42 - 2016-11-02 18:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-10 22:42 - 2016-11-02 18:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-10 22:42 - 2016-11-02 18:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-10 22:42 - 2016-11-02 18:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-10 22:42 - 2016-11-02 18:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-10 22:42 - 2016-11-02 18:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-10 22:42 - 2016-11-02 18:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-10 22:42 - 2016-11-02 18:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-10 22:42 - 2016-11-02 18:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-10 22:42 - 2016-11-02 18:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-10 22:42 - 2016-11-02 18:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-10 22:42 - 2016-11-02 18:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-10 22:42 - 2016-11-02 18:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-10 22:42 - 2016-11-02 18:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-10 22:42 - 2016-11-02 18:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-10 22:42 - 2016-11-02 18:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-10 22:42 - 2016-11-02 18:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-10 22:42 - 2016-11-02 18:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-10 22:42 - 2016-11-02 18:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-10 22:05 - 2016-11-10 22:05 - 00000000 ____D C:\Program Files\McAfee
2016-11-10 19:13 - 2016-11-10 19:13 - 00000000 ____D C:\WINDOWS\Panther
2016-11-06 14:39 - 2016-11-06 14:39 - 00001339 _____ C:\Users\Public\Desktop\Free Video Editor.lnk
2016-11-06 14:36 - 2016-12-02 22:53 - 00000000 ____D C:\360极速浏览器下载
2016-11-06 13:46 - 2016-11-06 14:11 - 162766927 _____ C:\Users\anime\Downloads\典狱司.wmv
2016-11-03 23:13 - 2016-11-03 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-11-03 21:10 - 2016-11-03 21:10 - 00076168 _____ (Tencent) C:\Users\anime\AppData\Roaming\S2Q4mOvF.xml
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-02 22:50 - 2016-04-06 00:24 - 00000000 ____D C:\Program Files\Unlocker
2016-12-02 22:49 - 2016-08-28 01:57 - 00000000 ____D C:\Users\anime\Downloads\Locale.Emulator.2.2.1.0
2016-12-02 22:48 - 2016-04-10 17:58 - 00000000 ____D C:\Users\anime\AppData\Roaming\BaiduYunKongMing
2016-12-02 22:45 - 2016-07-18 23:05 - 00000000 ____D C:\ProgramData\TENCENT
2016-12-02 22:14 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-02 22:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-02 22:13 - 2016-07-25 22:22 - 00000000 ____D C:\qycache
2016-12-02 22:12 - 2016-09-12 21:18 - 00000000 ____D C:\Users\anime\OneDrive\Documents\Tencent Files
2016-12-02 22:12 - 2016-03-13 23:17 - 00000000 ___RD C:\Users\anime\OneDrive
2016-12-02 22:11 - 2016-10-01 17:25 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-02 22:11 - 2016-03-13 23:13 - 00000000 __SHD C:\Users\anime\IntelGraphicsProfiles
2016-12-02 22:10 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-02 00:18 - 2016-03-13 23:13 - 00000000 ____D C:\Users\anime\AppData\Local\Packages
2016-12-01 23:05 - 2016-10-22 16:26 - 00000000 ____D C:\Users\anime\Downloads\MobileFile
2016-12-01 22:16 - 2016-10-01 17:30 - 00000000 ____D C:\Users\anime
2016-12-01 22:00 - 2016-03-13 23:58 - 00000000 ____D C:\Users\anime\AppData\Roaming\vlc
2016-12-01 21:59 - 2016-10-01 17:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-01 21:13 - 2016-07-10 22:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-01 21:12 - 2016-10-01 17:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-01 00:48 - 2016-07-16 14:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-11-30 22:23 - 2016-03-28 23:05 - 00000000 ____D C:\Users\anime\AppData\Roaming\qBittorrent
2016-11-30 22:07 - 2016-07-18 23:05 - 00000000 ____D C:\Users\anime\AppData\Roaming\Tencent
2016-11-24 23:49 - 2016-04-14 21:33 - 00000000 ____D C:\Users\anime\AppData\Roaming\DVDVideoSoft
2016-11-24 21:48 - 2016-11-01 22:17 - 00001251 _____ C:\Users\anime\Desktop\bilibili投稿工具.lnk
2016-11-23 22:14 - 2016-06-22 13:49 - 00000000 ____D C:\Users\anime\AppData\Roaming\BITS
2016-11-22 21:31 - 2016-11-01 22:19 - 00000000 ____D C:\Users\anime\AppData\Local\Biliugc
2016-11-20 21:00 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-20 20:46 - 2016-10-17 01:17 - 00000000 ____D C:\Users\anime\AppData\Local\ElevatedDiagnostics
2016-11-20 02:28 - 2016-07-04 14:49 - 00000000 ____D C:\Users\anime\Downloads\movie
2016-11-16 00:46 - 2016-08-28 01:53 - 00000000 ___HD C:\ProgramData\winmedll
2016-11-15 21:36 - 2016-07-16 19:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-15 21:35 - 2015-10-30 10:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-15 21:00 - 2016-03-13 23:30 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 21:00 - 2016-03-13 23:30 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 20:36 - 2016-10-01 17:20 - 00394680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-14 20:36 - 2015-10-30 10:18 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-14 20:36 - 2015-10-30 10:18 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-13 23:27 - 2016-07-31 18:54 - 00000000 ____D C:\FFOutput
2016-11-13 19:23 - 2016-10-01 17:54 - 00003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-13 19:23 - 2016-10-01 17:54 - 00003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-13 15:43 - 2016-09-23 17:16 - 00000000 ____D C:\Users\anime\AppData\Local\Sony
2016-11-13 15:43 - 2016-09-23 17:15 - 00000000 ____D C:\Users\anime\AppData\Roaming\Sony
2016-11-12 23:06 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-12 11:32 - 2015-10-30 10:17 - 01162366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-12 11:28 - 2015-10-30 10:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-12 02:15 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-12 01:40 - 2016-07-10 22:38 - 00000000 ____D C:\Users\anime\Downloads\software
2016-11-11 23:25 - 2016-04-14 21:34 - 00001410 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2016-11-11 23:25 - 2016-04-14 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2016-11-11 23:25 - 2016-04-14 21:34 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2016-11-11 21:27 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-10 22:25 - 2016-03-14 16:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-10 22:21 - 2016-03-14 16:33 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 00:01 - 2016-10-01 17:54 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-06 22:25 - 2016-11-01 01:37 - 99785800 _____ C:\Users\anime\Downloads\爱剪辑-月华沉梦.mp4
2016-11-05 23:55 - 2016-03-25 21:58 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-04 21:46 - 2016-07-25 22:23 - 00002455 _____ C:\Users\anime\Desktop\爱奇艺轮播台.lnk
2016-11-03 23:13 - 2016-03-28 23:05 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-11-02 22:03 - 2016-03-13 23:22 - 00000000 ____D C:\Users\anime\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2016-09-27 16:01 - 2016-09-27 16:01 - 0137160 _____ () C:\Users\anime\AppData\Roaming\moter.exe
2016-11-03 21:10 - 2016-11-03 21:10 - 0076168 _____ (Tencent) C:\Users\anime\AppData\Roaming\S2Q4mOvF.xml
2016-09-12 21:17 - 2016-09-12 21:17 - 0637248 _____ () C:\Users\anime\AppData\Roaming\TXQBINSTX.DLL
2016-10-27 18:10 - 2016-10-27 18:10 - 0076168 _____ (Tencent) C:\Users\anime\AppData\Roaming\z99kP8.dat
2016-07-10 22:44 - 2016-07-10 22:45 - 0000032 _____ () C:\Users\anime\AppData\Local\temp.tmp
2016-10-01 17:25 - 2016-10-01 17:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-10 22:44 - 2016-11-10 22:44 - 0076168 _____ (Tencent) C:\ProgramData\VDi4U.log
 
Some files in TEMP:
====================
C:\Users\anime\AppData\Local\Temp\360ini.dll
C:\Users\anime\AppData\Local\Temp\dr.dll
C:\Users\anime\AppData\Local\Temp\masauto_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\masblog_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\masflag_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\QYAgent_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\un.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-25 23:44
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:58 AM

Posted 05 December 2016 - 12:01 PM

Hi shinn

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.
6. Please follow steps in the correct order.

---

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, Bittorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware and system problems to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Are these really necessary?

360极速浏览器 (HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\360Chrome) (Version: 8.7.0.206 - 360安全中心)
优酷加速组件 (HKLM-x32\...\YoukuClient) (Version: 6.8.8.4225 - youkutudou, Inc.)
爱剪辑 正式版 V2.9 Build 1600 (HKLM-x32\...\爱剪辑_is1) (Version: - 爱剪辑)
爱奇艺PPS (HKLM-x32\...\PPStream) (Version: 5.3.21.2675 - 爱奇艺)
爱奇艺万能播放器 (HKLM-x32\...\GeePlayer) (Version: 2.3.25.2401 - 爱奇艺) <==== ATTENTION
百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.1 - 百度在线网络技术(北京)有限公司)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.6.18804.0 - 腾讯科技(深圳)有限公司)
腾讯视频 (HKLM-x32\...\qqlive) (Version: 9.14.1503.0 - 腾讯科技(深圳)有限公司)
超霸传奇 (HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\超霸传奇) (Version: - )

Quite a few are coming up as bad in my searches.
Even FRST flags one of them as bad.



Step 1
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner.txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
Please download RogueKiller Anti-malware (Free) onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on RogueKiller Anti-malware to install the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Select Accept the User Agreement then continue to click Next then finally click Install
  • Click Finish
    .
  • When the program opens..... click Scan

    rk1_zpsn7bfbew7.png
  • Click Start Scan

    rk2_zpszu8aygv0.png

    rk4_zpsj0fwsy1w.png
  • Double check anything found and tick to select items to be removed

    rk3_zps0k0uqbtb.png
  • Click Remove Selected
  • When the items have been removed.... Click Open Report >> Open TXT.
  • Copy and paste that report into your next reply.
Step 3
Let's get a fresh set of FRST reports now so we can see what is left.

Please re-run FRST.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
AdwCleaner reprt
RogueKiller report
new reports from FRST ( both of them )


Thanks.

Edited by Starbuck, 05 December 2016 - 12:02 PM.

BBPP6nz.png


#3 shinn

shinn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 07 December 2016 - 09:04 AM

Hi, regarding the below programs, I'm using those in green. The rest it's fine to remove.

360极速浏览器 (HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\360Chrome) (Version: 8.7.0.206 - 360安全中心)
优酷加速组件 (HKLM-x32\...\YoukuClient) (Version: 6.8.8.4225 - youkutudou, Inc.)
爱剪辑 正式版 V2.9 Build 1600 (HKLM-x32\...\爱剪辑_is1) (Version: - 爱剪辑)
爱奇艺PPS (HKLM-x32\...\PPStream) (Version: 5.3.21.2675 - 爱奇艺)
爱奇艺万能播放器 (HKLM-x32\...\GeePlayer) (Version: 2.3.25.2401 - 爱奇艺) <==== ATTENTION
百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.1 - 百度在线网络技术(北京)有限公司)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.6.18804.0 - 腾讯科技(深圳)有限公司)
腾讯视频 (HKLM-x32\...\qqlive) (Version: 9.14.1503.0 - 腾讯科技(深圳)有限公司)
超霸传奇 (HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\超霸传奇) (Version: - )

 

 

I had done the scans and below are the logs you mentioned. Please let me know what to do next:

 

1. AdwCleaner report

# AdwCleaner v6.040 - Logfile created 07/12/2016 at 01:05:50
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-05.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : anime - DESKTOP-E1SJRSE
# Running from : C:\Users\anime\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: QiyiService
[-] Service deleted: QPCore
[-] Service deleted: QDAntiDrv
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\985a401b-9d67-41ac-bf9a-f9a19bf5e1b3
[-] Folder deleted: C:\Users\anime\AppData\Local\Tencent
[-] Folder deleted: C:\Users\anime\AppData\LocalLow\Tencent
[-] Folder deleted: C:\Users\anime\AppData\Roaming\IQIYI Video
[-] Folder deleted: C:\Users\anime\AppData\Roaming\Tencent
[-] Folder deleted: C:\Users\anime\AppData\Roaming\YouKu
[-] Folder deleted: C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱奇艺
[-] Folder deleted: C:\Users\anime\AppData\Local\VirtualStore\Program Files (x86)\Tencent
[-] Folder deleted: C:\qycache
[-] Folder deleted: C:\Tencent
[-] Folder deleted: C:\ProgramData\Tencent
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Tencent
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
[-] Folder deleted: C:\Users\Public\Documents\Tencent
[#] Folder deleted on reboot: C:\Program Files (x86)\IQIYI Video
[-] Folder deleted: C:\Program Files (x86)\Tencent
[-] Folder deleted: C:\Program Files (x86)\YouKu
[-] Folder deleted: C:\Program Files (x86)\Common Files\Tencent
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Classes\Tencent
[#] Key deleted on reboot: HKCU\Software\Classes\Tencent
[-] Key deleted: HKLM\SOFTWARE\Classes\Baiduyunguanjia
[-] Key deleted: HKLM\SOFTWARE\Classes\BaiduYunGuanjia.torrent
[-] Key deleted: HKLM\SOFTWARE\Classes\GeePlayer.dir
[-] Key deleted: HKLM\SOFTWARE\Classes\HCDNProxy
[-] Key deleted: HKLM\SOFTWARE\Classes\LiveAPI.QQLiveAPIUser
[-] Key deleted: HKLM\SOFTWARE\Classes\LiveAPI.QQLiveAPIUser.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LiveOcx.QQLiveOcx
[-] Key deleted: HKLM\SOFTWARE\Classes\LiveOcx.QQLiveOcx.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LiveOcx.QQLiveOcxShell
[-] Key deleted: HKLM\SOFTWARE\Classes\LiveOcx.QQLiveOcxShell.1
[-] Key deleted: HKLM\SOFTWARE\Classes\metnsd
[-] Key deleted: HKLM\SOFTWARE\Classes\qqlive
[-] Key deleted: HKLM\SOFTWARE\Classes\QQLive.Application
[-] Key deleted: HKLM\SOFTWARE\Classes\QQLive.Application.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QQLive.qlv
[-] Key deleted: HKLM\SOFTWARE\Classes\QQLive.RecentItems
[-] Key deleted: HKLM\SOFTWARE\Classes\QQLive.RecentItems.1
[-] Key deleted: HKLM\SOFTWARE\Classes\QQLiveInstaller.InstallHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\QQLiveInstaller.InstallHelper.1
[-] Key deleted: HKLM\SOFTWARE\Classes\qygameclient
[-] Key deleted: HKLM\SOFTWARE\Classes\QYPlugin.QYPluginCtrl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Tencent
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Tencent
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Baiduyunguanjia
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\BaiduYunGuanjia.torrent
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\GeePlayer.dir
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\HCDNProxy
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LiveAPI.QQLiveAPIUser
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LiveAPI.QQLiveAPIUser.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LiveOcx.QQLiveOcx
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LiveOcx.QQLiveOcx.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LiveOcx.QQLiveOcxShell
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LiveOcx.QQLiveOcxShell.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\metnsd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qqlive
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQLive.Application
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQLive.Application.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQLive.qlv
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQLive.RecentItems
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQLive.RecentItems.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQLiveInstaller.InstallHelper
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QQLiveInstaller.InstallHelper.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\qygameclient
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QYPlugin.QYPluginCtrl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Tencent
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\360Chrome
[-] Key deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\PPStream
[-] Key deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\QiYi
[-] Key deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\QyGameClient
[-] Key deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\AppDataLow\Software\QiYi
[-] Key deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\360Chrome
[#] Key deleted on reboot: HKCU\Software\360Chrome
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\PPStream
[#] Key deleted on reboot: HKCU\Software\QiYi
[#] Key deleted on reboot: HKCU\Software\QyGameClient
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\QiYi
[-] Key deleted: HKLM\SOFTWARE\360Chrome
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\QiYi
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\360Chrome
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeePlayer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
[#] Key deleted on reboot: [x64] HKCU\Software\360Chrome
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\PPStream
[#] Key deleted on reboot: [x64] HKCU\Software\QiYi
[#] Key deleted on reboot: [x64] HKCU\Software\QyGameClient
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\QiYi
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\360Chrome
[-] Value deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Microsoft\Windows\CurrentVersion\Run [HCDNClient]
[-] Value deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [HCDNClient]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [HCDNClient]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [HCDNClient]
[-] Value deleted: HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Microsoft\Windows\CurrentVersion\Run [QQ2009]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [QQ2009]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [QQ2009]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\GEEPLAYER.EXE
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [QyClient.exe]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GeePlayer.exe
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
[#] Value deleted on reboot: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [QyClient.exe]
[#] Key deleted on reboot: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GeePlayer.exe
[#] Key deleted on reboot: HKLM\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE
[-] Key deleted: HKCU\Software\MozillaPlugins\@1.qq.com/npqqwebgame
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPhotoDrawEx
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/QzoneMusic
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: format-factory.en.softonic.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [11159 Bytes] - [07/12/2016 01:05:50]
C:\AdwCleaner\AdwCleaner[S0].txt - [10285 Bytes] - [07/12/2016 00:54:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [10434 Bytes] - [07/12/2016 00:55:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11381 Bytes] ##########


#4 shinn

shinn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 07 December 2016 - 09:10 AM

2. RogueKiller report

 

I can't seem to post the report here. I will attach the txt file as an attachment instead.

 

3. new reports from FRST ( both of them )

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016

Ran by anime (administrator) on DESKTOP-E1SJRSE (07-12-2016 21:22:09)
Running from C:\Users\anime\Downloads
Loaded Profiles: anime (Available Profiles: anime)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\baidunetdisk.exe
() C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe
(Trend Media Corporation Limited) C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe
(youku.com) C:\Users\anime\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.4.1.0_x86__wgeqdkkx372wm\Twitter.Windows.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-10] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3885616 2015-07-24] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [602032 2015-08-07] (Waves Audio Ltd.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-02] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YoukuMediaCenter] => C:\Users\anime\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [3141200 2016-04-22] (youku.com)
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [BaiduYunDetect] => C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe [1051680 2016-11-11] ()
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [FlashGet 3] => C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe [3377256 2013-04-18] (Trend Media Corporation Limited)
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [YoukuMediaCenter] => C:\Users\anime\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [3141200 2016-04-22] (youku.com)
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [GoogleChromeAutoLaunch_591B146E795C8658F43234B02EB0B2AA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [921192 2016-11-09] (Google Inc.)
ShellIconOverlayIdentifiers: [   Report64] -> {C7D0BD5D-B11A-47DB-BB14-7F930B3F7705} => C:\Users\anime\AppData\Roaming\ytmediacenter\X64\report64.dll [2015-10-10] (Youku.com)
ShellIconOverlayIdentifiers-x32: [   Report] -> {32C50D96-7A9E-4F3E-8763-F74D86AFEDC2} => C:\Users\anime\AppData\Roaming\ytmediacenter\report.dll [2015-10-10] (Youku.com)
ShellIconOverlayIdentifiers-x32: [   YoukuModShlExt] -> {9071723E-9F41-4A8C-9CC2-EB6F94BA9B9E} => C:\Users\anime\AppData\Roaming\ytmediacenter\coreplay.dll [2015-12-08] (Youku.com)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a6f2dd61-ae87-4794-8757-31bbe61daac0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f7fcef74-d059-411e-853d-7cb90b398733}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-237224756-2638106951-3263937477-1001 -> DefaultScope {4FAEC076-D28A-4595-AA05-9C112B544941} URL = 
SearchScopes: HKU\S-1-5-21-237224756-2638106951-3263937477-1001 -> {4FAEC076-D28A-4595-AA05-9C112B544941} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-15] (Microsoft Corporation)
BHO: YoukuEyeOnIE64 Class -> {509DC5B8-F673-4102-B86E-5BF20BF4EE54} -> C:\Users\anime\AppData\Roaming\ytmediacenter\X64\ykcool64.dll [2015-12-25] (Youku.com)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-11-15] (Microsoft Corporation)
BHO-x32: YoukuEyeOnIE Class -> {7DC4B5B6-C122-44C4-825C-B310513A47CB} -> C:\Users\anime\AppData\Roaming\ytmediacenter\ykcool.dll [2015-12-25] (Youku.com)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\anime\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-11-01] (Trend Media Group)
BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll => No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\anime\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll => No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-10-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\npclient.dll [No File]
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @qq.com/QQlive -> C:\Program Files (x86)\Tencent\QQLive\9.14.1503.0\npQQLive.dll [No File]
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [No File]
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-237224756-2638106951-3263937477-1001: youku.com/YoukuAgent -> C:\Users\anime\AppData\Roaming\ytmediacenter\npYoukuAgent.dll [2015-12-09] (Youku)
FF Plugin HKU\S-1-5-21-237224756-2638106951-3263937477-1001: youku.com/YoukuAgent_x86_64 -> C:\Users\anime\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll [2015-12-09] (Youku)
 
Chrome: 
=======
CHR Profile: C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default [2016-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-20] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Bonjour Service; C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\mDNSResponder.exe [420424 2016-06-28] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-10-30] (Microsoft Corporation)
S2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [438416 2016-05-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [363664 2016-05-12] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [166152 2016-10-03] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-22] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-10] (Synaptics Incorporated)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [564144 2015-07-08] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 QQLiveService; C:\Program Files (x86)\Tencent\QQLive\9.14.1503.0\LiveService.dll [X]
S2 WebServeTD; C:\Program Files (x86)\YouKu\tudouClient\WebServeTD.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [4043544 2015-07-17] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-09-01] (Realtek                                            )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-28] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [48296 2015-07-10] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-12-07] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-07 21:22 - 2016-12-07 21:22 - 00000000 ____D C:\Users\anime\Downloads\FRST-OlderVersion
2016-12-07 21:21 - 2016-12-07 21:21 - 00849084 _____ C:\Users\anime\Desktop\rk_25D0.tmp.txt
2016-12-07 20:02 - 2016-12-07 20:02 - 00000000 ___HD C:\OneDriveTemp
2016-12-07 01:12 - 2016-12-07 20:12 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-12-07 01:12 - 2016-12-07 01:12 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-07 01:12 - 2016-12-07 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-12-07 01:11 - 2016-12-07 01:12 - 00000000 ____D C:\ProgramData\RogueKiller
2016-12-07 01:11 - 2016-12-07 01:12 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-07 01:10 - 2016-12-07 01:10 - 00011592 _____ C:\Users\anime\Desktop\AdwCleaner[C0].txt
2016-12-07 01:09 - 2016-12-07 01:10 - 00000000 ____D C:\Users\anime\AppData\Roaming\youku
2016-12-07 00:54 - 2016-12-07 01:11 - 34190992 _____ (Adlice Software ) C:\Users\anime\Downloads\setup.exe
2016-12-07 00:52 - 2016-12-07 01:05 - 00000000 ____D C:\AdwCleaner
2016-12-07 00:51 - 2016-12-07 00:52 - 03968464 _____ C:\Users\anime\Downloads\AdwCleaner.exe
2016-12-06 00:08 - 2016-12-06 00:18 - 48312733 _____ C:\Users\anime\Downloads\白月光 00_00_00-00_04_21 [高质量和大小].mp4
2016-12-05 23:34 - 2016-12-05 23:35 - 61880531 _____ C:\Users\anime\Downloads\kodi-16.1-Jarvis-armeabi-v7a.apk
2016-12-05 22:15 - 2016-12-05 22:15 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-05 22:15 - 2016-12-05 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-05 22:14 - 2016-12-05 22:15 - 00000000 ____D C:\Program Files\iTunes
2016-12-05 22:14 - 2016-12-05 22:14 - 00000000 ____D C:\Program Files\iPod
2016-12-05 00:21 - 2016-12-05 00:39 - 441985598 _____ C:\Users\anime\Downloads\老九门 南派三叔cut版 第40集.mp4
2016-12-04 13:36 - 2016-12-04 13:38 - 498861478 _____ C:\Users\anime\Downloads\[Ajin2.com] Ajin Season 2 Episode 9 [720p] [Subbed].mkv
2016-12-02 23:00 - 2016-12-02 23:10 - 00042962 _____ C:\Users\anime\Downloads\Addition.txt
2016-12-02 22:57 - 2016-12-07 21:22 - 02420224 _____ (Farbar) C:\Users\anime\Downloads\FRST64.exe
2016-12-02 22:57 - 2016-12-07 21:22 - 00021547 _____ C:\Users\anime\Downloads\FRST.txt
2016-12-02 22:57 - 2016-12-07 21:22 - 00000000 ____D C:\FRST
2016-12-02 22:50 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\超霸传奇
2016-12-02 22:50 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\legendGame
2016-12-02 22:50 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\37游戏
2016-12-02 22:45 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\soft
2016-12-02 22:45 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\data
2016-12-02 22:45 - 2016-12-02 22:45 - 00001217 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\网址导航.lnk
2016-12-02 22:45 - 2016-12-02 22:45 - 00001211 ____R C:\ProgramData\Microsoft\Windows\Start Menu\网址导航.lnk
2016-11-22 23:33 - 2016-12-06 01:28 - 00000000 ____D C:\Users\anime\Downloads\CX Votes
2016-11-22 23:17 - 2016-12-04 13:36 - 00000000 ____D C:\Users\anime\Downloads\老九门.全集..EP01-48.2016.HD720P.X264.AAC.Mandarin.CHS.Mp4Ba
2016-11-22 23:17 - 2016-11-22 23:17 - 00185993 _____ C:\Users\anime\Downloads\[BtTang.com]老九门.全集..EP01-48.2016.HD720P.X264.AAC.Mandarin.CHS.Mp4Ba.torrent
2016-11-20 23:08 - 2016-11-20 23:08 - 00243084 _____ C:\Users\anime\Downloads\estatement_20161101_4524198801691891_SGD.pdf
2016-11-14 21:31 - 2016-11-16 00:38 - 54267947 _____ C:\Users\anime\Downloads\爱剪辑-珍惜.mp4
2016-11-13 22:35 - 2016-11-14 00:57 - 58596181 _____ C:\Users\anime\Downloads\爱剪辑-手掌心.mp4
2016-11-13 15:44 - 2016-11-13 15:44 - 00001113 _____ C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2016-11-13 15:44 - 2016-11-13 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-11-13 15:43 - 2016-11-13 15:43 - 00000000 ____D C:\ProgramData\Sony
2016-11-13 15:43 - 2016-11-13 15:43 - 00000000 ____D C:\Program Files (x86)\Sony
2016-11-13 15:36 - 2016-11-16 00:46 - 00024845 _____ C:\Users\anime\Downloads\pastlife.mep
2016-11-11 23:25 - 2016-11-11 23:25 - 00001435 _____ C:\Users\Public\Desktop\Free Dailymotion Download.lnk
2016-11-11 21:10 - 2016-12-07 21:01 - 00000000 ____D C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度网盘
2016-11-10 22:51 - 2016-11-02 19:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 22:51 - 2016-11-02 19:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 22:51 - 2016-11-02 19:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 22:51 - 2016-11-02 19:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 22:51 - 2016-11-02 19:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 22:51 - 2016-11-02 19:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 22:51 - 2016-11-02 19:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 22:51 - 2016-11-02 19:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 22:51 - 2016-11-02 19:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 22:51 - 2016-11-02 19:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 22:51 - 2016-11-02 19:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 22:51 - 2016-11-02 19:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 22:51 - 2016-11-02 19:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 22:51 - 2016-11-02 19:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 22:51 - 2016-11-02 18:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 22:51 - 2016-11-02 18:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 22:51 - 2016-11-02 18:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 22:51 - 2016-11-02 18:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 22:51 - 2016-11-02 18:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 22:51 - 2016-11-02 18:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 22:51 - 2016-11-02 18:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 22:51 - 2016-11-02 18:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 22:51 - 2016-11-02 18:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 22:51 - 2016-11-02 18:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 22:51 - 2016-11-02 18:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 22:51 - 2016-11-02 18:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 22:51 - 2016-11-02 18:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 22:51 - 2016-11-02 18:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 22:51 - 2016-11-02 18:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 22:51 - 2016-11-02 18:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 22:51 - 2016-11-02 18:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 22:51 - 2016-11-02 18:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 22:51 - 2016-11-02 18:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 22:51 - 2016-11-02 18:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 22:51 - 2016-11-02 18:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 22:51 - 2016-11-02 18:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 22:51 - 2016-11-02 18:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 22:51 - 2016-11-02 18:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 22:51 - 2016-11-02 18:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 22:51 - 2016-11-02 18:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 22:51 - 2016-11-02 18:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 22:51 - 2016-11-02 18:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 22:51 - 2016-11-02 18:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 22:51 - 2016-11-02 18:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 22:51 - 2016-11-02 18:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 22:51 - 2016-11-02 18:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 22:51 - 2016-11-02 18:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 22:51 - 2016-11-02 18:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 22:51 - 2016-11-02 18:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 22:51 - 2016-11-02 18:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 22:51 - 2016-11-02 18:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 22:51 - 2016-11-02 18:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 22:51 - 2016-11-02 18:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 22:51 - 2016-11-02 18:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 22:51 - 2016-11-02 18:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 22:51 - 2016-11-02 18:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 22:51 - 2016-11-02 18:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 22:51 - 2016-11-02 18:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 22:51 - 2016-11-02 18:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 22:51 - 2016-11-02 18:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 22:51 - 2016-11-02 18:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 22:51 - 2016-11-02 18:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 22:51 - 2016-08-02 12:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-10 22:50 - 2016-11-02 20:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 22:50 - 2016-11-02 20:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 22:50 - 2016-11-02 19:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 22:50 - 2016-11-02 19:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 22:50 - 2016-11-02 19:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 22:50 - 2016-11-02 19:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 22:50 - 2016-11-02 19:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 22:50 - 2016-11-02 19:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 22:50 - 2016-11-02 19:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 22:50 - 2016-11-02 18:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 22:50 - 2016-11-02 18:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 22:50 - 2016-11-02 18:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 22:50 - 2016-11-02 18:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 22:50 - 2016-11-02 18:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 22:50 - 2016-11-02 18:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 22:50 - 2016-11-02 18:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 22:50 - 2016-11-02 18:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 22:50 - 2016-11-02 18:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 22:50 - 2016-11-02 18:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 22:50 - 2016-11-02 18:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 22:50 - 2016-11-02 18:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 22:50 - 2016-11-02 18:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 22:50 - 2016-11-02 18:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 22:50 - 2016-11-02 18:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 22:50 - 2016-11-02 18:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 22:50 - 2016-11-02 18:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 22:50 - 2016-11-02 18:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 22:50 - 2016-11-02 17:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 22:50 - 2016-11-02 17:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 22:44 - 2016-11-02 19:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-10 22:44 - 2016-11-02 19:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-10 22:44 - 2016-11-02 19:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-10 22:44 - 2016-11-02 18:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-10 22:44 - 2016-11-02 18:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-10 22:44 - 2016-11-02 18:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-10 22:44 - 2016-11-02 18:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-10 22:44 - 2016-11-02 18:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-10 22:44 - 2016-11-02 18:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-10 22:44 - 2016-11-02 18:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-10 22:44 - 2016-11-02 18:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-10 22:44 - 2016-11-02 18:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-10 22:44 - 2016-11-02 18:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-10 22:44 - 2016-11-02 18:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-10 22:44 - 2016-11-02 18:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-10 22:44 - 2016-11-02 18:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-10 22:44 - 2016-11-02 18:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-10 22:44 - 2016-11-02 18:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-10 22:44 - 2016-11-02 18:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-10 22:44 - 2016-11-02 18:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-10 22:44 - 2016-11-02 18:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-10 22:44 - 2016-11-02 18:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-10 22:44 - 2016-11-02 18:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-10 22:44 - 2016-11-02 18:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-10 22:44 - 2016-11-02 18:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-10 22:44 - 2016-11-02 18:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-10 22:44 - 2016-11-02 18:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-10 22:44 - 2016-11-02 18:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-10 22:44 - 2016-11-02 18:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-10 22:44 - 2016-11-02 18:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-10 22:44 - 2016-11-02 18:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-10 22:44 - 2016-11-02 18:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-10 22:44 - 2016-11-02 18:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-10 22:44 - 2016-11-02 18:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-10 22:44 - 2016-11-02 18:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-10 22:44 - 2016-11-02 18:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-10 22:44 - 2016-11-02 18:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-10 22:44 - 2016-11-02 18:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-10 22:44 - 2016-11-02 18:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-10 22:44 - 2016-11-02 16:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-10 22:43 - 2016-11-02 19:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-10 22:43 - 2016-11-02 19:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-10 22:43 - 2016-11-02 19:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-10 22:43 - 2016-11-02 19:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-10 22:43 - 2016-11-02 19:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-10 22:43 - 2016-11-02 19:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-10 22:43 - 2016-11-02 19:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-10 22:43 - 2016-11-02 19:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-10 22:43 - 2016-11-02 19:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-10 22:43 - 2016-11-02 19:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-10 22:43 - 2016-11-02 19:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-10 22:43 - 2016-11-02 19:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-10 22:43 - 2016-11-02 19:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-10 22:43 - 2016-11-02 19:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-10 22:43 - 2016-11-02 19:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-10 22:43 - 2016-11-02 18:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-10 22:43 - 2016-11-02 18:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-10 22:43 - 2016-11-02 18:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-10 22:43 - 2016-11-02 18:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-10 22:43 - 2016-11-02 18:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-10 22:43 - 2016-11-02 18:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-10 22:43 - 2016-11-02 18:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-10 22:43 - 2016-11-02 18:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-10 22:43 - 2016-11-02 18:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-10 22:43 - 2016-11-02 18:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-10 22:43 - 2016-11-02 18:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-10 22:43 - 2016-11-02 18:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-10 22:43 - 2016-11-02 18:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-10 22:43 - 2016-11-02 18:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-10 22:43 - 2016-11-02 18:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-10 22:43 - 2016-11-02 18:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-10 22:43 - 2016-11-02 18:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-10 22:43 - 2016-11-02 18:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-10 22:43 - 2016-11-02 18:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-10 22:43 - 2016-11-02 18:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-10 22:43 - 2016-11-02 18:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-10 22:43 - 2016-11-02 18:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-10 22:43 - 2016-11-02 18:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-10 22:43 - 2016-11-02 18:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-10 22:43 - 2016-11-02 18:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-10 22:43 - 2016-11-02 18:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-10 22:43 - 2016-11-02 18:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-10 22:43 - 2016-11-02 18:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-10 22:43 - 2016-11-02 18:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-10 22:43 - 2016-11-02 18:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-10 22:43 - 2016-11-02 18:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-10 22:43 - 2016-11-02 18:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-10 22:43 - 2016-11-02 18:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-10 22:43 - 2016-11-02 18:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-10 22:43 - 2016-11-02 18:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-10 22:43 - 2016-11-02 18:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-10 22:43 - 2016-11-02 18:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-10 22:43 - 2016-11-02 18:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-10 22:43 - 2016-11-02 18:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-10 22:43 - 2016-11-02 18:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-10 22:43 - 2016-11-02 18:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-10 22:43 - 2016-11-02 18:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-10 22:43 - 2016-11-02 18:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-10 22:43 - 2016-11-02 18:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-10 22:43 - 2016-11-02 18:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-10 22:43 - 2016-11-02 18:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-10 22:43 - 2016-11-02 18:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-10 22:43 - 2016-11-02 18:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-10 22:43 - 2016-11-02 18:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-10 22:42 - 2016-11-02 19:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-10 22:42 - 2016-11-02 19:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-10 22:42 - 2016-11-02 19:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-10 22:42 - 2016-11-02 19:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-10 22:42 - 2016-11-02 19:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-10 22:42 - 2016-11-02 19:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-10 22:42 - 2016-11-02 19:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-10 22:42 - 2016-11-02 19:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-10 22:42 - 2016-11-02 19:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-10 22:42 - 2016-11-02 18:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-10 22:42 - 2016-11-02 18:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-10 22:42 - 2016-11-02 18:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-10 22:42 - 2016-11-02 18:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-10 22:42 - 2016-11-02 18:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-10 22:42 - 2016-11-02 18:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-10 22:42 - 2016-11-02 18:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-10 22:42 - 2016-11-02 18:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-10 22:42 - 2016-11-02 18:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-10 22:42 - 2016-11-02 18:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-10 22:42 - 2016-11-02 18:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-10 22:42 - 2016-11-02 18:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-10 22:42 - 2016-11-02 18:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-10 22:42 - 2016-11-02 18:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-10 22:42 - 2016-11-02 18:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-10 22:42 - 2016-11-02 18:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-10 22:42 - 2016-11-02 18:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-10 22:42 - 2016-11-02 18:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-10 22:42 - 2016-11-02 18:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-10 22:42 - 2016-11-02 18:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-10 22:05 - 2016-11-10 22:05 - 00000000 ____D C:\Program Files\McAfee
2016-11-10 19:13 - 2016-11-10 19:13 - 00000000 ____D C:\WINDOWS\Panther
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-07 21:20 - 2016-10-01 17:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-07 21:01 - 2016-04-14 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2016-12-07 20:58 - 2015-10-30 15:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-07 20:12 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-07 20:12 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-07 20:02 - 2016-03-13 23:17 - 00000000 ___RD C:\Users\anime\OneDrive
2016-12-07 20:01 - 2016-10-01 17:25 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-07 20:01 - 2016-03-13 23:13 - 00000000 __SHD C:\Users\anime\IntelGraphicsProfiles
2016-12-07 01:53 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-07 01:09 - 2016-10-01 17:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-07 01:09 - 2016-07-10 22:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-07 01:08 - 2016-07-16 14:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-07 01:04 - 2016-07-25 22:21 - 00000000 ____D C:\Program Files (x86)\IQIYI Video
2016-12-07 00:38 - 2016-09-12 21:18 - 00000000 ____D C:\Users\anime\OneDrive\Documents\Tencent Files
2016-12-07 00:05 - 2016-03-13 23:58 - 00000000 ____D C:\Users\anime\AppData\Roaming\vlc
2016-12-06 01:24 - 2016-10-22 16:26 - 00000000 ____D C:\Users\anime\Downloads\MobileFile
2016-12-05 22:14 - 2016-03-16 23:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-05 22:07 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-04 22:44 - 2016-10-17 01:17 - 00000000 ____D C:\Users\anime\AppData\Local\ElevatedDiagnostics
2016-12-04 13:38 - 2016-03-28 23:05 - 00000000 ____D C:\Users\anime\AppData\Roaming\qBittorrent
2016-12-04 12:52 - 2016-03-13 23:13 - 00000000 ____D C:\Users\anime\AppData\Local\Packages
2016-12-02 23:27 - 2016-04-10 17:58 - 00000000 ____D C:\Users\anime\AppData\Roaming\BaiduYunKongMing
2016-12-02 22:53 - 2016-11-06 14:36 - 00000000 ____D C:\360极速浏览器下载
2016-12-02 22:50 - 2016-04-06 00:24 - 00000000 ____D C:\Program Files\Unlocker
2016-12-02 22:49 - 2016-08-28 01:57 - 00000000 ____D C:\Users\anime\Downloads\Locale.Emulator.2.2.1.0
2016-12-01 22:16 - 2016-10-01 17:30 - 00000000 ____D C:\Users\anime
2016-11-24 23:49 - 2016-04-14 21:33 - 00000000 ____D C:\Users\anime\AppData\Roaming\DVDVideoSoft
2016-11-24 21:48 - 2016-11-01 22:17 - 00001251 _____ C:\Users\anime\Desktop\bilibili投稿工具.lnk
2016-11-23 22:14 - 2016-06-22 13:49 - 00000000 ____D C:\Users\anime\AppData\Roaming\BITS
2016-11-22 21:31 - 2016-11-01 22:19 - 00000000 ____D C:\Users\anime\AppData\Local\Biliugc
2016-11-20 21:00 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-20 02:28 - 2016-07-04 14:49 - 00000000 ____D C:\Users\anime\Downloads\movie
2016-11-16 00:46 - 2016-08-28 01:53 - 00000000 ___HD C:\ProgramData\winmedll
2016-11-15 21:36 - 2016-07-16 19:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-15 21:35 - 2015-10-30 10:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-15 21:00 - 2016-03-13 23:30 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 21:00 - 2016-03-13 23:30 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 20:36 - 2016-10-01 17:20 - 00394680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-14 20:36 - 2015-10-30 10:18 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-14 20:36 - 2015-10-30 10:18 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-13 23:27 - 2016-07-31 18:54 - 00000000 ____D C:\FFOutput
2016-11-13 19:23 - 2016-10-01 17:54 - 00003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-13 19:23 - 2016-10-01 17:54 - 00003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-13 15:43 - 2016-09-23 17:16 - 00000000 ____D C:\Users\anime\AppData\Local\Sony
2016-11-13 15:43 - 2016-09-23 17:15 - 00000000 ____D C:\Users\anime\AppData\Roaming\Sony
2016-11-12 11:32 - 2015-10-30 10:17 - 01162366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-12 11:28 - 2015-10-30 10:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-12 02:15 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-12 01:40 - 2016-07-10 22:38 - 00000000 ____D C:\Users\anime\Downloads\software
2016-11-11 23:25 - 2016-04-14 21:34 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2016-11-11 21:27 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-10 22:25 - 2016-03-14 16:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-10 22:21 - 2016-03-14 16:33 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 00:01 - 2016-10-01 17:54 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2016-09-27 16:01 - 2016-09-27 16:01 - 0137160 _____ () C:\Users\anime\AppData\Roaming\moter.exe
2016-11-03 21:10 - 2016-11-03 21:10 - 0076168 _____ (Tencent) C:\Users\anime\AppData\Roaming\S2Q4mOvF.xml
2016-09-12 21:17 - 2016-09-12 21:17 - 0637248 _____ () C:\Users\anime\AppData\Roaming\TXQBINSTX.DLL
2016-10-27 18:10 - 2016-10-27 18:10 - 0076168 _____ (Tencent) C:\Users\anime\AppData\Roaming\z99kP8.dat
2016-07-10 22:44 - 2016-07-10 22:45 - 0000032 _____ () C:\Users\anime\AppData\Local\temp.tmp
2016-10-01 17:25 - 2016-10-01 17:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-10 22:44 - 2016-11-10 22:44 - 0076168 _____ (Tencent) C:\ProgramData\VDi4U.log
 
Some files in TEMP:
====================
C:\Users\anime\AppData\Local\Temp\360ini.dll
C:\Users\anime\AppData\Local\Temp\dllnt_dump.dll
C:\Users\anime\AppData\Local\Temp\dr.dll
C:\Users\anime\AppData\Local\Temp\libeay32.dll
C:\Users\anime\AppData\Local\Temp\masauto_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\masblog_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\masflag_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\msvcr120.dll
C:\Users\anime\AppData\Local\Temp\QYAgent_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\sqlite3.dll
C:\Users\anime\AppData\Local\Temp\un.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-05 22:50
 
==================== End of FRST.txt ============================
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by anime (07-12-2016 21:23:26)
Running from C:\Users\anime\Downloads
Windows 10 Home Version 1607 (X64) (2016-10-01 09:58:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-237224756-2638106951-3263937477-500 - Administrator - Disabled)
anime (S-1-5-21-237224756-2638106951-3263937477-1001 - Administrator - Enabled) => C:\Users\anime
DefaultAccount (S-1-5-21-237224756-2638106951-3263937477-503 - Limited - Disabled)
Guest (S-1-5-21-237224756-2638106951-3263937477-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6D0ADF03-B505-F836-3317-521C40DDB44C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
bilibili投稿工具 1.2.1.5 (HKLM-x32\...\bilibili投稿工具) (Version: 1.2.1.5 - Bilibili)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
FlashGet3.7 (HKLM-x32\...\FlashGet3.7) (Version: 3.7.0.1220 - hxxp://www.FlashGet.com)
FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
Free Dailymotion Download (HKLM-x32\...\Free Dailymotion Download_is1) (Version: 1.0.87.829 - Digital Wave Ltd)
Free Video Editor (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.53.831 - Digital Wave Ltd)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.28.831 - Digital Wave Ltd)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.13.518 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7fdb5c8c-2bc0-49e8-afcb-ae7f4ad526fd}) (Version: 18.12.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{10307C17-F7FD-405D-9F3B-0BF66EA43857}) (Version: 1.0.26920.1393 - Intel Corporation)
iTudou (HKLM-x32\...\iTudou) (Version: 4.1.3.5260 - youkutudou, Inc.)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Maxx Audio Installer (x64) (Version: 2.6.6424.0 - Waves Audio Ltd.) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.279 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2105 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.44 - mIRC Co. Ltd.)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Product Registration (Version: 3.0.123.0 - Dell Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.32 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
RogueKiller version 12.8.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.4.0 - Adlice Software)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Tencent QQMail Plugin (HKLM-x32\...\QQMailPlugin) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
优酷加速组件 (HKLM-x32\...\YoukuClient) (Version: 6.8.8.4225 - youkutudou, Inc.)
爱剪辑 正式版 V2.9 Build 1600 (HKLM-x32\...\爱剪辑_is1) (Version:  - 爱剪辑)
百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.1 - 百度在线网络技术(北京)有限公司)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.6.18804.0 - 腾讯科技(深圳)有限公司)
腾讯视频 (HKLM-x32\...\qqlive) (Version: 9.14.1503.0 - 腾讯科技(深圳)有限公司)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Users\anime\AppData\Local\360Chrome\Chrome\Application\360chrome.exe (360.cn)
CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{5ed339e2-e6a7-576a-be70-fb9cdbdce50e}\InprocServer32 -> C:\Users\anime\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll (Youku)
CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {091F2D48-190F-45BD-ABCA-6F71CD1DC9D4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {1209734F-E935-4E1C-A4CD-5B597CB7FD71} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-20] (PC-Doctor, Inc.)
Task: {19DD82A8-5AEC-42CA-A9BC-DC3400A8A48F} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {38C16DF6-3380-4F15-AA3E-F0730E4BE1BA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-02] (Microsoft Corporation)
Task: {3A0F4655-6955-4AE5-8D39-4F19EF938F1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-13] (Google Inc.)
Task: {5A3DD1FB-A7EF-438F-8E1C-969C95EFEBBC} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-15] (Realtek Semiconductor)
Task: {5A7EB9B2-5D73-4634-B6EE-CBC47E82FA9D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation)
Task: {617D10C4-3C54-4E26-846F-257B6910448E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {75F0A3FF-4C20-4EE3-9CB5-44A0F75D910A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-13] (Dropbox, Inc.)
Task: {8DCABC9E-0CC9-45A4-8B00-6FE883E9087F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-13] (Dropbox, Inc.)
Task: {9EF3B614-6277-4820-A736-5A6F86E33694} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-20] (PC-Doctor, Inc.)
Task: {C5D257D8-A103-41B9-8506-45CC40ED66A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {D3C216DA-14DF-47E9-BD08-D11188FF3287} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {DA3163AA-8535-470A-A5F3-37475610D2D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-13] (Google Inc.)
Task: {E18D3EE1-DD89-4069-BC5A-2A2CA0D15E6C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation)
Task: {E9361B66-21ED-44DA-B9D6-6AFBEDDDD415} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => 46 cmd c sc start Dell Help Support WORKGROUP DESKTOP E1SJRSE
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360极速浏览器\了解功能特性.lnk -> C:\Users\anime\AppData\Local\360Chrome\Chrome\Application\360chrome.exe (360.cn) -> hxxp://chrome.360.cn/features/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-16 00:10 - 2016-01-22 16:57 - 00089008 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-02 08:55 - 2016-10-02 08:55 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-02 08:55 - 2016-10-02 08:55 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-12 11:57 - 2016-05-12 11:57 - 00391824 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-02 08:55 - 2016-10-02 08:55 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-01 18:39 - 2016-10-01 18:40 - 01864384 _____ () C:\Users\anime\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-05-18 14:34 - 2016-11-15 21:32 - 08919744 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2010-07-15 12:44 - 2010-07-15 12:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-03-21 16:59 - 2016-11-11 21:10 - 00248864 _____ () C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunShellExt64.dll
2016-07-10 22:44 - 2015-10-10 13:00 - 00707624 _____ () C:\Users\anime\AppData\Roaming\ytmediacenter\X64\cmc64.dll
2016-10-02 08:56 - 2016-10-02 08:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-10 22:44 - 2016-11-02 18:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 22:42 - 2016-11-02 18:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 22:42 - 2016-11-02 18:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 22:42 - 2016-11-02 18:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 22:42 - 2016-11-02 18:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 22:42 - 2016-11-02 18:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-11 21:10 - 2016-11-10 16:18 - 07674912 _____ () C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\baidunetdisk.exe
2016-03-21 17:04 - 2016-11-11 21:10 - 01051680 _____ () C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe
2016-11-19 00:06 - 2016-11-19 00:06 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-19 00:06 - 2016-11-19 00:06 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-19 00:06 - 2016-11-19 00:06 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-07 01:11 - 2016-12-05 11:57 - 25550920 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe
2016-11-23 22:20 - 2016-11-23 22:20 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 22:20 - 2016-11-23 22:20 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 14:34 - 2016-06-03 14:34 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 22:20 - 2016-11-23 22:20 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 22:20 - 2016-11-23 22:20 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-12-07 20:07 - 2016-12-07 20:07 - 00016384 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.4.1.0_x86__wgeqdkkx372wm\Twitter.Windows.exe
2016-04-14 21:34 - 2016-10-27 12:18 - 00114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-04-14 21:34 - 2016-10-27 12:18 - 00108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-04-14 21:34 - 2016-10-27 12:18 - 00024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-04-14 21:34 - 2016-10-27 12:18 - 00048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-09-09 08:32 - 2016-09-09 08:32 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-24 07:26 - 2015-06-24 07:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-08-14 17:17 - 2015-08-14 17:17 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-10-01 18:39 - 2016-10-01 18:39 - 01383616 _____ () C:\Users\anime\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-10-01 18:40 - 2016-10-01 18:40 - 00118976 _____ () C:\Users\anime\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-03-16 10:42 - 2016-08-04 15:39 - 02084864 _____ () C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\exiv2.dll
2016-03-16 10:42 - 2016-08-04 15:40 - 00105472 _____ () C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\libexpat.dll
2012-04-28 10:42 - 2012-04-28 10:42 - 00249856 _____ () C:\Program Files (x86)\FlashGet Network\FlashGet 3\BugReport.dll
2012-11-01 10:20 - 2012-11-01 10:20 - 00059056 _____ () C:\Program Files (x86)\FlashGet Network\FlashGet 3\zlib.dll
2012-04-28 10:42 - 2012-04-28 10:42 - 00262144 _____ () C:\Program Files (x86)\FlashGet Network\FlashGet 3\ckcore.dll
2016-12-07 20:07 - 2016-12-07 20:07 - 14899200 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.4.1.0_x86__wgeqdkkx372wm\Twitter.Windows.dll
2016-11-15 21:00 - 2016-11-09 04:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 21:00 - 2016-11-09 04:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 15:24 - 2015-10-30 15:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\anime\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{33490b3b-30b1-405a-b8a9-97e3bc331008}.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{D06D8BD7-865D-4DF4-A8CE-6416C677F990}] => C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe
FirewallRules: [{C8A3A4F2-5644-472E-81C2-A767B21C5DF1}] => C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe
FirewallRules: [{A995748A-2B4B-473C-92DE-887B35459E58}] => C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{CFD6DA82-EE0D-44C2-9359-914E52D66F7F}] => C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{B67F6CA5-0DAF-41F1-8964-965BBF660E81}] => C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{4FEFFFF1-31D8-4119-B85B-FE9C9D586BC4}] => C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe
FirewallRules: [{84A4D898-6E56-41AF-86E0-F000D0E214A9}] => C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe
FirewallRules: [UDP Query User{BA34E2CA-A805-4AEA-AC96-E6F0C29391B0}C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe] => C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe
FirewallRules: [TCP Query User{67502020-3286-4A7F-A4DB-BDDE6089A535}C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe] => C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe
FirewallRules: [{AB548649-3BA3-436D-855F-F1BD7E1C7285}] => C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{A2B1BA52-D1E4-4FA3-A093-616809861DE5}] => C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A340E2E6-0A2A-44EA-8879-6559625FA35F}] => C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\QyKernel.exe
FirewallRules: [UDP Query User{B58A4805-7A53-40FB-99E9-FF1BBDDAC8CF}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{500DC2A9-9D08-4159-B7A9-B6F1F453A989}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{58CAD0C8-E283-4DDF-AEF8-813AA033E55A}C:\program files (x86)\youku\tudouclient\ikuacc.exe] => C:\program files (x86)\youku\tudouclient\ikuacc.exe
FirewallRules: [TCP Query User{47F09CDF-D1CD-4FCA-B2DC-9C30D48F394D}C:\program files (x86)\youku\tudouclient\ikuacc.exe] => C:\program files (x86)\youku\tudouclient\ikuacc.exe
FirewallRules: [{A75B1901-529B-433A-9CAA-863EB39AB54B}] => C:\Users\anime\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{C24D7DEE-5461-4030-9392-2A54301FBEC0}] => C:\Users\anime\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{EE9E87C5-F22C-4AA3-90FD-AFF503995DF0}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6C81AA42-F63A-4691-A58E-56973953A9AB}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D67F5874-8A60-41F4-8E80-71B5415FCBF0}] => C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{507D1A2A-E61E-41BA-A82D-7A3C39CEA7A7}] => C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{FBFBD67E-724F-4D26-81BD-12D8A5255206}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E3A30A46-0ECA-46C9-95B1-3C1AF0505E8F}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C1E9DA29-41EC-40F6-B97E-2328AFC429F4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62AC644E-4CDC-4BCE-9EB4-826DA458A12B}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6BBEF57-CBF4-4A9F-A59E-BAC4623F0799}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0EDBF77-BAB8-41EB-988F-C1919CA62F5A}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8F206199-C3AA-4CEF-9700-E1BB0FE03D08}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{278D7CCF-6833-461F-86FE-8CE6468F1F76}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{528ABAA3-C740-4CA1-A6F3-44980269099A}C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe] => C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe
FirewallRules: [UDP Query User{30A36D7A-8903-47D9-87BA-048289453AC7}C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe] => C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe
FirewallRules: [{47E551BD-CCED-434E-BDB6-8DCF6C83F69F}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{5FAD4C07-5ED3-433B-AB43-4E8026E691A3}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{6323DF21-B831-420A-8896-5745FD420CDE}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{024E9001-4C13-425A-A196-887ECD4646DC}] => C:\users\anime\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
FirewallRules: [{E3254C7C-3284-45E9-B902-5D80DC92309F}] => C:\users\anime\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
FirewallRules: [{0F9A1544-AE02-4EF7-9B70-6751E7B7BCC5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ABFBA8EA-B1BC-41C5-8BE6-9E0D426028DB}] => C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
 
==================== Restore Points =========================
 
20-11-2016 00:39:51 Scheduled Checkpoint
27-11-2016 22:22:41 Scheduled Checkpoint
04-12-2016 23:41:47 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/07/2016 08:58:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 10.0.14393.0, time stamp: 0x57899ab2
Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819bc32
Exception code: 0xc0000005
Fault offset: 0x000000000003891f
Faulting process ID: 0xf6c
Faulting application start time: 0x01d24fe374221e19
Faulting application path: C:\WINDOWS\system32\wbem\wmiprvse.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 2c4969ba-9fd6-443f-9cbe-3c91701856cf
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/07/2016 01:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15640
 
Error: (12/07/2016 01:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15640
 
Error: (12/07/2016 01:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/07/2016 01:17:24 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/07/2016 01:13:31 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/07/2016 01:09:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelCpHDCPSvc.exe, version: 1.0.0.1, time stamp: 0x572a4b65
Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819bc32
Exception code: 0xc0000005
Fault offset: 0x000000000002f21b
Faulting process ID: 0xafc
Faulting application start time: 0x01d24fe373db3741
Faulting application path: C:\WINDOWS\system32\IntelCpHDCPSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 0813dba1-468d-49ee-be08-8f08391baeb3
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/07/2016 01:07:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-E1SJRSE)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/07/2016 12:33:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelCpHDCPSvc.exe, version: 1.0.0.1, time stamp: 0x572a4b65
Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819bc32
Exception code: 0xc0000005
Fault offset: 0x000000000002f21b
Faulting process ID: 0xa90
Faulting application start time: 0x01d24fde86890d23
Faulting application path: C:\WINDOWS\system32\IntelCpHDCPSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: e4c25aed-ba53-4a31-b419-71e62281032e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/07/2016 12:32:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-E1SJRSE)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (12/07/2016 08:59:03 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (12/07/2016 08:58:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/07/2016 08:01:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/07/2016 08:01:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/07/2016 08:01:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/07/2016 01:09:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/07/2016 01:09:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/07/2016 01:09:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/07/2016 01:09:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Content Protection HDCP Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (12/07/2016 01:09:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQLiveService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-07 21:22:06.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 21:22:06.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 21:06:05.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 20:30:07.861
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 20:30:07.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 20:29:35.235
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 20:29:35.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 01:41:05.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 01:41:05.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 01:03:13.053
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 8078.59 MB
Available physical RAM: 4586.26 MB
Total Virtual: 9358.59 MB
Available Virtual: 5707.86 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:453.8 GB) (Free:365.95 GB) NTFS
Drive e: (Jun) (Fixed) (Total:931.51 GB) (Free:148.86 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: ACA86A48)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 721E5F28)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by shinn, 07 December 2016 - 09:12 AM.


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:58 AM

Posted 07 December 2016 - 12:53 PM

2. RogueKiller report

I can't seem to post the report here. I will attach the txt file as an attachment instead.

For some reason the file doesn't appear as an attachment.
Can you try and attach it again.

Thanks

BBPP6nz.png


#6 shinn

shinn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 08 December 2016 - 12:32 PM

Ok, let me try posting RogueKiller report again. 

Attached Files



#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:58 AM

Posted 08 December 2016 - 03:00 PM

Hi Shinn,
 

Hi, regarding the below programs, I'm using those in green. The rest it's fine to remove.

Quote

360极速浏览器 (HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\360Chrome) (Version: 8.7.0.206 - 360安全中心)
优酷加速组件 (HKLM-x32\...\YoukuClient) (Version: 6.8.8.4225 - youkutudou, Inc.)
爱剪辑 正式版 V2.9 Build 1600 (HKLM-x32\...\爱剪辑_is1) (Version: - 爱剪辑)
爱奇艺PPS (HKLM-x32\...\PPStream) (Version: 5.3.21.2675 - 爱奇艺)
爱奇艺万能播放器 (HKLM-x32\...\GeePlayer) (Version: 2.3.25.2401 - 爱奇艺) <==== ATTENTION
百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.1 - 百度在线网络技术(北京)有限公司)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.6.18804.0 - 腾讯科技(深圳)有限公司)
腾讯视频 (HKLM-x32\...\qqlive) (Version: 9.14.1503.0 - 腾讯科技(深圳)有限公司)
超霸传奇 (HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\超霸传奇) (Version: - )


It's best that you try to uninstall those yourself.
Some may have already been removed by the tools we've used.

The problem we are having is that what you class as necessary programs ..... are being removed by the tools.
To be honest, the tools are removing them for good reason.
So you may well find that certain programs you used are no longer available on your system.
This is the problem when users rely on p2p programs.

It's probably best that I just clean the orphan entries in the FRST report for now.

Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\anime\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

also let me know if the original problem:

there is an unknown program seemingly trying to change my home page in the Internet Explorer to http:///. and there are signs of funny ads popping out.

has been corrected.

Thanks

Attached Files


BBPP6nz.png


#8 shinn

shinn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 09 December 2016 - 09:31 AM

Yes, the one being removed is a cloud program I use to store my files and the other is the movie editing tool I use. Seems that the movie editing tools are not uninstalled. As for the other I see if I need to use it again. In any case, it's probably good to have those removed.  

 

Here is my Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016

Ran by anime (09-12-2016 21:36:36) Run:1
Running from C:\Users\anime\Downloads
Loaded Profiles: anime (Available Profiles: anime)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-237224756-2638106951-3263937477-1001 -> DefaultScope {4FAEC076-D28A-4595-AA05-9C112B544941} URL = 
SearchScopes: HKU\S-1-5-21-237224756-2638106951-3263937477-1001 -> {4FAEC076-D28A-4595-AA05-9C112B544941} URL = 
BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll => No File
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\anime\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll => No File
FF Plugin: @iqiyi.com/npclient -> C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\npclient.dll [No File]
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [No File]
FF Plugin-x32: @qq.com/QQlive -> C:\Program Files (x86)\Tencent\QQLive\9.14.1503.0\npQQLive.dll [No File]
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [No File]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 QQLiveService; C:\Program Files (x86)\Tencent\QQLive\9.14.1503.0\LiveService.dll [X]
S2 WebServeTD; C:\Program Files (x86)\YouKu\tudouClient\WebServeTD.exe [X]
C:\Users\anime\AppData\Local\Temp\360ini.dll
C:\Users\anime\AppData\Local\Temp\dllnt_dump.dll
C:\Users\anime\AppData\Local\Temp\dr.dll
C:\Users\anime\AppData\Local\Temp\libeay32.dll
C:\Users\anime\AppData\Local\Temp\masauto_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\masblog_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\masflag_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\msvcr120.dll
C:\Users\anime\AppData\Local\Temp\QYAgent_runxx.dl.dll
C:\Users\anime\AppData\Local\Temp\sqlite3.dll
C:\Users\anime\AppData\Local\Temp\un.exe
ShortcutWithArgument: C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360极速浏览器\了解功能特性.lnk -> C:\Users\anime\AppData\Local\360Chrome\Chrome\Application\360chrome.exe (360.cn) -> hxxp://chrome.360.cn/features/
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
 
 
*****************
 
"HKU\S-1-5-21-237224756-2638106951-3263937477-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-237224756-2638106951-3263937477-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4FAEC076-D28A-4595-AA05-9C112B544941}" => key removed successfully
HKCR\CLSID\{4FAEC076-D28A-4595-AA05-9C112B544941} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}" => key removed successfully
"HKLM\Software\MozillaPlugins\@iqiyi.com/npclient" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/YunWebDetectPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQlive" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQMiniDLPlugin" => key removed successfully
ibtsiva => Unable to stop service.
ibtsiva => service removed successfully
QQLiveService => service removed successfully
WebServeTD => service removed successfully
C:\Users\anime\AppData\Local\Temp\360ini.dll => moved successfully
C:\Users\anime\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\anime\AppData\Local\Temp\dr.dll => moved successfully
C:\Users\anime\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\anime\AppData\Local\Temp\masauto_runxx.dl.dll => moved successfully
C:\Users\anime\AppData\Local\Temp\masblog_runxx.dl.dll => moved successfully
C:\Users\anime\AppData\Local\Temp\masflag_runxx.dl.dll => moved successfully
C:\Users\anime\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\anime\AppData\Local\Temp\QYAgent_runxx.dl.dll => moved successfully
C:\Users\anime\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\anime\AppData\Local\Temp\un.exe => moved successfully
C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360极速浏览器\了解功能特性.lnk => Shortcut argument removed successfully.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 202577254 B
Java, Flash, Steam htmlcache => 1108 B
Windows/system/drivers => 101822541 B
Edge => 434627 B
Chrome => 847131718 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 160394 B
NetworkService => 22712 B
anime => 488607631 B
 
RecycleBin => 0 B
EmptyTemp: => 1.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:46:59 ====
 

 

there is an unknown program seemingly trying to change my home page in the Internet Explorer to http:///. and there are signs of funny ads popping out.

This issue seem to be solved. 



#9 shinn

shinn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 10 December 2016 - 12:51 PM

Hi, I still have another issue. How do I remove the two blank icons under my devices/drives as they cannot be deleted? I have attached the printscreen of them. Thanks a lot for the help. 

 

Attached Files

  • Attached File  what.jpg   28.37KB   0 downloads


#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:58 AM

Posted 10 December 2016 - 02:53 PM

Hi shinn,
 

How do I remove the two blank icons under my devices/drives as they cannot be deleted?

Have to admit that I haven't seen anything like that.
Have you any idea what they relate to?
What used to come up under Devices and Drives before?
If you right click on those icons, what information does it give when you click on Properties

FRST was showing....

Drive c: (OS) (Fixed) (Total:453.8 GB) (Free:365.95 GB) NTFS
Drive e: (Jun) (Fixed) (Total:931.51 GB) (Free:148.86 GB) NTFS

What is the drive e ?

Click Start >> Settings >> Devices >> Connected Devices (left hand side)
what is listed under the Other Devices section?

Also if you then click on Devices and Printers ( at the bottom )
What is listed there?

Edited by Starbuck, 10 December 2016 - 03:51 PM.

BBPP6nz.png


#11 shinn

shinn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 10 December 2016 - 11:53 PM

Hi, here is my replies. Hope you are able to advise. Thank you so much.


 

Have to admit that I haven't seen anything like that.
Have you any idea what they relate to?
What used to come up under Devices and Drives before?
If you right click on those icons, what information does it give when you click on Properties

 

I have attached the printscreen once more. This is related to the "百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.1 - 百度在线网络技术(北京)有限公司)" program we removed earlier. The other blank one didn't appear this time. 

Attached File  Untitled.jpg   37.2KB   0 downloads

 

 

What is the drive e ?

 

This is my portable harddisk. 

 

 

Click Start >> Settings >> Devices >> Connected Devices (left hand side)
what is listed under the Other Devices section?

Also if you then click on Devices and Printers ( at the bottom )
What is listed there?

 

 

Attached the printscreen for your reference.

 

Attached File  Untitled.jpg   69.86KB   0 downloads



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:58 AM

Posted 11 December 2016 - 02:07 PM

Hi shinn

This is related to the "百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.1 - 百度在线网络技术(北京)有限公司)" program we removed earlier.

Is this the software in question?
http://295662.software.informer.com/

Obviously some remnants have been left behind.
Let's see if this gets the remnants.

Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista,7,8 or 10 ...instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
If that doesn't cure it, let me have another set of FRST reports and I'll see if i can find the remnants.

Please re-run FRST.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
Thanks

BBPP6nz.png


#13 shinn

shinn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 12 December 2016 - 08:48 AM

Is this the software in question?
http://295662.software.informer.com/

 

Yes, that is the software linked to the drive. I think it's a folder which sync to my account of that software.

 

I had done the procedure but that doesn't solve the problem. Below is my JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64 
Ran by anime (Administrator) on 12/12/2016 at 20:44:55.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Public\qiyi (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Program Files (x86)\qqmailplugin (Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_591B146E795C8658F43234B02EB0B2AA (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DC4B5B6-C122-44C4-825C-B310513A47CB} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DC4B5B6-C122-44C4-825C-B310513A47CB} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/12/2016 at 20:55:09.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Here is my FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by anime (administrator) on DESKTOP-E1SJRSE (12-12-2016 20:59:09)
Running from C:\Users\anime\Downloads
Loaded Profiles: anime (Available Profiles: anime)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-07-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-10] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3885616 2015-07-24] (Dell Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [602032 2015-08-07] (Waves Audio Ltd.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-02] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YoukuMediaCenter] => C:\Users\anime\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [3141200 2016-04-22] (youku.com)
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [BaiduYunDetect] => "C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe"
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [FlashGet 3] => C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe [3377256 2013-04-18] (Trend Media Corporation Limited)
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [YoukuMediaCenter] => C:\Users\anime\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [3141200 2016-04-22] (youku.com)
ShellIconOverlayIdentifiers: [   Report64] -> {C7D0BD5D-B11A-47DB-BB14-7F930B3F7705} => C:\Users\anime\AppData\Roaming\ytmediacenter\X64\report64.dll [2015-10-10] (Youku.com)
ShellIconOverlayIdentifiers-x32: [   Report] -> {32C50D96-7A9E-4F3E-8763-F74D86AFEDC2} => C:\Users\anime\AppData\Roaming\ytmediacenter\report.dll [2015-10-10] (Youku.com)
ShellIconOverlayIdentifiers-x32: [   YoukuModShlExt] -> {9071723E-9F41-4A8C-9CC2-EB6F94BA9B9E} => C:\Users\anime\AppData\Roaming\ytmediacenter\coreplay.dll [2015-12-08] (Youku.com)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a6f2dd61-ae87-4794-8757-31bbe61daac0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{f7fcef74-d059-411e-853d-7cb90b398733}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-237224756-2638106951-3263937477-1001 -> DefaultScope {4FAEC076-D28A-4595-AA05-9C112B544941} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-15] (Microsoft Corporation)
BHO: YoukuEyeOnIE64 Class -> {509DC5B8-F673-4102-B86E-5BF20BF4EE54} -> C:\Users\anime\AppData\Roaming\ytmediacenter\X64\ykcool64.dll [2015-12-25] (Youku.com)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-11-15] (Microsoft Corporation)
BHO-x32: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Users\anime\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll [2012-11-01] (Trend Media Group)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-15] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-10-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [No File]
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-237224756-2638106951-3263937477-1001: youku.com/YoukuAgent -> C:\Users\anime\AppData\Roaming\ytmediacenter\npYoukuAgent.dll [2015-12-09] (Youku)
FF Plugin HKU\S-1-5-21-237224756-2638106951-3263937477-1001: youku.com/YoukuAgent_x86_64 -> C:\Users\anime\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll [2015-12-09] (Youku)
 
Chrome: 
=======
CHR Profile: C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\anime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-20] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-10-30] (Microsoft Corporation)
S2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [438416 2016-05-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [363664 2016-05-12] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [166152 2016-10-03] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
S3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-07-22] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-10] (Synaptics Incorporated)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [564144 2015-07-08] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)
S2 Bonjour Service; C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\mDNSResponder.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [4043544 2015-07-17] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-09-01] (Realtek                                            )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-28] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [48296 2015-07-10] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-12 20:55 - 2016-12-12 20:55 - 00001458 _____ C:\Users\anime\Desktop\JRT.txt
2016-12-12 20:38 - 2016-12-12 20:42 - 01631928 _____ (Malwarebytes) C:\Users\anime\Downloads\JRT.exe
2016-12-12 20:34 - 2016-12-12 20:34 - 00000000 ___HD C:\OneDriveTemp
2016-12-12 01:32 - 2016-12-12 01:33 - 574489387 _____ C:\Users\anime\Downloads\[Ajin2.com] Ajin Season 2 Episode 10 [720p] [Subbed].mkv
2016-12-09 21:40 - 2016-11-11 18:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 21:40 - 2016-11-11 18:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 21:40 - 2016-11-11 18:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 21:40 - 2016-11-11 18:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 21:40 - 2016-11-11 18:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 21:40 - 2016-11-11 18:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 21:40 - 2016-11-11 18:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 21:40 - 2016-11-11 18:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 21:40 - 2016-11-11 18:01 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-09 21:40 - 2016-11-11 17:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 21:40 - 2016-11-11 17:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 21:40 - 2016-11-11 17:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 21:40 - 2016-11-11 17:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 21:40 - 2016-11-11 17:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 21:40 - 2016-11-11 17:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 21:40 - 2016-11-11 17:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 21:40 - 2016-11-11 17:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 21:40 - 2016-11-11 17:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 21:40 - 2016-11-11 17:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 21:40 - 2016-11-11 17:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 21:40 - 2016-11-11 17:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 21:40 - 2016-11-11 17:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 21:40 - 2016-11-11 17:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 21:40 - 2016-11-11 17:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 21:40 - 2016-11-11 17:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 21:40 - 2016-11-11 17:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 21:40 - 2016-11-11 17:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-12-09 21:40 - 2016-11-11 17:17 - 01004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-09 21:40 - 2016-11-11 17:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 21:40 - 2016-11-11 17:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 21:40 - 2016-11-11 17:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 21:40 - 2016-11-11 17:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 21:40 - 2016-11-11 17:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 21:40 - 2016-11-11 17:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 21:40 - 2016-11-11 17:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 21:40 - 2016-11-11 17:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 21:40 - 2016-11-11 17:04 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-09 21:40 - 2016-11-11 17:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 21:40 - 2016-11-11 15:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 21:40 - 2016-11-11 15:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 21:40 - 2016-11-11 15:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 21:40 - 2016-11-11 15:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 21:40 - 2016-11-11 15:42 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-09 21:40 - 2016-11-11 15:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 21:40 - 2016-11-11 15:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 21:40 - 2016-11-11 15:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 21:40 - 2016-11-11 15:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 21:40 - 2016-11-11 15:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 21:40 - 2016-11-11 15:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 21:40 - 2016-11-11 15:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 21:40 - 2016-11-11 15:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 21:40 - 2016-11-11 15:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 21:40 - 2016-11-11 15:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 21:40 - 2016-11-11 15:19 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-09 21:40 - 2016-11-11 15:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 21:40 - 2016-11-11 15:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 21:40 - 2016-11-11 15:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 21:40 - 2016-11-11 15:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 21:40 - 2016-11-11 15:15 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-09 21:40 - 2016-11-11 15:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 21:40 - 2016-11-11 15:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 21:40 - 2016-11-11 15:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 21:40 - 2016-11-11 15:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-09 21:40 - 2016-11-11 15:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 21:40 - 2016-11-11 15:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 21:40 - 2016-11-11 15:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 21:40 - 2016-11-11 15:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 21:40 - 2016-11-11 15:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 21:40 - 2016-11-11 15:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 21:40 - 2016-11-11 15:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 21:40 - 2016-11-11 15:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 21:40 - 2016-11-11 15:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 21:40 - 2016-11-11 15:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 21:40 - 2016-11-11 15:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 21:40 - 2016-11-11 15:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 21:39 - 2016-11-11 18:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 21:39 - 2016-11-11 18:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 21:39 - 2016-11-11 18:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 21:39 - 2016-11-11 18:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 21:39 - 2016-11-11 18:13 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-09 21:39 - 2016-11-11 18:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 21:39 - 2016-11-11 18:10 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-09 21:39 - 2016-11-11 18:09 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-09 21:39 - 2016-11-11 18:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 21:39 - 2016-11-11 18:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-09 21:39 - 2016-11-11 18:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 21:39 - 2016-11-11 18:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 21:39 - 2016-11-11 18:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 21:39 - 2016-11-11 18:01 - 02189152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-09 21:39 - 2016-11-11 18:01 - 01738048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-09 21:39 - 2016-11-11 18:01 - 00658264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-09 21:39 - 2016-11-11 18:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 21:39 - 2016-11-11 18:01 - 00401760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-09 21:39 - 2016-11-11 18:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 21:39 - 2016-11-11 18:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 21:39 - 2016-11-11 18:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 21:39 - 2016-11-11 17:59 - 02913136 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-09 21:39 - 2016-11-11 17:59 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-09 21:39 - 2016-11-11 17:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 21:39 - 2016-11-11 17:57 - 08170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-09 21:39 - 2016-11-11 17:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 21:39 - 2016-11-11 17:57 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-09 21:39 - 2016-11-11 17:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 21:39 - 2016-11-11 17:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 21:39 - 2016-11-11 17:56 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-09 21:39 - 2016-11-11 17:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 21:39 - 2016-11-11 17:56 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-09 21:39 - 2016-11-11 17:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 21:39 - 2016-11-11 17:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 21:39 - 2016-11-11 17:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 21:39 - 2016-11-11 17:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 21:39 - 2016-11-11 17:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 21:39 - 2016-11-11 17:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 21:39 - 2016-11-11 17:51 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-09 21:39 - 2016-11-11 17:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 21:39 - 2016-11-11 17:31 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-09 21:39 - 2016-11-11 17:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 21:39 - 2016-11-11 17:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-09 21:39 - 2016-11-11 17:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 21:39 - 2016-11-11 17:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-09 21:39 - 2016-11-11 17:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 21:39 - 2016-11-11 17:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 21:39 - 2016-11-11 17:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 21:39 - 2016-11-11 17:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 21:39 - 2016-11-11 17:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 21:39 - 2016-11-11 17:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 21:39 - 2016-11-11 17:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 21:39 - 2016-11-11 17:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 21:39 - 2016-11-11 17:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 21:39 - 2016-11-11 17:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 21:39 - 2016-11-11 17:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 21:39 - 2016-11-11 17:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 21:39 - 2016-11-11 17:24 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-09 21:39 - 2016-11-11 17:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 21:39 - 2016-11-11 17:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 21:39 - 2016-11-11 17:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 21:39 - 2016-11-11 17:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 21:39 - 2016-11-11 17:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 21:39 - 2016-11-11 17:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 21:39 - 2016-11-11 17:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 21:39 - 2016-11-11 17:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 21:39 - 2016-11-11 17:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 21:39 - 2016-11-11 17:23 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-09 21:39 - 2016-11-11 17:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 21:39 - 2016-11-11 17:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 21:39 - 2016-11-11 17:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 21:39 - 2016-11-11 17:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 21:39 - 2016-11-11 17:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 21:39 - 2016-11-11 17:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 21:39 - 2016-11-11 17:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 21:39 - 2016-11-11 17:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 21:39 - 2016-11-11 17:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 21:39 - 2016-11-11 17:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 21:39 - 2016-11-11 17:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 21:39 - 2016-11-11 17:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 21:39 - 2016-11-11 17:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 21:39 - 2016-11-11 17:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 21:39 - 2016-11-11 17:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 21:39 - 2016-11-11 17:20 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-09 21:39 - 2016-11-11 17:20 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-09 21:39 - 2016-11-11 17:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 21:39 - 2016-11-11 17:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 21:39 - 2016-11-11 17:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 21:39 - 2016-11-11 17:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 21:39 - 2016-11-11 17:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 21:39 - 2016-11-11 17:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 21:39 - 2016-11-11 17:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 21:39 - 2016-11-11 17:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 21:39 - 2016-11-11 17:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 21:39 - 2016-11-11 17:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 21:39 - 2016-11-11 17:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 21:39 - 2016-11-11 17:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 21:39 - 2016-11-11 17:19 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-09 21:39 - 2016-11-11 17:18 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-09 21:39 - 2016-11-11 17:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 21:39 - 2016-11-11 17:18 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-09 21:39 - 2016-11-11 17:18 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-09 21:39 - 2016-11-11 17:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 21:39 - 2016-11-11 17:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 21:39 - 2016-11-11 17:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 21:39 - 2016-11-11 17:17 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-09 21:39 - 2016-11-11 17:17 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-09 21:39 - 2016-11-11 17:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 21:39 - 2016-11-11 17:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 21:39 - 2016-11-11 17:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 21:39 - 2016-11-11 17:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 21:39 - 2016-11-11 17:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 21:39 - 2016-11-11 17:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 21:39 - 2016-11-11 17:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 21:39 - 2016-11-11 17:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 21:39 - 2016-11-11 17:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 21:39 - 2016-11-11 17:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 21:39 - 2016-11-11 17:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 21:39 - 2016-11-11 17:14 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-09 21:39 - 2016-11-11 17:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 21:39 - 2016-11-11 17:14 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-09 21:39 - 2016-11-11 17:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 21:39 - 2016-11-11 17:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 21:39 - 2016-11-11 17:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 21:39 - 2016-11-11 17:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 21:39 - 2016-11-11 17:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 21:39 - 2016-11-11 17:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 21:39 - 2016-11-11 17:11 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-09 21:39 - 2016-11-11 17:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 21:39 - 2016-11-11 17:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 21:39 - 2016-11-11 17:10 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-09 21:39 - 2016-11-11 17:10 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-09 21:39 - 2016-11-11 17:09 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-09 21:39 - 2016-11-11 17:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 21:39 - 2016-11-11 17:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 21:39 - 2016-11-11 17:08 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-09 21:39 - 2016-11-11 17:08 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 21:39 - 2016-11-11 17:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 21:39 - 2016-11-11 17:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 21:39 - 2016-11-11 17:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 21:39 - 2016-11-11 17:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 21:39 - 2016-11-11 17:07 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-09 21:39 - 2016-11-11 17:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 21:39 - 2016-11-11 17:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 21:39 - 2016-11-11 17:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 21:39 - 2016-11-11 17:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 21:39 - 2016-11-11 17:06 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-09 21:39 - 2016-11-11 17:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 21:39 - 2016-11-11 17:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 21:39 - 2016-11-11 17:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 21:39 - 2016-11-11 17:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 21:39 - 2016-11-11 17:05 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-09 21:39 - 2016-11-11 17:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 21:39 - 2016-11-11 17:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 21:39 - 2016-11-11 17:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-09 21:39 - 2016-11-11 17:04 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-09 21:39 - 2016-11-11 17:04 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-09 21:39 - 2016-11-11 17:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 21:39 - 2016-11-11 17:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-09 21:39 - 2016-11-11 17:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 21:39 - 2016-11-11 17:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 21:39 - 2016-11-11 17:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 21:39 - 2016-11-11 17:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 21:39 - 2016-11-11 17:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 21:39 - 2016-11-11 17:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 21:39 - 2016-11-11 17:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 21:39 - 2016-11-11 17:03 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-09 21:39 - 2016-11-11 17:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 21:39 - 2016-11-11 17:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 21:39 - 2016-11-11 17:03 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-09 21:39 - 2016-11-11 17:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 21:39 - 2016-11-11 17:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 21:39 - 2016-11-11 17:03 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-09 21:39 - 2016-11-11 17:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 21:39 - 2016-11-11 17:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 21:39 - 2016-11-11 17:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 21:39 - 2016-11-11 17:03 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-09 21:39 - 2016-11-11 17:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 21:39 - 2016-11-11 17:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 21:39 - 2016-11-11 17:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 21:39 - 2016-11-11 17:02 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-09 21:39 - 2016-11-11 17:01 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-09 21:39 - 2016-11-11 16:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 21:39 - 2016-11-11 16:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-09 21:39 - 2016-11-11 16:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 21:39 - 2016-11-11 16:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 21:39 - 2016-11-11 16:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 21:39 - 2016-11-11 15:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 21:39 - 2016-11-11 15:56 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-09 21:39 - 2016-11-11 15:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 21:39 - 2016-11-11 15:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 21:39 - 2016-11-11 15:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 21:39 - 2016-11-11 15:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 21:39 - 2016-11-11 15:47 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-09 21:39 - 2016-11-11 15:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 21:39 - 2016-11-11 15:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-09 21:39 - 2016-11-11 15:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-09 21:39 - 2016-11-11 15:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-09 21:39 - 2016-11-11 15:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-09 21:39 - 2016-11-11 15:42 - 06668032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-09 21:39 - 2016-11-11 15:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-09 21:39 - 2016-11-11 15:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 21:39 - 2016-11-11 15:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 21:39 - 2016-11-11 15:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 21:39 - 2016-11-11 15:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 21:39 - 2016-11-11 15:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 21:39 - 2016-11-11 15:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 21:39 - 2016-11-11 15:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 21:39 - 2016-11-11 15:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 21:39 - 2016-11-11 15:26 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-09 21:39 - 2016-11-11 15:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 21:39 - 2016-11-11 15:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 21:39 - 2016-11-11 15:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 21:39 - 2016-11-11 15:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 21:39 - 2016-11-11 15:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 21:39 - 2016-11-11 15:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 21:39 - 2016-11-11 15:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 21:39 - 2016-11-11 15:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-09 21:39 - 2016-11-11 15:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 21:39 - 2016-11-11 15:20 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-09 21:39 - 2016-11-11 15:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-09 21:39 - 2016-11-11 15:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 21:39 - 2016-11-11 15:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-09 21:39 - 2016-11-11 15:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-09 21:39 - 2016-11-11 15:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 21:39 - 2016-11-11 15:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 21:39 - 2016-11-11 15:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 21:39 - 2016-11-11 15:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 21:39 - 2016-11-11 15:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 21:39 - 2016-11-11 15:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 21:39 - 2016-11-11 15:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 21:39 - 2016-11-11 15:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 21:39 - 2016-11-11 15:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 21:39 - 2016-11-11 15:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 21:39 - 2016-11-11 15:17 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-09 21:39 - 2016-11-11 15:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 21:39 - 2016-11-11 15:16 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-09 21:39 - 2016-11-11 15:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 21:39 - 2016-11-11 15:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-09 21:39 - 2016-11-11 15:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 21:39 - 2016-11-11 15:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 21:39 - 2016-11-11 15:14 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-09 21:39 - 2016-11-11 15:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 21:39 - 2016-11-11 15:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-09 21:39 - 2016-11-11 15:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-09 21:39 - 2016-11-11 15:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 21:39 - 2016-11-11 15:10 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-09 21:39 - 2016-11-11 15:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 21:39 - 2016-11-11 15:09 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-09 21:39 - 2016-11-11 15:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 21:39 - 2016-11-11 15:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 21:39 - 2016-11-11 15:06 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-09 21:39 - 2016-11-11 15:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 21:39 - 2016-11-11 15:06 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-09 21:39 - 2016-11-11 15:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 21:39 - 2016-11-11 15:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 21:39 - 2016-11-11 15:05 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-09 21:39 - 2016-11-11 15:04 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-09 21:39 - 2016-11-11 15:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 21:39 - 2016-11-11 15:04 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-09 21:39 - 2016-11-11 15:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 21:39 - 2016-11-11 15:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 21:39 - 2016-11-11 15:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 21:39 - 2016-11-11 15:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 21:39 - 2016-11-11 15:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 21:39 - 2016-11-11 15:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 21:39 - 2016-11-11 15:03 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-09 21:39 - 2016-11-11 15:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 21:39 - 2016-11-11 15:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-09 21:39 - 2016-11-11 15:01 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-09 21:39 - 2016-11-11 14:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-09 21:36 - 2016-12-09 21:46 - 00006029 _____ C:\Users\anime\Downloads\Fixlog.txt
2016-12-08 21:49 - 2016-12-11 20:45 - 00000000 ____D C:\Users\anime\AppData\Local\CrashDumps
2016-12-07 21:22 - 2016-12-07 21:22 - 00000000 ____D C:\Users\anime\Downloads\FRST-OlderVersion
2016-12-07 21:21 - 2016-12-07 21:21 - 00849084 _____ C:\Users\anime\Desktop\RogueKiller.tmp.txt
2016-12-07 01:12 - 2016-12-07 20:12 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-12-07 01:12 - 2016-12-07 01:12 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-07 01:12 - 2016-12-07 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-12-07 01:11 - 2016-12-07 01:12 - 00000000 ____D C:\ProgramData\RogueKiller
2016-12-07 01:11 - 2016-12-07 01:12 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-07 01:10 - 2016-12-07 01:10 - 00011592 _____ C:\Users\anime\Desktop\AdwCleaner[C0].txt
2016-12-07 01:09 - 2016-12-07 01:10 - 00000000 ____D C:\Users\anime\AppData\Roaming\youku
2016-12-07 00:54 - 2016-12-07 01:11 - 34190992 _____ (Adlice Software ) C:\Users\anime\Downloads\setup.exe
2016-12-07 00:52 - 2016-12-07 01:05 - 00000000 ____D C:\AdwCleaner
2016-12-07 00:51 - 2016-12-07 00:52 - 03968464 _____ C:\Users\anime\Downloads\AdwCleaner.exe
2016-12-06 00:08 - 2016-12-06 00:18 - 48312733 _____ C:\Users\anime\Downloads\白月光 00_00_00-00_04_21 [高质量和大小].mp4
2016-12-05 23:34 - 2016-12-05 23:35 - 61880531 _____ C:\Users\anime\Downloads\kodi-16.1-Jarvis-armeabi-v7a.apk
2016-12-05 22:15 - 2016-12-05 22:15 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-05 22:15 - 2016-12-05 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-05 22:14 - 2016-12-05 22:15 - 00000000 ____D C:\Program Files\iTunes
2016-12-05 22:14 - 2016-12-05 22:14 - 00000000 ____D C:\Program Files\iPod
2016-12-05 00:21 - 2016-12-05 00:39 - 441985598 _____ C:\Users\anime\Downloads\老九门 南派三叔cut版 第40集.mp4
2016-12-04 13:36 - 2016-12-04 13:38 - 498861478 _____ C:\Users\anime\Downloads\[Ajin2.com] Ajin Season 2 Episode 9 [720p] [Subbed].mkv
2016-12-02 23:00 - 2016-12-07 21:24 - 00041422 _____ C:\Users\anime\Downloads\Addition.txt
2016-12-02 22:57 - 2016-12-12 21:01 - 00017569 _____ C:\Users\anime\Downloads\FRST.txt
2016-12-02 22:57 - 2016-12-12 20:59 - 00000000 ____D C:\FRST
2016-12-02 22:57 - 2016-12-07 21:22 - 02420224 _____ (Farbar) C:\Users\anime\Downloads\FRST64.exe
2016-12-02 22:50 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\超霸传奇
2016-12-02 22:50 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\legendGame
2016-12-02 22:50 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\37游戏
2016-12-02 22:45 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\soft
2016-12-02 22:45 - 2016-12-02 22:50 - 00000000 ____D C:\Users\anime\AppData\Roaming\data
2016-12-02 22:45 - 2016-12-02 22:45 - 00001217 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\网址导航.lnk
2016-12-02 22:45 - 2016-12-02 22:45 - 00001211 ____R C:\ProgramData\Microsoft\Windows\Start Menu\网址导航.lnk
2016-11-22 23:33 - 2016-12-11 13:05 - 00000000 ____D C:\Users\anime\Downloads\CX Votes
2016-11-22 23:17 - 2016-11-22 23:17 - 00185993 _____ C:\Users\anime\Downloads\[BtTang.com]老九门.全集..EP01-48.2016.HD720P.X264.AAC.Mandarin.CHS.Mp4Ba.torrent
2016-11-20 23:08 - 2016-11-20 23:08 - 00243084 _____ C:\Users\anime\Downloads\estatement_20161101_4524198801691891_SGD.pdf
2016-11-14 21:31 - 2016-11-16 00:38 - 54267947 _____ C:\Users\anime\Downloads\爱剪辑-珍惜.mp4
2016-11-13 22:35 - 2016-11-14 00:57 - 58596181 _____ C:\Users\anime\Downloads\爱剪辑-手掌心.mp4
2016-11-13 15:44 - 2016-11-13 15:44 - 00001113 _____ C:\Users\Public\Desktop\Vegas Pro 13.0 (64-bit).lnk
2016-11-13 15:44 - 2016-11-13 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-11-13 15:43 - 2016-11-13 15:43 - 00000000 ____D C:\ProgramData\Sony
2016-11-13 15:43 - 2016-11-13 15:43 - 00000000 ____D C:\Program Files (x86)\Sony
2016-11-13 15:36 - 2016-11-16 00:46 - 00024845 _____ C:\Users\anime\Downloads\pastlife.mep
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-12 20:46 - 2016-03-13 23:17 - 00000000 ___RD C:\Users\anime\OneDrive
2016-12-12 20:33 - 2016-10-01 17:25 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-12 20:33 - 2016-03-13 23:13 - 00000000 __SHD C:\Users\anime\IntelGraphicsProfiles
2016-12-12 01:49 - 2016-10-01 17:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-12 01:49 - 2016-03-28 23:05 - 00000000 ____D C:\Users\anime\AppData\Roaming\qBittorrent
2016-12-11 23:09 - 2016-03-13 23:58 - 00000000 ____D C:\Users\anime\AppData\Roaming\vlc
2016-12-10 22:06 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-10 14:15 - 2016-10-01 17:30 - 00000000 ____D C:\Users\anime
2016-12-10 12:35 - 2015-10-30 10:17 - 01180550 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-10 12:34 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-10 02:17 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-10 01:18 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-09 22:29 - 2016-08-28 01:53 - 00000000 ___HD C:\ProgramData\winmedll
2016-12-09 22:23 - 2016-08-28 01:57 - 00000000 ____D C:\Users\anime\Downloads\Locale.Emulator.2.2.1.0
2016-12-09 22:16 - 2016-07-10 22:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-09 22:15 - 2015-10-30 10:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-09 22:12 - 2016-10-01 17:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-09 22:12 - 2016-10-01 17:20 - 00394680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-09 22:11 - 2016-07-16 14:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-09 22:10 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-09 22:10 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-09 22:10 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-09 22:10 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-09 22:10 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-09 22:10 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-09 22:10 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-09 22:10 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-09 22:10 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-09 22:10 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-09 22:05 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-09 21:41 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-09 21:36 - 2016-10-19 21:49 - 00000000 ____D C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360极速浏览器
2016-12-09 21:20 - 2016-07-16 19:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-07 21:01 - 2016-11-11 21:10 - 00000000 ____D C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度网盘
2016-12-07 21:01 - 2016-04-14 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2016-12-07 20:58 - 2015-10-30 15:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-07 00:38 - 2016-09-12 21:18 - 00000000 ____D C:\Users\anime\OneDrive\Documents\Tencent Files
2016-12-06 01:24 - 2016-10-22 16:26 - 00000000 ____D C:\Users\anime\Downloads\MobileFile
2016-12-05 22:14 - 2016-03-16 23:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-04 22:44 - 2016-10-17 01:17 - 00000000 ____D C:\Users\anime\AppData\Local\ElevatedDiagnostics
2016-12-04 12:52 - 2016-03-13 23:13 - 00000000 ____D C:\Users\anime\AppData\Local\Packages
2016-12-02 23:27 - 2016-04-10 17:58 - 00000000 ____D C:\Users\anime\AppData\Roaming\BaiduYunKongMing
2016-12-02 22:53 - 2016-11-06 14:36 - 00000000 ____D C:\360极速浏览器下载
2016-12-02 22:50 - 2016-04-06 00:24 - 00000000 ____D C:\Program Files\Unlocker
2016-11-24 23:49 - 2016-04-14 21:33 - 00000000 ____D C:\Users\anime\AppData\Roaming\DVDVideoSoft
2016-11-24 21:48 - 2016-11-01 22:17 - 00001251 _____ C:\Users\anime\Desktop\bilibili投稿工具.lnk
2016-11-23 22:14 - 2016-06-22 13:49 - 00000000 ____D C:\Users\anime\AppData\Roaming\BITS
2016-11-22 21:31 - 2016-11-01 22:19 - 00000000 ____D C:\Users\anime\AppData\Local\Biliugc
2016-11-20 02:28 - 2016-07-04 14:49 - 00000000 ____D C:\Users\anime\Downloads\movie
2016-11-15 21:36 - 2016-07-16 19:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-15 21:35 - 2015-10-30 10:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-15 21:00 - 2016-03-13 23:30 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 21:00 - 2016-03-13 23:30 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 20:36 - 2015-10-30 10:18 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-14 20:36 - 2015-10-30 10:18 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-13 23:27 - 2016-07-31 18:54 - 00000000 ____D C:\FFOutput
2016-11-13 19:23 - 2016-10-01 17:54 - 00003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-13 19:23 - 2016-10-01 17:54 - 00003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-13 15:43 - 2016-09-23 17:16 - 00000000 ____D C:\Users\anime\AppData\Local\Sony
2016-11-13 15:43 - 2016-09-23 17:15 - 00000000 ____D C:\Users\anime\AppData\Roaming\Sony
2016-11-12 02:15 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-12 02:14 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-12 01:40 - 2016-07-10 22:38 - 00000000 ____D C:\Users\anime\Downloads\software
 
==================== Files in the root of some directories =======
 
2016-09-27 16:01 - 2016-09-27 16:01 - 0137160 _____ () C:\Users\anime\AppData\Roaming\moter.exe
2016-11-03 21:10 - 2016-11-03 21:10 - 0076168 _____ (Tencent) C:\Users\anime\AppData\Roaming\S2Q4mOvF.xml
2016-09-12 21:17 - 2016-09-12 21:17 - 0637248 _____ () C:\Users\anime\AppData\Roaming\TXQBINSTX.DLL
2016-10-27 18:10 - 2016-10-27 18:10 - 0076168 _____ (Tencent) C:\Users\anime\AppData\Roaming\z99kP8.dat
2016-07-10 22:44 - 2016-07-10 22:45 - 0000032 _____ () C:\Users\anime\AppData\Local\temp.tmp
2016-10-01 17:25 - 2016-10-01 17:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-10 22:44 - 2016-11-10 22:44 - 0076168 _____ (Tencent) C:\ProgramData\VDi4U.log
 
Some files in TEMP:
====================
C:\Users\anime\AppData\Local\Temp\360ini.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-05 22:50
 
==================== End of FRST.txt ============================

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016

Ran by anime (12-12-2016 21:04:13)
Running from C:\Users\anime\Downloads
Windows 10 Home Version 1607 (X64) (2016-10-01 09:58:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-237224756-2638106951-3263937477-500 - Administrator - Disabled)
anime (S-1-5-21-237224756-2638106951-3263937477-1001 - Administrator - Enabled) => C:\Users\anime
DefaultAccount (S-1-5-21-237224756-2638106951-3263937477-503 - Limited - Disabled)
Guest (S-1-5-21-237224756-2638106951-3263937477-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6D0ADF03-B505-F836-3317-521C40DDB44C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
bilibili投稿工具 1.2.1.5 (HKLM-x32\...\bilibili投稿工具) (Version: 1.2.1.5 - Bilibili)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
FlashGet3.7 (HKLM-x32\...\FlashGet3.7) (Version: 3.7.0.1220 - hxxp://www.FlashGet.com)
FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
Free Dailymotion Download (HKLM-x32\...\Free Dailymotion Download_is1) (Version: 1.0.87.829 - Digital Wave Ltd)
Free Video Editor (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.53.831 - Digital Wave Ltd)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.28.831 - Digital Wave Ltd)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.13.518 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7fdb5c8c-2bc0-49e8-afcb-ae7f4ad526fd}) (Version: 18.12.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{10307C17-F7FD-405D-9F3B-0BF66EA43857}) (Version: 1.0.26920.1393 - Intel Corporation)
iTudou (HKLM-x32\...\iTudou) (Version: 4.1.3.5260 - youkutudou, Inc.)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Maxx Audio Installer (x64) (Version: 2.6.6424.0 - Waves Audio Ltd.) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.279 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2105 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.44 - mIRC Co. Ltd.)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2105 - Microsoft Corporation) Hidden
Product Registration (Version: 3.0.123.0 - Dell Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.32 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
RogueKiller version 12.8.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.4.0 - Adlice Software)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Tencent QQMail Plugin (HKLM-x32\...\QQMailPlugin) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
优酷加速组件 (HKLM-x32\...\YoukuClient) (Version: 6.8.8.4225 - youkutudou, Inc.)
爱剪辑 正式版 V2.9 Build 1600 (HKLM-x32\...\爱剪辑_is1) (Version:  - 爱剪辑)
百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.1 - 百度在线网络技术(北京)有限公司)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.6.18804.0 - 腾讯科技(深圳)有限公司)
腾讯视频 (HKLM-x32\...\qqlive) (Version: 9.14.1503.0 - 腾讯科技(深圳)有限公司)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Users\anime\AppData\Local\360Chrome\Chrome\Application\360chrome.exe (360.cn)
CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{5ed339e2-e6a7-576a-be70-fb9cdbdce50e}\InprocServer32 -> C:\Users\anime\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll (Youku)
CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {091F2D48-190F-45BD-ABCA-6F71CD1DC9D4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {19DD82A8-5AEC-42CA-A9BC-DC3400A8A48F} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {3A0F4655-6955-4AE5-8D39-4F19EF938F1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-13] (Google Inc.)
Task: {5A3DD1FB-A7EF-438F-8E1C-969C95EFEBBC} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-15] (Realtek Semiconductor)
Task: {5A7EB9B2-5D73-4634-B6EE-CBC47E82FA9D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation)
Task: {617D10C4-3C54-4E26-846F-257B6910448E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {75F0A3FF-4C20-4EE3-9CB5-44A0F75D910A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-13] (Dropbox, Inc.)
Task: {8DCABC9E-0CC9-45A4-8B00-6FE883E9087F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-13] (Dropbox, Inc.)
Task: {C5D257D8-A103-41B9-8506-45CC40ED66A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {D3C216DA-14DF-47E9-BD08-D11188FF3287} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D5C8C66D-CF2C-41CE-B82F-9652EB375C23} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-02] (Microsoft Corporation)
Task: {DA3163AA-8535-470A-A5F3-37475610D2D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-13] (Google Inc.)
Task: {E18D3EE1-DD89-4069-BC5A-2A2CA0D15E6C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-02] (Microsoft Corporation)
Task: {E9361B66-21ED-44DA-B9D6-6AFBEDDDD415} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => 46 cmd c sc start Dell Help Support WORKGROUP DESKTOP E1SJRSE
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-16 00:10 - 2016-01-22 16:57 - 00089008 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-09 21:39 - 2016-11-11 18:10 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-09 21:39 - 2016-11-11 18:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-09 21:39 - 2016-11-11 18:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-01 18:39 - 2016-10-01 18:40 - 01864384 _____ () C:\Users\anime\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-05-18 14:34 - 2016-11-15 21:32 - 08919744 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-07-10 22:44 - 2015-10-10 13:00 - 00707624 _____ () C:\Users\anime\AppData\Roaming\ytmediacenter\X64\cmc64.dll
2016-11-19 00:06 - 2016-11-19 00:06 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-19 00:06 - 2016-11-19 00:06 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-19 00:06 - 2016-11-19 00:06 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-10-02 08:56 - 2016-10-02 08:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-09 21:39 - 2016-11-11 17:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 22:42 - 2016-11-02 18:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 22:42 - 2016-11-02 18:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 22:42 - 2016-11-02 18:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 22:42 - 2016-11-02 18:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 22:42 - 2016-11-02 18:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-23 22:20 - 2016-11-23 22:20 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 22:20 - 2016-11-23 22:20 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 14:34 - 2016-06-03 14:34 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 22:20 - 2016-11-23 22:20 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 22:20 - 2016-11-23 22:20 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-09-09 08:32 - 2016-09-09 08:32 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-24 07:26 - 2015-06-24 07:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-08-14 17:17 - 2015-08-14 17:17 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-10-25 21:10 - 2016-09-06 12:00 - 05197312 _____ () C:\Users\anime\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-10-25 21:10 - 2016-09-06 12:00 - 00147456 _____ () C:\Users\anime\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 15:24 - 2016-12-09 21:36 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\anime\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{33490b3b-30b1-405a-b8a9-97e3bc331008}.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{D06D8BD7-865D-4DF4-A8CE-6416C677F990}] => C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe
FirewallRules: [{C8A3A4F2-5644-472E-81C2-A767B21C5DF1}] => C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe
FirewallRules: [{A995748A-2B4B-473C-92DE-887B35459E58}] => C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{CFD6DA82-EE0D-44C2-9359-914E52D66F7F}] => C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{B67F6CA5-0DAF-41F1-8964-965BBF660E81}] => C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{4FEFFFF1-31D8-4119-B85B-FE9C9D586BC4}] => C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe
FirewallRules: [{84A4D898-6E56-41AF-86E0-F000D0E214A9}] => C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe
FirewallRules: [UDP Query User{BA34E2CA-A805-4AEA-AC96-E6F0C29391B0}C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe] => C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe
FirewallRules: [TCP Query User{67502020-3286-4A7F-A4DB-BDDE6089A535}C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe] => C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe
FirewallRules: [{AB548649-3BA3-436D-855F-F1BD7E1C7285}] => C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{A2B1BA52-D1E4-4FA3-A093-616809861DE5}] => C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{A340E2E6-0A2A-44EA-8879-6559625FA35F}] => C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\QyKernel.exe
FirewallRules: [UDP Query User{B58A4805-7A53-40FB-99E9-FF1BBDDAC8CF}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [TCP Query User{500DC2A9-9D08-4159-B7A9-B6F1F453A989}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{58CAD0C8-E283-4DDF-AEF8-813AA033E55A}C:\program files (x86)\youku\tudouclient\ikuacc.exe] => C:\program files (x86)\youku\tudouclient\ikuacc.exe
FirewallRules: [TCP Query User{47F09CDF-D1CD-4FCA-B2DC-9C30D48F394D}C:\program files (x86)\youku\tudouclient\ikuacc.exe] => C:\program files (x86)\youku\tudouclient\ikuacc.exe
FirewallRules: [{A75B1901-529B-433A-9CAA-863EB39AB54B}] => C:\Users\anime\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{C24D7DEE-5461-4030-9392-2A54301FBEC0}] => C:\Users\anime\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{EE9E87C5-F22C-4AA3-90FD-AFF503995DF0}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6C81AA42-F63A-4691-A58E-56973953A9AB}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D67F5874-8A60-41F4-8E80-71B5415FCBF0}] => C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{507D1A2A-E61E-41BA-A82D-7A3C39CEA7A7}] => C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{FBFBD67E-724F-4D26-81BD-12D8A5255206}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E3A30A46-0ECA-46C9-95B1-3C1AF0505E8F}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C1E9DA29-41EC-40F6-B97E-2328AFC429F4}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62AC644E-4CDC-4BCE-9EB4-826DA458A12B}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6BBEF57-CBF4-4A9F-A59E-BAC4623F0799}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0EDBF77-BAB8-41EB-988F-C1919CA62F5A}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8F206199-C3AA-4CEF-9700-E1BB0FE03D08}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{278D7CCF-6833-461F-86FE-8CE6468F1F76}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{528ABAA3-C740-4CA1-A6F3-44980269099A}C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe] => C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe
FirewallRules: [UDP Query User{30A36D7A-8903-47D9-87BA-048289453AC7}C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe] => C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe
FirewallRules: [{47E551BD-CCED-434E-BDB6-8DCF6C83F69F}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{5FAD4C07-5ED3-433B-AB43-4E8026E691A3}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{6323DF21-B831-420A-8896-5745FD420CDE}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{024E9001-4C13-425A-A196-887ECD4646DC}] => C:\users\anime\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
FirewallRules: [{E3254C7C-3284-45E9-B902-5D80DC92309F}] => C:\users\anime\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
FirewallRules: [{0F9A1544-AE02-4EF7-9B70-6751E7B7BCC5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ABFBA8EA-B1BC-41C5-8BE6-9E0D426028DB}] => C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
 
==================== Restore Points =========================
 
27-11-2016 22:22:41 Scheduled Checkpoint
04-12-2016 23:41:47 Scheduled Checkpoint
09-12-2016 21:51:20 Windows Update
12-12-2016 20:44:57 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/12/2016 08:45:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (12/11/2016 08:45:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1611.18000, time stamp: 0x582f93e9
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.479, time stamp: 0x58258ce8
Exception code: 0xc000027b
Fault offset: 0x00000000006d675b
Faulting process ID: 0x20c
Faulting application start time: 0x01d253aad68943ff
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: 3e4dd526-06b5-411a-a11b-9d6186a5186a
Faulting package full name: Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (12/11/2016 08:15:33 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
 
Details:
(HRESULT : 0x80040210) (0x80040210)
 
Error: (12/10/2016 10:56:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-E1SJRSE)
Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (12/10/2016 10:56:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-E1SJRSE)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147417836 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/10/2016 02:14:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.14393.0, time stamp: 0x57899b96
Faulting module name: combase.dll, version: 10.0.14393.479, time stamp: 0x582589b6
Exception code: 0xc0000005
Fault offset: 0x0000000000054cf8
Faulting process ID: 0x1ef0
Faulting application start time: 0x01d2529e7ccc7931
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report ID: 72eaf457-884c-409a-b7c2-3f7b2725dd16
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/09/2016 10:18:48 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/09/2016 10:17:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.14393.0, time stamp: 0x57899082
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc0000005
Fault offset: 0x00026dc9
Faulting process ID: 0x21e0
Faulting application start time: 0x01d25226f342b034
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 7f6d7309-ec9b-469a-9f49-2e89a31b9065
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/09/2016 10:12:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelCpHDCPSvc.exe, version: 1.0.0.1, time stamp: 0x572a4b65
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process ID: 0x990
Faulting application start time: 0x01d252264eaf0ace
Faulting application path: C:\WINDOWS\system32\IntelCpHDCPSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 0d93d6b3-3e07-45b2-a1aa-de523fcb48b8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/09/2016 09:51:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service WebServeTD since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (12/12/2016 08:33:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/12/2016 08:33:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/12/2016 08:33:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/11/2016 08:16:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/11/2016 08:16:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/11/2016 08:16:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/11/2016 12:40:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/11/2016 12:40:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/11/2016 12:40:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/11/2016 01:52:26 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E1SJRSE)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-12 21:04:12.299
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-12 21:04:12.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-10 22:22:08.532
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-08 21:11:50.328
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 21:22:06.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 21:22:06.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 21:06:05.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 20:30:07.861
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 20:30:07.859
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-07 20:29:35.235
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 32%
Total physical RAM: 8078.59 MB
Available physical RAM: 5416.26 MB
Total Virtual: 9358.59 MB
Available Virtual: 6554.12 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:453.8 GB) (Free:361.87 GB) NTFS
Drive e: (Jun) (Fixed) (Total:931.51 GB) (Free:148.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: ACA86A48)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 721E5F28)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
 
==================== End of Addition.txt ============================


#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:58 AM

Posted 12 December 2016 - 05:57 PM

Hi Shinn,

I have to admit that I find it very hard searching the entries/programs with what looks like Chinese characters.
It's hard to determine whether to leave them or remove them.

I'll remove the obvious ones ( leftovers from other tool removals ) and I'll also remove the firewall rules relating to them.

Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\anime\Downloads.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

Let's see if this clears the problem.

Attached Files


BBPP6nz.png


#15 shinn

shinn
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:58 PM

Posted 13 December 2016 - 10:20 AM

Hi, I must say it doesn't help in removing that "drive". I wonder why it is this stubborn.

 

In any case thanks so much for the help, here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by anime (13-12-2016 22:57:20) Run:2
Running from C:\Users\anime\Downloads
Loaded Profiles: anime (Available Profiles: anime)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\...\Run: [BaiduYunDetect] => "C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe"
SearchScopes: HKU\S-1-5-21-237224756-2638106951-3263937477-1001 -> DefaultScope {4FAEC076-D28A-4595-AA05-9C112B544941} URL = 
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [No File]
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [No File]
S2 Bonjour Service; C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\mDNSResponder.exe [X]
2016-12-09 22:16 - 2016-07-10 22:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-09 21:36 - 2016-10-19 21:49 - 00000000 ____D C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360极速浏览器
2016-12-02 23:27 - 2016-04-10 17:58 - 00000000 ____D C:\Users\anime\AppData\Roaming\BaiduYunKongMing
2016-12-02 22:53 - 2016-11-06 14:36 - 00000000 ____D C:\360极速浏览器下载
2016-09-27 16:01 - 2016-09-27 16:01 - 0137160 _____ () C:\Users\anime\AppData\Roaming\moter.exe
2016-07-10 22:44 - 2016-07-10 22:45 - 0000032 _____ () C:\Users\anime\AppData\Local\temp.tmp
2016-11-03 21:10 - 2016-11-03 21:10 - 0076168 _____ (Tencent) C:\Users\anime\AppData\Roaming\S2Q4mOvF.xml
2016-10-27 18:10 - 2016-10-27 18:10 - 0076168 _____ (Tencent) C:\Users\anime\AppData\Roaming\z99kP8.dat
2016-11-10 22:44 - 2016-11-10 22:44 - 0076168 _____ (Tencent) C:\ProgramData\VDi4U.log
C:\Users\anime\AppData\Local\Temp\360ini.dll
CustomCLSID: HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Users\anime\AppData\Local\360Chrome\Chrome\Application\360chrome.exe (360.cn)
C:\Users\anime\AppData\Local\360Chrome\Chrome\Application\360chrome.exe
FirewallRules: [{D06D8BD7-865D-4DF4-A8CE-6416C677F990}] => C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe
FirewallRules: [{C8A3A4F2-5644-472E-81C2-A767B21C5DF1}] => C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe
FirewallRules: [{A995748A-2B4B-473C-92DE-887B35459E58}] => C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{CFD6DA82-EE0D-44C2-9359-914E52D66F7F}] => C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{B67F6CA5-0DAF-41F1-8964-965BBF660E81}] => C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{4FEFFFF1-31D8-4119-B85B-FE9C9D586BC4}] => C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe
FirewallRules: [{84A4D898-6E56-41AF-86E0-F000D0E214A9}] => C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe
FirewallRules: [UDP Query User{BA34E2CA-A805-4AEA-AC96-E6F0C29391B0}C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe] => C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe
FirewallRules: [TCP Query User{67502020-3286-4A7F-A4DB-BDDE6089A535}C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe] => C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe
FirewallRules: [{A340E2E6-0A2A-44EA-8879-6559625FA35F}] => C:\Program Files (x86)\IQIYI Video\LStyle\5.3.21.2675\QyKernel.exe
FirewallRules: [{D67F5874-8A60-41F4-8E80-71B5415FCBF0}] => C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{507D1A2A-E61E-41BA-A82D-7A3C39CEA7A7}] => C:\Users\anime\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [TCP Query User{528ABAA3-C740-4CA1-A6F3-44980269099A}C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe] => C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe
FirewallRules: [UDP Query User{30A36D7A-8903-47D9-87BA-048289453AC7}C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe] => C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe
FirewallRules: [{024E9001-4C13-425A-A196-887ECD4646DC}] => C:\users\anime\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
FirewallRules: [{E3254C7C-3284-45E9-B902-5D80DC92309F}] => C:\users\anime\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
C:\Users\anime\AppData\Roaming\baidu
C:\Program Files (x86)\IQIYI Video
C:\program files (x86)\common files\tencent
C:\Users\anime\AppData\Local\360Chrome
CMD: ipconfig /flushdns
EmptyTemp:
 
 
 
*****************
 
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BaiduYunDetect => value removed successfully
HKU\S-1-5-21-237224756-2638106951-3263937477-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1" => key removed successfully
Bonjour Service => service removed successfully
 
"C:\ProgramData\boost_interprocess" folder move:
 
Could not move "C:\ProgramData\boost_interprocess" => Scheduled to move on reboot.
 
C:\Users\anime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360极速浏览器 => moved successfully
C:\Users\anime\AppData\Roaming\BaiduYunKongMing => moved successfully
C:\360极速浏览器下载 => moved successfully
C:\Users\anime\AppData\Roaming\moter.exe => moved successfully
C:\Users\anime\AppData\Local\temp.tmp => moved successfully
C:\Users\anime\AppData\Roaming\S2Q4mOvF.xml => moved successfully
C:\Users\anime\AppData\Roaming\z99kP8.dat => moved successfully
C:\ProgramData\VDi4U.log => moved successfully
C:\Users\anime\AppData\Local\Temp\360ini.dll => moved successfully
"HKU\S-1-5-21-237224756-2638106951-3263937477-1001_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}" => key removed successfully
C:\Users\anime\AppData\Local\360Chrome\Chrome\Application\360chrome.exe => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D06D8BD7-865D-4DF4-A8CE-6416C677F990} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8A3A4F2-5644-472E-81C2-A767B21C5DF1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A995748A-2B4B-473C-92DE-887B35459E58} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CFD6DA82-EE0D-44C2-9359-914E52D66F7F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B67F6CA5-0DAF-41F1-8964-965BBF660E81} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FEFFFF1-31D8-4119-B85B-FE9C9D586BC4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84A4D898-6E56-41AF-86E0-F000D0E214A9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BA34E2CA-A805-4AEA-AC96-E6F0C29391B0}C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{67502020-3286-4A7F-A4DB-BDDE6089A535}C:\program files (x86)\iqiyi video\lstyle\5.3.21.2675\qiyiservice.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A340E2E6-0A2A-44EA-8879-6559625FA35F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D67F5874-8A60-41F4-8E80-71B5415FCBF0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{507D1A2A-E61E-41BA-A82D-7A3C39CEA7A7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{528ABAA3-C740-4CA1-A6F3-44980269099A}C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{30A36D7A-8903-47D9-87BA-048289453AC7}C:\users\anime\appdata\local\360chrome\chrome\application\360chrome.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{024E9001-4C13-425A-A196-887ECD4646DC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3254C7C-3284-45E9-B902-5D80DC92309F} => value removed successfully
C:\Users\anime\AppData\Roaming\baidu => moved successfully
"C:\Program Files (x86)\IQIYI Video" => not found.
"C:\program files (x86)\common files\tencent" => not found.
C:\Users\anime\AppData\Local\360Chrome => moved successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 48734024 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 1572077 B
Edge => 0 B
Chrome => 535868355 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
anime => 95274507 B
 
RecycleBin => 940650 B
EmptyTemp: => 650.8 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-12-2016 23:17:15)
 
C:\ProgramData\boost_interprocess => Is moved successfully
 
==== End of Fixlog 23:17:15 ====





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users