Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help with Smart Service Trojan Removal


  • This topic is locked This topic is locked
31 replies to this topic

#1 lucyq

lucyq

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 13 November 2017 - 05:55 PM

Hi  I needed help!

 

1. First note of problem was Window Defender Security Center - Virus & Threat Protection Service has a RED cross on it and also said that the threat service has stopped and need to restart.  

2. When I tried to restart the service, no matter every which way I tried, nothing happened.

3. Then a business email came in with supposedly corrupted attachment, I know I must do something.

4. I downloaded a anti virus software on line but was NOT able to open it, giving me the ErrorCode 0x800700AA and also "The requested resource is in use".

5. Thats when I found on line this link 

https://www.bleepingcomputer.com/virus-removal/remove-the-requested-resource-is-in-use-error#self-help

6. I followed the instruction and downloaded all the software that is needed.

7. I tried to start the first software Malwaresbytes and the same error show up so I can not open the first software.

 

At this point, I am not confident to try anything else, so I found the Preparation Guide for posting and have now got the FRST.txt log & also Addition.txt log which I will paste at the end of this message.

 

Thank you in advance for helping me.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by Traveltek (administrator) on TRAVELTEK (13-11-2017 12:57:44)
Running from C:\Users\Traveltek\Downloads
Loaded Profiles: Traveltek (Available Profiles: Traveltek)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\acerIR\IRSrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(深圳腾讯科技有限公司) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.7\QQMicroGameBoxService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Alibaba (China) Co., LTD. All rights reserved.) C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
() C:\Windows\System32\tprdpw64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(深圳腾讯科技有限公司) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.7\QQMGBWebserver.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe
(ITE Tech. Inc.) C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe
(Corp) C:\Program Files\acerIR\IRListenApp.exe
() C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Tencent) C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe
() C:\Program Files\WindowsApps\Microsoft.People_10.2.2791.0_x64__8wekyb3d8bbwe\PeopleApp.exe
(Tencent) C:\Program Files\Tencent\QQ\Bin\QQExternal.exe
(Tencent) C:\Program Files\Tencent\QQ\Bin\QQ.exe
(Tencent) C:\Program Files\Tencent\QQ\Bin\QQExternal.exe
() C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\XboxApp.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16412952 2015-10-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416464 2015-10-12] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM-x32\...\Run: [CIRAP] => C:\Program Files (x86)\ITE\ITE Infrared Transceiver\CIRAP.exe [604304 2012-07-06] (ITE Tech. Inc.)
HKLM-x32\...\Run: [IRApp] => C:\Program Files\acerIR\IRListenApp.exe [359424 2012-05-14] (Corp)
HKLM-x32\...\Run: [svcvmx] => C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [936960 2017-10-01] () <==== ATTENTION
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCTRAY.EXE [361888 2017-11-13] (Tencent)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [11264 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\Run: [QQ2009] => C:\Program Files\Tencent\QQ\Bin\QQ.exe [109888 2017-03-05] (Tencent)
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2418392 2016-09-09] (Acer)
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\Run: [BaiduYunGuanjia] => C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe [7824928 2017-09-08] ()
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\Run: [BaiduYunDetect] => C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe [1119776 2017-09-08] ()
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\Run: [ApowersoftScreenRecorder] => C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe /autoStart
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\Run: [Google Update] => C:\Users\Traveltek\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-09-25] (Google Inc.)
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\Run: [Wechat] => C:\Program Files (x86)\Tencent\WeChat\WeChat.exe [490688 2017-10-30] (Tencent)
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\RunOnce: [Uninstall 17.3.6998.0830_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Traveltek\AppData\Local\Microsoft\OneDrive\17.3.6998.0830_2\amd64"
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\RunOnce: [Uninstall 17.3.6998.0830_2] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Traveltek\AppData\Local\Microsoft\OneDrive\17.3.6998.0830_2"
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\RunOnce: [Uninstall 17.3.7073.1013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Traveltek\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64"
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\RunOnce: [Uninstall 17.3.7073.1013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Traveltek\AppData\Local\Microsoft\OneDrive\17.3.7073.1013"
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\RunOnce: [Uninstall 17.3.7074.1023\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Traveltek\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64"
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\RunOnce: [Uninstall 17.3.7074.1023] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Traveltek\AppData\Local\Microsoft\OneDrive\17.3.7074.1023"
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [804352 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-09-26]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2016-09-15]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe (Mediatek Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-04-05]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2732464303-3820448205-2966217774-1001] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{49e53039-627f-42a4-9d38-e208784a2ed0}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{a334c80d-c783-42e6-983c-de134eb81e39}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{cad9e6e4-d46f-4449-aaad-b0b81e46f521}: [NameServer] 82.163.142.8,95.211.158.136
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kngo_17_28&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtC0DtC0B0FtDtDyEzz0EtAtN0D0Tzu0StBtDtBtBtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyCtBzytAyC0FyEtGtD0E0B0EtG0AyD0CyBtGyCtA0F0AtGtB0FyC0ByE0F0ByCzy0DtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytD0DtAtCzytBtG0CyCyD0BtGyEtDyDyBtGzz0DyEyDtGyCyC0EyDtAtBtAyDyC0C0A0B2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D1360736660%26a%3Dwbf_kngo_17_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kngo_17_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtC0DtC0B0FtDtDyEzz0EtAtN0D0Tzu0StBtDtBtBtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyCtBzytAyC0FyEtGtD0E0B0EtG0AyD0CyBtGyCtA0F0AtGtB0FyC0ByE0F0ByCzy0DtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytD0DtAtCzytBtG0CyCyD0BtGyEtDyDyBtGzz0DyEyDtGyCyC0EyDtAtBtAyDyC0C0A0B2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D1360736660%26a%3Dwbf_kngo_17_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kngo_17_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtC0DtC0B0FtDtDyEzz0EtAtN0D0Tzu0StBtDtBtBtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyCtBzytAyC0FyEtGtD0E0B0EtG0AyD0CyBtGyCtA0F0AtGtB0FyC0ByE0F0ByCzy0DtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytD0DtAtCzytBtG0CyCyD0BtGyEtDyDyBtGzz0DyEyDtGyCyC0EyDtAtBtAyDyC0C0A0B2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D1360736660%26a%3Dwbf_kngo_17_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kngo_17_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtC0DtC0B0FtDtDyEzz0EtAtN0D0Tzu0StBtDtBtBtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyCtBzytAyC0FyEtGtD0E0B0EtG0AyD0CyBtGyCtA0F0AtGtB0FyC0ByE0F0ByCzy0DtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytD0DtAtCzytBtG0CyCyD0BtGyEtDyDyBtGzz0DyEyDtGyCyC0EyDtAtBtAyDyC0C0A0B2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D1360736660%26a%3Dwbf_kngo_17_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kngo_17_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztD0FyEtC0DtC0B0FtDtDyEzz0EtAtN0D0Tzu0StBtDtBtBtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyCtBzytAyC0FyEtGtD0E0B0EtG0AyD0CyBtGyCtA0F0AtGtB0FyC0ByE0F0ByCzy0DtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzytD0DtAtCzytBtG0CyCyD0BtGyEtDyDyBtGzz0DyEyDtGyCyC0EyDtAtBtAyDyC0C0A0B2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D1360736660%26a%3Dwbf_kngo_17_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> DefaultScope {3D8B4390-0AF1-440A-9B59-8F69A66B8CCB} URL = hxxp://www.google.com.hk/search?hl=zh-CN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> {0347CA93-95E4-4627-BA13-72D4FAA39B9C} URL = 
SearchScopes: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.google.com.hk/search?hl=zh-CN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> {3D0C8728-B0E6-436D-AD3D-9A33C369ED44} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> {3D8B4390-0AF1-440A-9B59-8F69A66B8CCB} URL = hxxp://www.google.com.hk/search?hl=zh-CN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=98012088_2_dg&ch=1&ie=utf-8
SearchScopes: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> {5CE25775-92B7-477d-9603-852F0B34D8B0} URL = hxxps://www.sogou.com/sogou?query={searchTerms}&pid=sogou-wsse-91e50fe1e39af286
SearchScopes: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> {876213A5-6C4E-11E5-8262-54271EFD3BB7} URL = hxxps://secure.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\TSWebMon64.dat [2017-11-13] (Tencent)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Traveltek\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2017-10-31] (Tencent)
Toolbar: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2015-11-04] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
 
Edge: 
======
Edge Extension: (OneNote Web Clipper) -> EdgeExtension_MicrosoftOneNoteWebClipper_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OneNoteWebClipper_3.7.5.0_neutral__8wekyb3d8bbwe [2017-09-21]
 
FireFox:
========
FF DefaultProfile: 69rijodi.default
FF ProfilePath: C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default [2017-05-10]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\69rijodi.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\69rijodi.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\69rijodi.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\69rijodi.default -> hxxp://hk.yahoo.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\69rijodi.default -> hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=502468&p=
FF Extension: (Easy Screenshot) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\Extensions\easyscreenshot@mozillaonline.com [2016-12-08]
FF Extension: (United States English Spellchecker) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-19]
FF Extension: (Firefox Hotfix) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-03-08]
FF Extension: (High Definition Video) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\Extensions\hdv@vovcacik.addons.mozilla.org.xpi [2016-06-02]
FF Extension: (hot-translate) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\Extensions\jid1-0kYwsIOqR8Ao0w@jetpack.xpi [2015-10-07]
FF Extension: (English (US) Language Pack) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-05-10]
FF Extension: (Google Translator for Firefox) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\Extensions\translator@zoli.bod.xpi [2017-05-10]
FF Extension: (Locator) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\Extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}.xpi [2016-06-02]
FF Extension: (Map With Google) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\Extensions\{74591c01-3a7f-469e-ad4e-5d8d708dc4c5}.xpi [2016-01-27]
FF Extension: (YouTube™ Anywhere Player) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\Extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} [2016-03-21]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\features\{e1e718db-2163-468c-afa8-10d2a33f15c2}\malware-remediation@mozilla.org.xpi [2017-03-08]
FF SearchPlugin: C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\searchplugins\bing-lavasoft.xml [2015-11-04]
FF SearchPlugin: C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\searchplugins\McSiteAdvisor.xml [2016-03-23]
FF SearchPlugin: C:\Users\Traveltek\AppData\Roaming\Mozilla\Firefox\Profiles\69rijodi.default\searchplugins\yahoo_ff.xml [2016-01-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll [No File]
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @alipay.com/NPComBrg701,version=1.0.2011.701 -> C:\WINDOWS\system32\itruscert\NPComBrg701.dll [No File]
FF Plugin-x32: @baidu.com/npBdyyPlugin -> C:\Program Files (x86)\baidu\BaiduPlayer\4.1.6.45\npbdyy.dll [No File]
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\npxbdcntb.dll [No File]
FF Plugin-x32: @baidu.com/npxbdsetup -> C:\WINDOWS\Downloaded Program Files\-667016625\npxbdsetup.dll [2012-12-25] ()
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\npYunWebDetect.dll [2017-09-08] (Baidu.com, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-08] (Intel Corporation)
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @kingsfot.com/npkws -> C:\kinggsoft\kduu_ba\sp7\npkws.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [No File]
FF Plugin-x32: @qq.com/npQQGameAssist -> C:\Program Files\Tencent\QQGame\npQQGameAssistPlugin.dll [2016-03-04] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2015-12-21] (Tencent)
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQMusicHelper -> C:\Program Files (x86)\Tencent\QQMusicHelper\QQMusicHelper1257.12.7.37\npQQMusicHelper.dll [2016-04-13] (Tencent)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\npQMExtensionsMozilla.dll [2017-11-13] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2016-02-25] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.5.14\Bin\npSSOAxCtrlForPTLogin.dll [2016-10-31] (Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-22] (VideoLAN)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2016-01-01] (Thunder Networking Technologies,LTD)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @1.qq.com/npqqwebgame -> C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.7\npqqwebgame.dll [No File]
FF Plugin HKU\S-1-5-21-2732464303-3820448205-2966217774-1001: @1.qq.com/npqqwebgame -> C:\Users\Traveltek\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.4\npqqwebgame.dll [2015-12-17] ( )
FF Plugin HKU\S-1-5-21-2732464303-3820448205-2966217774-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.10.24C\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-2732464303-3820448205-2966217774-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.10.24C\npwangwang.dll [No File]
FF Plugin HKU\S-1-5-21-2732464303-3820448205-2966217774-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Traveltek\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-2732464303-3820448205-2966217774-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2732464303-3820448205-2966217774-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin HKU\S-1-5-21-2732464303-3820448205-2966217774-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Traveltek\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-2732464303-3820448205-2966217774-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Traveltek\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-2732464303-3820448205-2966217774-1001: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2016-01-01] (Thunder Networking Technologies,LTD)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://us-mg5.mail.yahoo.com/neo/launch?.partner=sbc
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://aedkhfebajhgpapklkfjajgkjhgkjcdb/newtab.html", Not-active:"chrome-extension://pilplloabdedfmialnfchjomjmpjcoej/index.html"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default [2017-11-13]
CHR Extension: (Google Translate) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-24]
CHR Extension: (Yahoo雅虎香港首頁) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aedkhfebajhgpapklkfjajgkjhgkjcdb [2017-09-14]
CHR Extension: (Translator for all languages) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdeidgbmcliegnpcbbkhlflkbdpomhk [2017-06-28]
CHR Extension: (Google Drive) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-02]
CHR Extension: (WhatsChrome) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-04-01]
CHR Extension: (Skype Calling) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-09-17]
CHR Extension: (YouTube) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Pushbullet) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2017-10-08]
CHR Extension: (OneTab) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-03-04]
CHR Extension: (OneNote Online) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciniambnphakdoflgeamacamhfllbkmo [2016-08-18]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2016-05-26]
CHR Extension: (Google Search) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-02]
CHR Extension: (Search by Image (by Google)) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-21]
CHR Extension: (Erase Text in PDF In Docs - PDFfiller) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efoogehhojbmjlolpklpbfpblfogidfm [2017-08-11]
CHR Extension: (Gmail Offline) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-09-12]
CHR Extension: (Highlight to Search) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg [2016-03-18]
CHR Extension: (Google Docs Offline) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-16]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2017-10-08]
CHR Extension: (DocuSign - Secure Electronic Signature) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\goblijolcnempeilmnkmfbhohlpngemd [2017-09-07]
CHR Extension: (AirDroid) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2016-11-21]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-11-10]
CHR Extension: (Image to PDF Converter) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahkhcpdjkgmcoipaahmngpgceipmela [2016-04-04]
CHR Extension: (看帖神器) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaflkoljjagejohlfblhgpmnhgdnpfdm [2017-11-12]
CHR Extension: (Image to PDF Converter - Smallpdf.com) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflcghnbgimnchdeclacccpgembnigmb [2016-04-04]
CHR Extension: (Tabs saver) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmabfaomlcjlnplkoflgenkmmpilmead [2016-04-07]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-12-15]
CHR Extension: (Google Input Tools) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab [2017-11-10]
CHR Extension: (Pocket) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-03-23]
CHR Extension: (Wikibuy) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-11-09]
CHR Extension: (Save to Pocket) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (电脑管家上网防护) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-09-11]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-10-08]
CHR Extension: (Search Manager) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-08-02]
CHR Extension: (Gmail) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-26]
CHR Profile: C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-30]
CHR Extension: (Google Slides) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-16]
CHR Extension: (Google Docs) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-16]
CHR Extension: (Google Drive) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-16]
CHR Extension: (YouTube) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-16]
CHR Extension: (Google Sheets) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-16]
CHR Extension: (Google Docs Offline) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-16]
CHR Extension: (Skype) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-16]
CHR Extension: (Gmail) - C:\Users\Traveltek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-16]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfiffgabjbekpgjooidfnbiilclaibj] - c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <==== ATTENTION
 
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2016-12-08] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-29] (Acer Incorporated)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-08] (Intel Corporation)
R2 IRSrv; C:\Program Files\acerIR\IRSrv.exe [179712 2012-05-10] () [File not signed]
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-08] (Intel Corporation)
R2 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [405136 2014-12-04] (Mediatek Inc.)
R2 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-12-04] (Mediatek Inc.)
S3 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.) [File not signed]
S3 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.) [File not signed]
R2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [115104 2017-10-31] (Tencent)
R2 QQMicroGameBoxService; C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.7\QQMicroGameBoxService.exe [53352 2016-03-09] (深圳腾讯科技有限公司)
S2 QQPCRtp; C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCRtp.exe [315512 2017-11-13] (Tencent)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2016-12-08] () [File not signed]
R2 TBSecSvc; C:\Program Files (x86)\TaobaoProtect\TBSecSvc.exe [227296 2016-08-11] (Alibaba (China) Co., LTD. All rights reserved.)
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-10] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe [474768 2017-03-01] (Wondershare)
S2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [180592 2016-01-01] (ShenZhen Xunlei Networking Technologies,LTD)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AntiRkX64; C:\WINDOWS\System32\Drivers\AntiRKX64.sys [48632 2016-09-11] (Tencent)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2016-12-08] (Broadcom Corporation.)
R3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2016-03-07] (ITE Tech. Inc. )
S3 KNBDrv; C:\WINDOWS\system32\drivers\KNBDrv.sys [121136 2016-11-22] (Kingsoft Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 PQAWRwa; C:\Windows\SysWOW64\OSDSrv\PQAWDrv.sys [10464 2011-09-08] () [File not signed]
S3 QDAntiDrv; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QDAntiDrv64.sys [57464 2016-06-27] (Tencent)
R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMUdisk64_ev.sys [192240 2017-11-13] (Tencent)
S3 Rockusb; C:\WINDOWS\System32\drivers\rockusb.sys [71480 2015-04-18] (Fuzhou Rockchip Electronics Co,Ltd.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-11-20] (Realtek )
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [38504 2014-03-25] (Windows ® Codename Longhorn DDK provider)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-31] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFltX64_ev.sys [97008 2017-11-13] (电脑管家)
R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\TSSysKit64_EV.sys [107248 2017-11-13] (电脑管家)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 XLGuard; C:\WINDOWS\System32\drivers\XLGuard.sys [28432 2015-10-20] (深圳市迅雷网络技术有限公司)
R2 XLWFP; C:\WINDOWS\System32\drivers\xlwfp.sys [56080 2015-08-30] (深圳市迅雷网络技术有限公司)
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION
S1 htjpiwcp; \??\C:\WINDOWS\system32\drivers\htjpiwcp.sys [X]
S1 vqybwlck; \??\C:\WINDOWS\system32\drivers\vqybwlck.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-13 12:57 - 2017-11-13 13:00 - 000044286 _____ C:\Users\Traveltek\Downloads\FRST.txt
2017-11-13 12:57 - 2017-11-13 12:57 - 000000000 ____D C:\FRST
2017-11-13 12:56 - 2017-11-13 12:56 - 002392576 _____ (Farbar) C:\Users\Traveltek\Downloads\FRST64.exe
2017-11-13 12:35 - 2017-11-13 12:35 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Traveltek\Downloads\mbar-1.10.3.1001.exe
2017-11-13 12:30 - 2017-11-13 12:30 - 004002104 _____ (Secunia) C:\Users\Traveltek\Desktop\PSISetup.exe
2017-11-13 12:29 - 2017-11-13 12:29 - 011599632 _____ (SurfRight B.V.) C:\Users\Traveltek\Desktop\HitmanPro_x64.exe
2017-11-13 12:29 - 2017-11-13 12:29 - 008261584 _____ (Malwarebytes) C:\Users\Traveltek\Desktop\AdwCleaner.exe
2017-11-13 12:28 - 2017-11-13 12:28 - 078346672 _____ (Malwarebytes ) C:\Users\Traveltek\Desktop\mb3-setup-1878.1878-3.3.1.2183.exe
2017-11-13 12:27 - 2017-11-13 12:27 - 005766464 _____ (Zemana Ltd. ) C:\Users\Traveltek\Desktop\eXplorer.exe
2017-11-13 12:26 - 2017-11-13 12:26 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Traveltek\Desktop\mbar-1.09.3.1001.exe
2017-11-13 12:26 - 2017-11-13 12:26 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Traveltek\Desktop\rkill.exe
2017-11-13 11:15 - 2017-11-13 11:15 - 000001108 _____ C:\Users\Public\Desktop\软件管理.lnk
2017-11-13 11:10 - 2017-11-13 11:10 - 000002083 _____ C:\Users\Public\Desktop\电脑管家.lnk
2017-11-13 11:10 - 2017-11-13 11:09 - 000097008 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64_ev.sys
2017-11-13 10:32 - 2017-11-13 10:32 - 001658240 _____ C:\Users\Traveltek\Downloads\QQPCDownload1600.exe
2017-11-13 10:13 - 2017-11-13 10:14 - 008435760 _____ C:\Users\Traveltek\Downloads\TotalAV.exe
2017-11-10 16:32 - 2017-11-10 16:32 - 000331549 _____ C:\Users\Traveltek\Downloads\07207 - 7501 (2).pdf
2017-11-10 16:32 - 2017-11-10 16:32 - 000117633 _____ C:\Users\Traveltek\Downloads\07124 - INV (2).PDF
2017-11-10 16:32 - 2017-11-10 16:32 - 000117146 _____ C:\Users\Traveltek\Downloads\07207 - INV (2).PDF
2017-11-10 16:32 - 2017-11-10 16:32 - 000068222 _____ C:\Users\Traveltek\Downloads\07124 - 7501.pdf
2017-11-10 16:31 - 2017-11-10 16:31 - 000117740 _____ C:\Users\Traveltek\Downloads\07124 - INV (1).PDF
2017-11-10 16:10 - 2017-11-10 16:10 - 000331549 _____ C:\Users\Traveltek\Downloads\07207 - 7501 (1).pdf
2017-11-10 16:10 - 2017-11-10 16:10 - 000117146 _____ C:\Users\Traveltek\Downloads\07207 - INV (1).PDF
2017-11-10 09:40 - 2017-11-10 09:40 - 000392373 _____ C:\Users\Traveltek\Downloads\combinepdf.pdf
2017-11-09 17:40 - 2017-11-09 17:40 - 000002981 _____ C:\Users\Traveltek\Downloads\ISF MANIFEST FOR BL#SZ3L17110453.pdf
2017-11-08 12:38 - 2017-11-08 12:38 - 000193957 _____ C:\Users\Traveltek\Desktop\Your Callingmart Order.pdf
2017-11-08 11:00 - 2017-11-08 11:00 - 000015791 _____ C:\Users\Traveltek\Downloads\Marketplace Deals Submission   Form.xlsx
2017-11-06 20:50 - 2017-11-06 20:50 - 000001182 _____ C:\Users\Public\Desktop\WeChat.lnk
2017-11-06 20:50 - 2017-11-06 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeChat
2017-11-06 18:05 - 2017-11-06 18:05 - 000101855 _____ C:\Users\Traveltek\Downloads\HY110103.pdf
2017-11-03 19:26 - 2017-11-03 19:26 - 000000000 ___HD C:\OneDriveTemp
2017-11-03 09:49 - 2017-11-03 09:49 - 000044297 _____ C:\Users\Traveltek\Downloads\Letter_386899426.pdf
2017-11-03 07:56 - 2017-11-03 07:56 - 000062775 _____ C:\Users\Traveltek\Downloads\Project Quote 103117 - PI Phoenix Rework.pdf
2017-11-02 21:58 - 2017-11-02 21:58 - 000227682 _____ C:\Users\Traveltek\Downloads\PI for 11.inch +13.3+14.1 inch accessories (6).pdf
2017-11-02 21:56 - 2017-11-02 21:56 - 000227682 _____ C:\Users\Traveltek\Downloads\PI for 11.inch +13.3+14.1 inch accessories (5).pdf
2017-11-02 21:54 - 2017-11-02 21:54 - 000227682 _____ C:\Users\Traveltek\Downloads\PI for 11.inch +13.3+14.1 inch accessories (4).pdf
2017-11-02 16:03 - 2017-11-02 16:03 - 000159424 _____ (Tencent) C:\Users\Traveltek\AppData\Roaming\91rl8
2017-11-02 15:54 - 2017-11-02 15:54 - 000227682 _____ C:\Users\Traveltek\Downloads\PI for 11.inch +13.3+14.1 inch accessories (3).pdf
2017-11-02 12:23 - 2017-11-02 12:23 - 000048051 _____ C:\Users\Traveltek\Downloads\WH PI KOMANDO GB SET.pdf
2017-11-02 12:20 - 2017-11-02 12:20 - 000048077 _____ C:\Users\Traveltek\Downloads\PI WH travelbook GB SET.pdf
2017-11-02 09:20 - 2017-11-02 09:20 - 000289255 _____ C:\Users\Traveltek\Downloads\6D92E12F@18A3A078.6945C059
2017-11-02 09:07 - 2017-11-02 09:07 - 000353079 _____ C:\Users\Traveltek\Downloads\PI for 11.inch +13.3+14.1 inch accessories (2).pdf
2017-11-02 09:07 - 2017-11-02 09:07 - 000352433 _____ C:\Users\Traveltek\Downloads\PI for 11.inch +13.3+14.1 inch packing Spare.pdf
2017-11-02 08:47 - 2017-11-02 08:47 - 000227682 _____ C:\Users\Traveltek\Downloads\PI for 11.inch +13.3+14.1 inch accessories (1).pdf
2017-11-02 08:43 - 2017-11-02 08:43 - 000227682 _____ C:\Users\Traveltek\Downloads\PI for 11.inch +13.3+14.1 inch accessories.pdf
2017-11-02 08:43 - 2017-11-02 08:43 - 000062523 _____ C:\Users\Traveltek\Downloads\Project Quote 103117 - PI Phoenix Rework.xlsx
2017-11-02 08:43 - 2017-11-02 08:43 - 000062241 _____ C:\Users\Traveltek\Downloads\Project Quote 103117 - PI Buena Park Rework.xlsx
2017-10-30 11:21 - 2017-10-30 11:21 - 000081562 _____ C:\Users\Traveltek\Desktop\Mega_Event_Coupon-Email.pdf
2017-10-29 17:50 - 2017-10-29 17:50 - 000072022 _____ C:\Users\Traveltek\Downloads\eStatement171030095032949960785.pdf
2017-10-29 17:50 - 2017-10-29 17:50 - 000068288 _____ C:\Users\Traveltek\Downloads\eStatement17103009504523134729.pdf
2017-10-29 17:49 - 2017-10-29 17:49 - 000083581 _____ C:\Users\Traveltek\Downloads\eStatement171030094919544731469.pdf
2017-10-29 17:49 - 2017-10-29 17:49 - 000078741 _____ C:\Users\Traveltek\Downloads\eStatement171030094958637439495.pdf
2017-10-29 17:11 - 2017-10-29 17:31 - 2161861478 _____ C:\Users\Traveltek\Downloads\M13 (1).rar
2017-10-28 10:14 - 2017-10-28 10:14 - 003985415 _____ C:\Users\Traveltek\Downloads\Photos.zip
2017-10-28 08:38 - 2017-10-28 08:50 - 2161861478 _____ C:\Users\Traveltek\Downloads\M13.rar
2017-10-27 17:16 - 2017-10-27 17:16 - 000014336 _____ C:\Users\Traveltek\Desktop\sinosure credit application - Copy.xls
2017-10-27 17:14 - 2017-10-27 17:14 - 000014336 _____ C:\Users\Traveltek\Desktop\sinosure credit application.xls
2017-10-26 08:00 - 2017-11-13 08:38 - 000000000 ____D C:\Users\Traveltek\Desktop\Production MISC 2017
2017-10-25 18:35 - 2017-10-25 18:35 - 000003543 _____ C:\Users\Traveltek\AppData\Local\recently-used.xbel
2017-10-24 12:45 - 2017-10-24 12:45 - 000159424 _____ (Tencent) C:\Users\Traveltek\AppData\Roaming\2sU7IR6.vAj
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-13 12:59 - 2016-01-04 23:31 - 000000000 ____D C:\BaiduYunDownload
2017-11-13 11:10 - 2015-12-21 18:36 - 000000000 ____D C:\Users\Traveltek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2017-11-13 11:09 - 2015-12-21 18:35 - 000000000 ____D C:\ProgramData\Tencent
2017-11-13 09:32 - 2017-09-21 04:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-12 20:21 - 2015-09-16 18:46 - 000000000 ____D C:\Users\Traveltek\AppData\Local\clear.fi
2017-11-11 21:10 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-11 21:10 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-11 14:45 - 2017-09-30 15:08 - 001191424 ___SH C:\Users\Traveltek\Desktop\Thumbs.db
2017-11-09 17:28 - 2015-10-01 10:19 - 000000000 ____D C:\Users\Traveltek\Documents\eM Client
2017-11-09 16:24 - 2015-09-17 09:55 - 000000000 ____D C:\Users\Traveltek\AppData\Roaming\eM Client
2017-11-09 11:41 - 2017-02-19 10:27 - 000000000 ____D C:\Users\Traveltek\Desktop\TRIPS
2017-11-09 02:54 - 2016-02-02 20:02 - 000000000 ____D C:\Users\Traveltek\Documents\WeChat Files
2017-11-09 01:47 - 2016-02-03 12:16 - 000000000 ____D C:\Users\Traveltek\Downloads\QQ downloads
2017-11-07 10:23 - 2015-09-16 18:48 - 000000000 _____ C:\WINDOWS\system32\newflow.dat
2017-11-06 20:50 - 2015-12-21 18:35 - 000000000 ____D C:\Program Files (x86)\Tencent
2017-11-06 15:36 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-06 09:39 - 2017-08-08 10:56 - 000000000 ____D C:\Users\Traveltek\Desktop\AMHF MIKE
2017-11-03 19:26 - 2015-09-16 18:50 - 000000000 __RDO C:\Users\Traveltek\OneDrive
2017-11-03 19:25 - 2017-09-21 07:55 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2732464303-3820448205-2966217774-1001
2017-11-03 19:25 - 2017-09-21 07:55 - 000002422 _____ C:\Users\Traveltek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-02 16:01 - 2015-04-27 04:07 - 000000000 ____D C:\Users\Traveltek\Documents\Tencent Files
2017-10-29 09:31 - 2017-09-20 13:58 - 000000000 ____D C:\Users\Traveltek\AppData\Roaming\vlc
2017-10-28 10:25 - 2017-09-30 15:05 - 000156160 ___SH C:\Users\Traveltek\Downloads\Thumbs.db
2017-10-27 11:54 - 2017-09-21 05:14 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{28003102-68FA-49E0-AF93-993B96428C6A}
2017-10-26 16:48 - 2016-02-25 21:54 - 000000000 ____D C:\Users\Traveltek\.gimp-2.8
2017-10-26 10:43 - 2017-09-21 04:34 - 000000000 ____D C:\Users\Traveltek
2017-10-26 08:58 - 2015-02-04 13:10 - 000000000 ____D C:\Users\Traveltek\Documents\Software
2017-10-25 18:35 - 2016-02-25 22:09 - 000000000 ____D C:\Users\Traveltek\AppData\Local\gtk-2.0
2017-10-25 15:47 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 15:47 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 09:50 - 2017-05-17 17:34 - 000000000 ____D C:\Users\Traveltek\Desktop\May 2017 Production
2017-10-24 10:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-24 10:37 - 2015-10-06 18:41 - 000000000 ____D C:\Users\Traveltek\AppData\Local\ElevatedDiagnostics
2017-10-24 08:45 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-23 19:18 - 2017-09-21 04:32 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-10-23 19:18 - 2015-09-17 07:39 - 000000000 __SHD C:\Users\Traveltek\IntelGraphicsProfiles
2017-10-23 19:18 - 2015-09-09 21:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-23 19:12 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-23 19:09 - 2017-09-21 04:57 - 000519896 _____ C:\WINDOWS\system32\prfh0804.dat
2017-10-23 19:09 - 2017-09-21 04:57 - 000156612 _____ C:\WINDOWS\system32\prfc0804.dat
2017-10-23 19:09 - 2017-09-21 04:55 - 002313492 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-23 19:09 - 2017-09-21 04:53 - 000533446 _____ C:\WINDOWS\system32\prfh0404.dat
2017-10-23 19:09 - 2017-09-21 04:53 - 000157224 _____ C:\WINDOWS\system32\prfc0404.dat
2017-10-23 19:06 - 2017-09-21 04:23 - 000313752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-23 19:05 - 2017-09-21 05:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-15 17:49 - 2017-03-18 03:40 - 001835008 _____ C:\WINDOWS\system32\config\BBI
2017-10-15 17:47 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-15 17:47 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-15 17:46 - 2017-03-18 13:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-15 17:46 - 2017-03-18 13:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-15 17:36 - 2016-05-08 19:33 - 000000000 ____D C:\Users\Traveltek\AppData\Roaming\TaobaoProtect
 
==================== Files in the root of some directories =======
 
2016-04-04 12:12 - 2016-04-04 12:12 - 000015086 _____ () C:\Program Files (x86)\2345dh.ico
2017-06-28 05:21 - 2017-06-28 05:21 - 000370070 _____ () C:\Users\Traveltek\AppData\Roaming\11STIcon.ico
2017-10-24 12:45 - 2017-10-24 12:45 - 000159424 _____ (Tencent) C:\Users\Traveltek\AppData\Roaming\2sU7IR6.vAj
2017-10-03 10:37 - 2017-10-03 10:37 - 000159424 _____ (Tencent) C:\Users\Traveltek\AppData\Roaming\3w3WmfuWSWVJGp.6hx
2017-06-28 12:53 - 2017-06-28 12:53 - 000159424 _____ (Tencent) C:\Users\Traveltek\AppData\Roaming\4LzE9.xml
2017-04-09 16:24 - 2017-04-09 16:24 - 000159424 _____ (Tencent) C:\Users\Traveltek\AppData\Roaming\4xI3QW4.53f
2017-11-02 16:03 - 2017-11-02 16:03 - 000159424 _____ (Tencent) C:\Users\Traveltek\AppData\Roaming\91rl8
2016-01-18 10:42 - 2016-01-18 10:42 - 000000954 _____ () C:\Users\Traveltek\AppData\Roaming\coreavc.ini
2016-06-22 00:58 - 2017-01-14 18:36 - 000000021 _____ () C:\Users\Traveltek\AppData\Roaming\fixcfg.ini
2015-12-21 18:36 - 2015-12-21 18:36 - 000005120 _____ () C:\Users\Traveltek\AppData\Roaming\GiftBag.db
2016-11-10 02:19 - 2016-11-09 21:37 - 000270398 _____ () C:\Users\Traveltek\AppData\Roaming\icon_tb1111.ico
2016-11-10 02:19 - 2016-11-08 23:47 - 000125045 _____ () C:\Users\Traveltek\AppData\Roaming\icon_tbjhs.ico
2017-05-12 23:05 - 2017-05-12 23:05 - 000159424 _____ (Tencent) C:\Users\Traveltek\AppData\Roaming\NlT96BhIGy1Gx.tmp
2015-12-21 21:09 - 2015-12-21 21:09 - 045323840 _____ (Tencent Inc.) C:\Users\Traveltek\AppData\Roaming\QQBrowserModule114.dll
2015-12-21 21:09 - 2015-12-21 21:09 - 000854072 _____ () C:\Users\Traveltek\AppData\Roaming\QQBROWSERREINST.DLL
2017-03-05 11:27 - 2017-03-05 11:27 - 000773136 _____ (tencent compan y) C:\Users\Traveltek\AppData\Roaming\QQBROW_2017_02_27E.DLL
2015-12-21 18:56 - 2015-12-21 18:56 - 000232288 _____ () C:\Users\Traveltek\AppData\Roaming\TXQBINSTX.DLL
2017-03-05 10:05 - 2017-03-05 10:05 - 001444872 _____ (Tencent Inc.) C:\Users\Traveltek\AppData\Roaming\XQ4Q.DLL
2017-03-05 11:27 - 2017-03-05 11:27 - 000716544 _____ (Tencent Inc.) C:\Users\Traveltek\AppData\Roaming\xzqqq.exe
2017-02-08 10:49 - 2017-02-08 10:49 - 000000063 _____ () C:\Users\Traveltek\AppData\Local\emaildefaults
2017-02-08 11:48 - 2017-02-08 18:10 - 000000603 _____ () C:\Users\Traveltek\AppData\Local\karboncalligraphyrc
2017-02-08 10:43 - 2017-03-20 02:40 - 000023614 _____ () C:\Users\Traveltek\AppData\Local\kritarc
2017-10-25 18:35 - 2017-10-25 18:35 - 000003543 _____ () C:\Users\Traveltek\AppData\Local\recently-used.xbel
2016-11-21 17:09 - 2016-11-21 18:09 - 000000032 _____ () C:\Users\Traveltek\AppData\Local\temp.tmp
2017-04-09 13:24 - 2017-04-09 13:24 - 000002048 _____ () C:\Users\Traveltek\AppData\Local\uninstallro.exe
2017-07-19 10:55 - 2017-07-19 10:55 - 000159424 _____ (Tencent) C:\ProgramData\52Zu26pqL.txt
2016-12-12 10:25 - 2016-12-12 10:25 - 000000057 _____ () C:\ProgramData\Ament.ini
2016-03-24 04:56 - 2016-04-05 12:25 - 000000564 _____ () C:\ProgramData\debug.log
2017-09-21 04:32 - 2017-09-21 04:32 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-08-30 19:08 - 2017-08-30 19:08 - 000159424 _____ (Tencent) C:\ProgramData\h6hXn8dVgl.dat
2015-09-16 18:56 - 2017-01-31 05:15 - 000000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2016-08-16 15:12 - 2016-11-21 17:07 - 000006995 _____ () C:\ProgramData\nmlist.ini
2017-06-21 09:31 - 2017-06-21 09:31 - 000159424 _____ (Tencent) C:\ProgramData\phypjp8dMG7OQz.txt
2016-10-03 13:44 - 2016-10-03 13:44 - 000000028 _____ () C:\ProgramData\pintext.txt
2017-05-12 01:20 - 2017-05-12 01:20 - 000159424 _____ (Tencent) C:\ProgramData\VmNyp635.Fbq
2017-07-07 23:14 - 2017-07-07 23:14 - 000159424 _____ (Tencent) C:\ProgramData\ykFdj33649.txt
 
Files to move or delete:
====================
C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
C:\ProgramData\h6hXn8dVgl.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-11-11 05:29
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Traveltek (13-11-2017 13:03:28)
Running from C:\Users\Traveltek\Downloads
Windows 10 Home Version 1703 15063.674 (X64) (2017-09-21 13:28:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2732464303-3820448205-2966217774-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2732464303-3820448205-2966217774-503 - Limited - Disabled)
Guest (S-1-5-21-2732464303-3820448205-2966217774-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2732464303-3820448205-2966217774-1006 - Limited - Enabled)
Traveltek (S-1-5-21-2732464303-3820448205-2966217774-1001 - Administrator - Enabled) => C:\Users\Traveltek
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.06.2000 - Acer Incorporated)
abFiles Shell Extension (HKLM-x32\...\{0E1996B9-B733-4096-8FD7-239850ED0B2A}) (Version: 2.03.2002 - Acer Incorporated)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3002 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.2 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
BitTorrent (HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\BitTorrent) (Version: 7.9.9.42924 - BitTorrent Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.221 - Broadcom Corporation)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dragon Assistant Application en-US version 1.5.10 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.10 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.10 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.10 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
DragonBoost (HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\DragonBoost) (Version:  - ) <==== ATTENTION
eM Client (HKLM-x32\...\{7B35918E-43E4-45AF-8F1B-C15D86CA919D}) (Version: 6.0.24928.0 - eM Client Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.3 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8102 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
IR App (HKLM-x32\...\{699D0EFA-5AC2-4DAB-846E-E4EFDA00ACAC}) (Version: 1.0.0.2 - Acer)
ISO2Disc 1.10 (HKLM-x32\...\ISO2Disc_is1) (Version:  - Top Password Software, Inc.)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.03.0004 - ITE)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Kingo ROOT version 1.5.3.3086 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.5.3.3086 - Kingosoft Technology Ltd.)
KingRoot version 3.5.0.1157 (HKLM-x32\...\{FA3B7324-9EB4-4ADC-84D0-5461BE113832}_is1) (Version: 3.5.0.1157 - KingRoot)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.173 - MediatekWiFi)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Thunderbird 45.4.0 (x86 zh-CN) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 zh-CN)) (Version: 45.4.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.317.1 - Tracker Software Products Ltd)
QuickBooks (HKLM-x32\...\{424104AD-BEC6-441D-ADE9-F6662FEEA4BA}) (Version: 24.0.4010.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4004.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WeChat (HKLM-x32\...\WeChat) (Version: 2.6.0.51 - 腾讯科技(深圳)有限公司)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9150 - Broadcom Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (06/30/2015 12.0.1.653) (HKLM\...\96DD37B5CEC116731F3341757CD752145849002A) (Version: 06/30/2015 12.0.1.653 - Broadcom Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Driver Package - Hewlett-Packard USB  (12/12/2014 35.0.56.52825) (HKLM\...\751811386A565E137421527ED375BC462890823F) (Version: 12/12/2014 35.0.56.52825 - Hewlett-Packard)
Windows Driver Package - HP Printer  (11/04/2014 16.54.00.3909) (HKLM\...\A98BF4297DA954112BA9229E3B199AE78A366B95) (Version: 11/04/2014 16.54.00.3909 - HP)
Windows Driver Package - Intel (MEIx64) System  (07/13/2016 11.6.0.1015) (HKLM\...\6336348230A3A913CCC59BBAE4C8A0A6AE21B792) (Version: 07/13/2016 11.6.0.1015 - Intel)
Windows Driver Package - Intel Corporation (iaStorA) HDC  (11/04/2015 14.8.0.1042) (HKLM\...\34C461BD099454731CD5F260D009E37CD73324C2) (Version: 11/04/2015 14.8.0.1042 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaStorA) SCSIAdapter  (11/04/2015 14.8.0.1042) (HKLM\...\27E1A4BC5F7267577E7D7D42399B20C917EF014B) (Version: 11/04/2015 14.8.0.1042 - Intel Corporation)
Windows Driver Package - Realtek Semiconductor Corp. (RTSUER) USB  (08/05/2016 10.0.14393.31228) (HKLM\...\1EF92A3C2CAAF372D194BF09E4230C60D6A9FF9D) (Version: 08/05/2016 10.0.14393.31228 - Realtek Semiconductor Corp.)
爱奇艺万能播放器 (HKLM-x32\...\GeePlayer) (Version: 2.5.35.3301 - 爱奇艺) <==== ATTENTION
电脑管家12.9 (HKLM-x32\...\QQPCMgr) (Version: 12.9.19160.223 - 腾讯科技(深圳)有限公司) <==== ATTENTION
百度网盘 (HKLM-x32\...\百度云管家) (Version: 5.6.3 - 百度在线网络技术(北京)有限公司)
美图秀秀 4.0.1  (HKLM-x32\...\美图秀秀) (Version:  - 美图网)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.9.20026.0 - 腾讯科技(深圳)有限公司)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Traveltek\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe => No File
CustomCLSID: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\en-US\dwgviewrficn.dll => No File
CustomCLSID: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Traveltek\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Traveltek\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ 0FileIconSyncOn] -> {62E15A97-5651-41E4-95C4-706D30C86A4B} => C:\Program Files (x86)\Polaris Office\Office8\Binary\SyncOverlay\X64\0FileIconSyncOn64.dll -> No File
ShellIconOverlayIdentifiers: [ 1FileIconSyncAlert] -> {BF741CA6-27BF-4B49-A3A3-1C39415582D8} => C:\Program Files (x86)\Polaris Office\Office8\Binary\SyncOverlay\X64\1FileIconSyncAlert64.dll -> No File
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-08-13] (Acer Incorporated)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMGCShellExt64.dll [2017-11-13] (Tencent)
ShellIconOverlayIdentifiers: [QBOverlayIcon] -> {96959DE7-C855-42BD-8382-2AAABF2A8F52} => C:\Users\Traveltek\AppData\Local\Tencent\QQBrowser\User Data\QBShellIcon\QBShellIcon4c002bd8.dll [2017-03-05] (Tencent)
ContextMenuHandlers1: [0NeoImaging Menu] -> {83A97A48-F5D7-4D12-8BA3-5263A016D936} => C:\Windows\SysWOW64\ShellContextMenuExt64.dll [2014-03-14] (深圳市迅雷网络技术有限公司)
ContextMenuHandlers1: [AGpShellExt] -> {5CD76C57-6893-478A-B776-47E7C82504BE} => C:\IQIYI Video\GeePlayer\GeePlayer\2.5.35.3301\GpShlExt_64.dll [2017-03-24] (爱奇艺)
ContextMenuHandlers1: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2017-09-08] ()
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers2: [kwansvc] -> {367F6AE2-6809-4bed-B09B-228893FB33DD} =>  -> No File
ContextMenuHandlers3: [QMContextScan] -> {63332668-8CE1-445D-A5EE-25929176714E} => C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMContextScan64.dll [2017-11-13] (Tencent)
ContextMenuHandlers3: [QMContextUninstall] -> {CBDECEF7-7A29-4cbf-A009-2673D82C7BF9} => C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMContextUninstall64.dll [2017-11-13] (Tencent)
ContextMenuHandlers3: [QQShellExt] -> {53D2405C-48AB-4C8A-8F59-CE0610F13BBC} => C:\Program Files\Tencent\QQ\ShellExt\QQShellExt64.dll [2017-03-05] (Tencent)
ContextMenuHandlers4: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll [2017-09-08] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [QMRealTimeSpeedupShellContextMenuExtension] -> {C5617F6A-39BB-436D-91CF-61C1B45DD688} => C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMGCShellExt64.dll [2017-11-13] (Tencent)
ContextMenuHandlers6: [QMContextScan] -> {63332668-8CE1-445D-A5EE-25929176714E} => C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMContextScan64.dll [2017-11-13] (Tencent)
ContextMenuHandlers6: [QMContextUninstall] -> {CBDECEF7-7A29-4cbf-A009-2673D82C7BF9} => C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMContextUninstall64.dll [2017-11-13] (Tencent)
ContextMenuHandlers6: [QQShellExt] -> {53D2405C-48AB-4C8A-8F59-CE0610F13BBC} => C:\Program Files\Tencent\QQ\ShellExt\QQShellExt64.dll [2017-03-05] (Tencent)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03BEE28F-BBBC-4675-8977-262B3C4ABC78} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {07A48318-0919-48D8-993D-008109C30A38} - \WPD\SqmUpload_S-1-5-21-2732464303-3820448205-2966217774-1001 -> No File <==== ATTENTION
Task: {1C4FDEBD-29E4-43D3-B4AA-EEE62205352E} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {3B8FBAE6-75BE-4CE7-AE53-DD16A71588C2} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {5117FE0B-C2FD-43EB-AFB4-8B2C6FFF4A9B} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated)
Task: {52CD81BB-8BD7-44E9-8C4C-6B7576138C0B} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-01-06] (Acer Incorporated)
Task: {5CFA80E8-F724-4B25-AF85-4520D1F9FF66} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {63C08A48-DEE5-4B91-970E-E49237C01109} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
Task: {66F2816E-C2D8-4E65-9071-D22E0DA3DB4E} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated)
Task: {68A4D2F6-9BA8-4944-BF5B-1D6245D5ED91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {6E3F21BE-EECD-44BD-BE69-10BEC6650F5B} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>)
Task: {7B274714-DC08-4619-B5B3-7B05587C7C67} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2732464303-3820448205-2966217774-1001Core1d336779ebdf85c => C:\Users\Traveltek\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {7EB635DE-D97B-4864-8E90-D80A06BE8386} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2016-04-19] (Tracker Software Products (Canada) Ltd.)
Task: {8252D992-63D8-4718-8C45-005CC5C7C5E9} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {82656D41-2D82-43E5-8B15-0193079F10C4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-11] (Microsoft Corporation)
Task: {866800D8-77A1-43A6-B78B-06F4E5E172EC} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {8938E487-3EDC-454E-9221-5CB4928FAB91} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {909EF94F-139A-4B6A-AF3C-15CBC3947C63} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2016-08-15] ()
Task: {92F1F7B7-F39C-4CF8-9518-442512FE1DB2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9C16F7D0-CB94-45F7-8A04-AB033258FDDC} - System32\Tasks\eM Client Database Backup => C:\Program Files (x86)\eM Client\DbBackup.exe [2016-02-29] ()
Task: {B0D3A239-F408-4523-994A-6C9A45427570} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {BBE38DBB-3D4F-4275-BCD8-B76B89A5252D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
Task: {C44DC49E-4F92-4A0F-B399-168BED4DF267} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {C45101B2-C85F-49A2-A312-6CAB68EC5665} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2732464303-3820448205-2966217774-1001Core => C:\Users\Traveltek\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {C655C427-8682-45C4-9248-A2D5A032CEDB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {C6C03263-AF87-4D42-8AA2-43AFAB390210} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-12-30] (Acer Incorporated)
Task: {D2F5E453-3C3C-4977-85C7-B6BDFE4EDB9A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D5577699-47B3-473F-9136-8416BF44401E} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {D58E6DF6-780C-4357-908A-6177DC06F295} - System32\Tasks\{9A39AE00-19A3-4E4C-8E24-E6E570EBFC38} => "c:\windows\system32\launchwinapp.exe" hxxps://ui.skype.com/ui/0/7.40.99.103/en/abandoninstall?page=tsProgressBar
Task: {DE9D8557-1DBA-4922-994C-5538288C54D6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E0BC8FDC-8DBE-4C6B-A50C-7229B55B3D7C} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {E6FF5D45-F6DD-401D-B133-AE76751D9A22} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2732464303-3820448205-2966217774-1001UA => C:\Users\Traveltek\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-30] (Google Inc.)
Task: {EF9BA055-C360-46BF-87A9-2D07E1F918EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DandelionStarter.job_ => C:\Users\Traveltek\AppData\Local\Dandelion\Dandelion.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForTraveltek.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Traveltek.job => C:\Users\Traveltek\AppData\Local\Kingsoft\WPS Office\10.2.0.5811\wtoolex\wpsupdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Traveltek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Traveltek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\Traveltek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WhatsChrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bgkodfmeijboinjdegggmkbkjfiagaan
ShortcutWithArgument: C:\Users\Traveltek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-08-29 16:34 - 2012-05-10 20:36 - 000179712 _____ () C:\Program Files\acerIR\IRSrv.exe
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2014-08-29 17:02 - 2014-01-03 13:29 - 000111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2017-09-08 02:35 - 2017-09-08 02:35 - 000284192 _____ () C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\YunShellExt64.dll
2017-05-03 14:50 - 2017-05-03 14:50 - 000619008 ____N () C:\windows\system32\tprdpw64.exe
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-08 02:36 - 2017-09-08 02:36 - 001119776 _____ () C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\YunDetectService.exe
2017-10-01 19:20 - 2017-10-01 19:20 - 000936960 _____ () C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2016-08-15 14:24 - 2016-08-15 14:24 - 000091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2017-09-08 02:36 - 2017-09-08 02:36 - 007824928 _____ () C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\BaiduNetdisk.exe
2016-08-15 14:24 - 2016-08-15 14:24 - 001769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2017-11-01 01:31 - 2017-11-01 01:31 - 000015872 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.2791.0_x64__8wekyb3d8bbwe\PeopleApp.exe
2017-11-01 01:31 - 2017-11-01 01:31 - 009347072 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.2791.0_x64__8wekyb3d8bbwe\PeopleApp.dll
2017-11-01 01:31 - 2017-11-01 01:31 - 000132096 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.2791.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-09-21 08:09 - 2017-09-21 08:10 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.2791.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-01 01:31 - 2017-11-01 01:31 - 004176896 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.2791.0_x64__8wekyb3d8bbwe\Microsoft.Apps.People.Shared.dll
2017-11-01 01:31 - 2017-11-01 01:31 - 002963968 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.2791.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-11-01 01:31 - 2017-11-01 01:31 - 001989120 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.2791.0_x64__8wekyb3d8bbwe\Microsoft.People.Relevance.dll
2017-11-01 01:31 - 2017-11-01 01:31 - 006637056 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.2791.0_x64__8wekyb3d8bbwe\Microsoft.People.NativeComponents.dll
2015-12-20 21:55 - 2015-12-20 21:58 - 000258560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.2791.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-11-02 22:53 - 2017-11-02 22:58 - 000016384 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\XboxApp.exe
2017-11-02 22:53 - 2017-11-02 22:58 - 033914368 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\XboxApp.dll
2017-09-27 08:17 - 2017-09-27 08:22 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2016-07-29 17:24 - 2016-07-29 17:24 - 001651112 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_33.34.30002.0_x64__8wekyb3d8bbwe\winsdkfb.dll
2017-10-24 12:21 - 2017-10-24 12:21 - 025741312 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-10-24 12:21 - 2017-10-24 12:21 - 009257984 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-27 08:17 - 2017-09-27 08:22 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-24 12:21 - 2017-10-24 12:21 - 011255296 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17092.13511.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-11-11 21:09 - 2017-11-11 21:09 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-11 21:09 - 2017-11-11 21:09 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-04 22:56 - 2017-05-01 17:03 - 003767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libglesv2.dll
2017-05-04 22:56 - 2017-05-01 17:03 - 000100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libegl.dll
2017-09-29 10:24 - 2017-09-29 10:24 - 001087488 _____ () C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2015-12-29 23:53 - 2015-12-29 23:53 - 000101944 _____ () C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.7\Log.dll
2014-08-29 17:00 - 2013-07-02 13:30 - 000387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2014-08-29 17:00 - 2013-07-02 13:30 - 001165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2014-08-29 17:00 - 2013-07-02 13:30 - 000229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2014-08-29 17:00 - 2013-07-02 13:30 - 000199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2014-08-29 17:00 - 2013-07-02 13:30 - 001132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2014-08-29 17:00 - 2013-07-02 13:30 - 000035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2014-08-29 17:00 - 2013-07-02 13:29 - 000027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2016-09-15 08:54 - 2015-03-14 03:44 - 001216144 _____ () C:\Program Files (x86)\MediatekWiFi\Common\RaWLAPI.dll
2014-08-29 17:02 - 2014-01-03 13:29 - 000087640 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2016-08-15 17:03 - 2016-08-15 17:03 - 000202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 17:05 - 2016-08-15 17:05 - 000654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 17:05 - 2016-08-15 17:05 - 000641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 17:04 - 2016-08-15 17:04 - 000119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-09-21 04:39 - 2017-09-21 04:39 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 14:09 - 2016-08-30 14:09 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 14:05 - 2016-08-30 14:05 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-08-15 14:24 - 2016-08-15 14:24 - 000277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2017-09-08 01:48 - 2017-09-08 01:48 - 001980416 _____ () C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\exiv2.dll
2017-09-08 01:48 - 2017-09-08 01:48 - 000108544 _____ () C:\Users\Traveltek\AppData\Roaming\baidu\BaiduNetdisk\libexpat.dll
2016-05-05 00:53 - 2017-10-31 19:10 - 000713504 _____ () C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\qpsafeplugin.dll
2017-03-05 10:08 - 2017-03-05 10:08 - 000079552 _____ () C:\Program Files\Tencent\QQ\Bin\zlib.dll
2017-03-05 10:08 - 2017-03-05 10:08 - 000132288 _____ () C:\Program Files\Tencent\QQ\Bin\libexpat.dll
2017-03-05 10:08 - 2017-03-05 10:08 - 000454336 _____ () C:\Program Files\Tencent\QQ\Bin\sqlite.dll
2017-03-05 10:08 - 2017-03-05 10:08 - 000132288 _____ () C:\Program Files\Tencent\QQ\Bin\libpng.dll
2017-03-05 10:08 - 2017-03-05 10:08 - 000057024 _____ () C:\Program Files\Tencent\QQ\Bin\libimagequant.dll
2017-03-05 10:08 - 2017-03-05 10:08 - 000285376 _____ () C:\Program Files\Tencent\QQ\Bin\libjpegturbo.dll
2017-03-05 10:08 - 2017-03-05 10:08 - 000200896 _____ () C:\Program Files\Tencent\QQ\Bin\libtcmalloc.dll
2017-03-05 10:08 - 2017-03-05 10:08 - 000137920 _____ () C:\Program Files\Tencent\QQ\Bin\libuv.dll
2017-03-05 10:08 - 2017-03-05 10:08 - 000040128 _____ () C:\Program Files\Tencent\QQ\Bin\jsonc.dll
2017-03-05 10:08 - 2017-03-05 10:08 - 000977000 _____ () C:\Program Files\Tencent\QQ\Plugin\com.tencent.audiovideo\Bin\TRAE.DLL
2017-03-05 10:08 - 2017-03-05 10:08 - 029590720 _____ () C:\Program Files\Tencent\QQ\Bin\libcef3.dll
2017-08-02 20:40 - 2017-08-02 20:40 - 053460480 _____ () C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 10:43 - 2016-05-31 10:43 - 001976832 _____ () C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 10:44 - 2016-05-31 10:44 - 000075264 _____ () C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 16:15 - 2016-06-15 16:15 - 017599640 _____ () C:\Users\Traveltek\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3 [163]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\alipay.com -> hxxps://alipay.com
IE trusted site: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\alipay.com -> hxxp://alipay.com
IE trusted site: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\alisoft.com -> hxxps://alisoft.com
IE trusted site: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\alisoft.com -> hxxp://alisoft.com
IE trusted site: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\baidu.com -> hxxp://baidu.com
IE trusted site: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\microsoftoem.com -> hxxps://moo.microsoftoem.com
IE trusted site: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\taobao.com -> hxxps://taobao.com
IE trusted site: HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\taobao.com -> hxxp://taobao.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2017-05-04 17:26 - 000000833 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 82.163.142.8 - 95.211.158.136
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\StartupApproved\Run: => "AcerPortal"
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2C24870B9B2DDB35569336E4993E17F6"
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\StartupApproved\Run: => "ApowerMirror"
HKU\S-1-5-21-2732464303-3820448205-2966217774-1001\...\StartupApproved\Run: => "BaiduYunGuanjia"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{28563AEF-CE17-4DC2-8C1D-49AD5E1DDF6B}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{519128CF-97F1-434A-BC7B-2DF6B5B910DD}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{4B086345-3ECC-420B-A969-FE6467C786DA}] => (Allow) C:\WINDOWS\TEMP\AYCHECK_VUL3.EXE
FirewallRules: [{E7A78EB7-7D37-4662-9822-3BEE347025B3}] => (Allow) C:\Users\Traveltek\Downloads\QQPCDownload1383.exe
FirewallRules: [{17F06445-8803-4305-93B7-CB884DABD773}] => (Allow) C:\Users\Traveltek\Downloads\QQPCDownload1383.exe
FirewallRules: [{18F8D7F8-9432-466A-8ACA-1337CFDF4FE5}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{767D77E8-8324-49F1-92C1-AC6EF35F8B87}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{33EC49BC-E000-4B6B-ACE4-82F4607E09A6}] => (Allow) C:\Users\Traveltek\AppData\Local\Apowersoft\Online Phone Manager\Android Recorder.exe
FirewallRules: [{664AB0BE-01E0-48BB-95CD-386498CE167D}] => (Allow) C:\Users\Traveltek\AppData\Local\Apowersoft\Online Phone Manager\Android Recorder.exe
FirewallRules: [{077FE94C-5DC6-4376-B6DF-9553787CBD2F}] => (Allow) C:\Users\Traveltek\AppData\Local\Apowersoft\Online Phone Manager\iOS Recorder.exe
FirewallRules: [{D79E8424-993F-426D-9D49-FB4674CEDCC6}] => (Allow) C:\Users\Traveltek\AppData\Local\Apowersoft\Online Phone Manager\iOS Recorder.exe
FirewallRules: [{576CE9CD-549A-4A0D-852E-D7124382D791}] => (Allow) C:\Users\Traveltek\AppData\Local\Apowersoft\Online Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{5641CFAA-1922-4772-9133-F207499042F6}] => (Allow) C:\Users\Traveltek\AppData\Local\Apowersoft\Online Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{EE6CB7DA-49F3-4A4B-9F2B-1E93E5829E93}] => (Allow) C:\Users\Traveltek\AppData\Local\Apowersoft\Online Phone Manager\Online Phone Manager.exe
FirewallRules: [{56F3E761-5044-4FAC-A615-28A70B6C47EA}] => (Allow) C:\Users\Traveltek\AppData\Local\Apowersoft\Online Phone Manager\Online Phone Manager.exe
FirewallRules: [{24DA8AB4-205E-4878-AAF3-84B486C4FE08}] => (Block) C:\program files\tightvnc\tvnviewer.exe
FirewallRules: [{9CBD0F67-8F93-4FA5-AC65-668F29A4F79A}] => (Block) C:\program files\tightvnc\tvnviewer.exe
FirewallRules: [UDP Query User{5963AEA1-E92B-4CD3-BCE4-0A9FC849DE8E}C:\program files\tightvnc\tvnviewer.exe] => (Allow) C:\program files\tightvnc\tvnviewer.exe
FirewallRules: [TCP Query User{430F57A9-41ED-45AC-AF35-A46D787C9AD5}C:\program files\tightvnc\tvnviewer.exe] => (Allow) C:\program files\tightvnc\tvnviewer.exe
FirewallRules: [{97861CCA-ACA2-4F9F-8DF8-5163DFD83460}] => (Block) C:\users\traveltek\appdata\roaming\baidu\baidunetdisk\baidunetdisk.exe
FirewallRules: [{C5CBE537-C814-4FB6-846F-8BC418628F8F}] => (Block) C:\users\traveltek\appdata\roaming\baidu\baidunetdisk\baidunetdisk.exe
FirewallRules: [UDP Query User{A51E785D-D713-4941-9606-282FF060CD02}C:\users\traveltek\appdata\roaming\baidu\baidunetdisk\baidunetdisk.exe] => (Allow) C:\users\traveltek\appdata\roaming\baidu\baidunetdisk\baidunetdisk.exe
FirewallRules: [TCP Query User{703176C7-262D-4FD7-9F29-1F8B9A7E05D7}C:\users\traveltek\appdata\roaming\baidu\baidunetdisk\baidunetdisk.exe] => (Allow) C:\users\traveltek\appdata\roaming\baidu\baidunetdisk\baidunetdisk.exe
FirewallRules: [{6A75E055-3544-4414-BD87-2F3661A5CEBF}] => (Allow) C:\Users\Traveltek\Downloads\QQPCDownload140042.exe
FirewallRules: [{8E71FAD4-B4C6-4031-9D90-AC3B188E6D76}] => (Allow) C:\Users\Traveltek\Downloads\QQPCDownload140042.exe
FirewallRules: [{8921DFC8-3318-49EA-99F4-175DD75874AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AB340610-1330-484A-9EFB-3AEC2243C137}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\2.5.35.3301\GeePlayer.exe
FirewallRules: [{021B00EB-5F80-47ED-BC6F-113500EB9A20}] => (Allow) C:\Users\Traveltek\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exe
FirewallRules: [{EF42DDBE-0738-4B30-96A8-E3FC54C0384C}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [UDP Query User{E8F52215-DA4D-451F-8D33-BB6FE53129BB}C:\users\traveltek\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\traveltek\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
FirewallRules: [TCP Query User{D445C301-49C1-4AB3-8D11-AF575E75F9C2}C:\users\traveltek\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\traveltek\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
FirewallRules: [{00AE0A4A-1581-44DF-BD36-DBD22B88AD7B}] => (Block) C:\users\traveltek\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{56CCA00A-E28D-4FA4-B3A3-8228EF1EB4AD}] => (Block) C:\users\traveltek\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{D12E3762-5682-4351-98B4-F94D7B49A7C9}C:\users\traveltek\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\traveltek\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{83822858-78BB-40C5-A809-0B1D092805A7}C:\users\traveltek\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\traveltek\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{2B5DFD70-2076-42C6-804F-A5D55BCE3D4C}] => (Allow) C:\Users\Traveltek\AppData\Local\Temp\Tencent\MiniQQGameDownloader.1.0.0.6\QQGameDownload.exe
FirewallRules: [{1D63BE2E-342E-4C32-9197-36C5F31A7F95}] => (Allow) C:\Users\Traveltek\AppData\Local\Temp\Tencent\MiniQQGameDownloader.1.0.0.6\QQGameDownload.exe
FirewallRules: [{577011D6-8DAE-436E-9A9C-FF815F07C1ED}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe
FirewallRules: [{1A6B6A3A-D939-4729-846D-4D5C3F793A05}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe
FirewallRules: [{C4DDC0D5-5C28-4C22-9B18-C9AD57D6C280}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{368D4C8D-6CEC-4461-8C43-B5EB4164FBC9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{4E218FE9-AD5D-442A-A38D-588C27D4080B}] => (Allow) C:\Users\Traveltek\AppData\Local\Temp\7zS1C19\HPDiagnosticCoreUI.exe
FirewallRules: [{C8BC1ECD-42D0-4E7B-8466-E6E8DC7C3883}] => (Allow) C:\Users\Traveltek\AppData\Local\Temp\7zS1C19\HPDiagnosticCoreUI.exe
FirewallRules: [{1EBC3550-69A6-4EED-9CC4-0E5AE8C35C05}] => (Allow) C:\Users\Traveltek\AppData\Local\Temp\7zS6105\HPDiagnosticCoreUI.exe
FirewallRules: [{6AEC7A36-B3BF-4EEE-9CE1-B27F4FAEFDD3}] => (Allow) C:\Users\Traveltek\AppData\Local\Temp\7zS6105\HPDiagnosticCoreUI.exe
FirewallRules: [{62B844D1-27B7-4AFC-9F26-9CC0FC001A4C}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\2.5.31.3010\GeePlayer.exe
FirewallRules: [{0A95F185-32AC-4ABD-B1FB-F2B549C28DA0}] => (Allow) C:\Users\Traveltek\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exe
FirewallRules: [UDP Query User{15B1C2AD-DBBF-4034-8929-783B5CF96421}C:\users\traveltek\onedrive\documents\household & finance\hootoo_tripmate(windows)\windows client\hootoo tripmate_v1.0.8.0.exe] => (Allow) C:\users\traveltek\onedrive\documents\household & finance\hootoo_tripmate(windows)\windows client\hootoo tripmate_v1.0.8.0.exe
FirewallRules: [TCP Query User{4FB1745A-84E0-4432-AD4D-EE1AA662FC39}C:\users\traveltek\onedrive\documents\household & finance\hootoo_tripmate(windows)\windows client\hootoo tripmate_v1.0.8.0.exe] => (Allow) C:\users\traveltek\onedrive\documents\household & finance\hootoo_tripmate(windows)\windows client\hootoo tripmate_v1.0.8.0.exe
FirewallRules: [UDP Query User{2F62DBE9-9474-4804-BFEC-CEC58334EE08}C:\kinggsoft\kduu_ba\sp7\xlmodule\download\minithunderplatform.exe] => (Allow) C:\kinggsoft\kduu_ba\sp7\xlmodule\download\minithunderplatform.exe
FirewallRules: [TCP Query User{7628DFBC-C8B8-423F-BD9C-D795FBA17919}C:\kinggsoft\kduu_ba\sp7\xlmodule\download\minithunderplatform.exe] => (Allow) C:\kinggsoft\kduu_ba\sp7\xlmodule\download\minithunderplatform.exe
FirewallRules: [{6FB87F61-CC16-443E-B656-9609E4C03BA8}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{61D568D1-B6B8-4263-B786-7FB8CF70D122}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [UDP Query User{AA22F6D3-89D5-4ACA-A3F0-0D1B14EF2AD9}C:\program files (x86)\mydrivers\drivergenius\xlmodule\download\minithunderplatform.exe] => (Allow) C:\program files (x86)\mydrivers\drivergenius\xlmodule\download\minithunderplatform.exe
FirewallRules: [TCP Query User{8D3E0AAF-0160-4604-91A9-0650EFC3B3CB}C:\program files (x86)\mydrivers\drivergenius\xlmodule\download\minithunderplatform.exe] => (Allow) C:\program files (x86)\mydrivers\drivergenius\xlmodule\download\minithunderplatform.exe
FirewallRules: [UDP Query User{FE9375D0-5A17-469A-8D41-82E89649DB68}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{F4708C1F-55F6-43E1-9FF8-D08D56A01277}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{A79D0335-63F7-46DE-BFE7-C683DA379F88}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42924.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42924.exe
FirewallRules: [TCP Query User{A4BAB5E4-9E35-45CB-8361-3E7CA33807F9}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42924.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42924.exe
FirewallRules: [UDP Query User{CA3BC27D-FFEC-4D42-9EFA-D932F19A3FAF}C:\users\traveltek\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\traveltek\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
FirewallRules: [TCP Query User{E63FAAA1-7036-4598-82CF-7DDB3059FC03}C:\users\traveltek\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\traveltek\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
FirewallRules: [{3EF2CC4D-43DD-4433-95B5-7B49AB28AE9E}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.5.9507.400\QQBrowser.exe
FirewallRules: [{79C89D97-CA57-4873-A239-13B27B999B79}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.5.9507.400\QQBrowser.exe
FirewallRules: [UDP Query User{0FBE66A4-48F9-4912-A02A-8A14F23A1338}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41713.exe
FirewallRules: [TCP Query User{9515E675-AA38-4F61-AD50-60D8417A8148}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41713.exe
FirewallRules: [{57AF25EB-8886-40B4-A19B-47ACD7A9657E}] => (Allow) C:\Program Files (x86)\kingsoft\kingsoft antivirus\xlmodule\download\minithunderplatform.exe
FirewallRules: [{6D11582A-9684-47C6-BF29-5DCCFC5F5589}] => (Allow) C:\Program Files (x86)\kingsoft\kingsoft antivirus\xlmodule\download\minithunderplatform.exe
FirewallRules: [UDP Query User{19FDE965-5913-479C-ADF9-5EF27261F22B}C:\program files (x86)\youku\tudouclient\ikuacc.exe] => (Allow) C:\program files (x86)\youku\tudouclient\ikuacc.exe
FirewallRules: [TCP Query User{58C2FEF1-E676-460E-9D3A-7181D72DA8AF}C:\program files (x86)\youku\tudouclient\ikuacc.exe] => (Allow) C:\program files (x86)\youku\tudouclient\ikuacc.exe
FirewallRules: [UDP Query User{A9C496DA-4C5C-4321-8DA0-5A67BA2C8B1C}C:\users\traveltek\appdata\roaming\ytmediacenter\ikuacc.exe] => (Allow) C:\users\traveltek\appdata\roaming\ytmediacenter\ikuacc.exe
FirewallRules: [TCP Query User{53DE1834-AD2D-4B85-9E23-FEB9EC3B313A}C:\users\traveltek\appdata\roaming\ytmediacenter\ikuacc.exe] => (Allow) C:\users\traveltek\appdata\roaming\ytmediacenter\ikuacc.exe
FirewallRules: [{52A3155B-C600-4668-ACA8-7DF93BC5DA7E}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe
FirewallRules: [{F3515E92-CB3F-4F89-95E0-ED4D4CD71EBD}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe
FirewallRules: [{65FD8FEB-8D78-4ED2-8B96-80573193708E}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{6ED37D4D-15A5-4181-B4C1-FC665720C0D9}] => (Allow) C:\Users\Traveltek\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe
FirewallRules: [{9EF97D53-2072-4AAF-830D-1B6132CFF2EA}] => (Allow) C:\Users\Traveltek\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe
FirewallRules: [{93B99F77-7F57-4BFF-BD84-470CBE7CA55B}] => (Allow) C:\Users\Traveltek\Downloads\QQPCDownload71664.exe
FirewallRules: [{D89A1ACF-AEF3-4C83-AC74-C3A36EE4FDC1}] => (Allow) C:\Users\Traveltek\Downloads\QQPCDownload71664.exe
FirewallRules: [{4C166063-C00A-40A2-B260-89AA947DB7DC}] => (Allow) C:\Users\Traveltek\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0956EAA3-D89F-490B-AD3A-152A160D5499}] => (Allow) C:\Users\Traveltek\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{016D8B09-BAC0-4599-8986-FE2F49F6D542}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{906283BE-E18E-4A1F-9C16-AF1B4C3C2F31}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{4C4B3C5E-AC91-481D-9D5E-49451AC1BD60}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Allow) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [TCP Query User{2DD54246-1D32-4192-B995-7D0CB9652F40}C:\program files (x86)\qvodplayer\qvodterminal.exe] => (Allow) C:\program files (x86)\qvodplayer\qvodterminal.exe
FirewallRules: [UDP Query User{1FBDB5D4-C80A-435A-A3FE-139FAF1FDBB7}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [TCP Query User{F30D27AF-66C1-4B1F-9D59-7E38479DAF48}C:\program files (x86)\qvodplayer\qvodplayer.exe] => (Block) C:\program files (x86)\qvodplayer\qvodplayer.exe
FirewallRules: [UDP Query User{83580543-8801-440B-B973-307428391E0E}C:\users\traveltek\appdata\local\temp\nsmfa68.tmp\qvoddownlite.exe] => (Allow) C:\users\traveltek\appdata\local\temp\nsmfa68.tmp\qvoddownlite.exe
FirewallRules: [TCP Query User{8E795274-BCAD-420D-A643-54BEEE7D4E34}C:\users\traveltek\appdata\local\temp\nsmfa68.tmp\qvoddownlite.exe] => (Allow) C:\users\traveltek\appdata\local\temp\nsmfa68.tmp\qvoddownlite.exe
FirewallRules: [UDP Query User{BC92AEE7-507A-4991-BB7D-740D66AEF9C6}C:\users\traveltek\downloads\qvodsetup5.exe] => (Allow) C:\users\traveltek\downloads\qvodsetup5.exe
FirewallRules: [TCP Query User{DC969F73-8220-47EE-A1A8-7E9510116D66}C:\users\traveltek\downloads\qvodsetup5.exe] => (Allow) C:\users\traveltek\downloads\qvodsetup5.exe
FirewallRules: [{499F6A8D-4896-4CA7-8B25-9883B7A0E478}] => (Allow) C:\Users\Traveltek\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{0B5BD6CF-0AA5-46B0-B200-800CB2D1B4D8}] => (Allow) C:\Users\Traveltek\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [UDP Query User{1D4BD55B-2D50-4150-AC8E-12361F18F11B}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\thunderplatform.exe] => (Allow) C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\thunderplatform.exe
FirewallRules: [TCP Query User{09289B1B-9B74-487C-A594-961F48E419B4}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\thunderplatform.exe] => (Allow) C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.259_1111\thunderplatform.exe
FirewallRules: [{54C32E13-D0FB-4CE4-8DCF-19E940F17519}] => (Allow) LPort=33673
FirewallRules: [{0D688979-80D0-41D7-AF93-919B12D30842}] => (Allow) LPort=33674
FirewallRules: [{6416A60C-995A-430D-950F-E1514D8C0857}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{6EAADCEA-7281-4E7C-A967-8E35830EB4D2}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{40C0EC07-0C25-4C12-9DCD-D5DABACD51F7}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\XLRCSReport.exe
FirewallRules: [{A13A8E33-8B1C-48DB-A3E0-9B7F2F6B8963}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{DBE9204A-4347-41C0-9873-DDA34622C2AB}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderMPServer.exe
FirewallRules: [{DC24F8FE-FD8F-4A5C-8BB4-1ADF3D37EB4D}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderMPServer.exe
FirewallRules: [{3941B991-A7F9-4238-AF4F-3FEB0E5E19B1}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\XLBugReport.exe
FirewallRules: [{1529402E-9AB0-4B0F-A572-B07C8B3701F4}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\XLBugReport.exe
FirewallRules: [{C638E194-3B83-4A38-B8CF-143B76AE02FE}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\ThunderLiveUD.exe
FirewallRules: [{8A4D6DCA-FA73-49BB-8F73-B9AEC3394CE6}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\ThunderLiveUD.exe
FirewallRules: [{957CC146-72BE-4B94-BE3E-363B61668B90}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\ThunderPlatform.exe
FirewallRules: [{72484688-51B0-4A6D-BBAA-084B8BB3B0E3}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.259_1111\ThunderPlatform.exe
FirewallRules: [{AE81F4A2-0B81-4AE1-8A71-293477B6B456}] => (Allow) C:\QMDownload\SoftMgr\iToolsSetup_3.2.1.4_txrjgjxz.exe
FirewallRules: [{ADD59C0F-B292-443F-8EDA-B07316189DBA}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{0FDD6C50-039C-4760-988F-C8C064F121D5}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe
FirewallRules: [{DDC30587-EDBA-4010-AAEE-E45DD1078E7F}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe
FirewallRules: [{BA19AD03-DAD3-4AF5-96B8-71271AEAA8BE}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe
FirewallRules: [{6F15176E-D2F8-4791-A791-4A656980E48B}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe
FirewallRules: [{B963596A-4303-44C9-999C-2E96E3F733C6}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe
FirewallRules: [{F83DCF6D-E717-4F8A-8CDA-F31D4E4EC1EA}] => (Allow) C:\Program Files\Tencent\QQMusic\QQMusic1224.18.56.8\QzoneMusic\QzoneMusic.exe
FirewallRules: [{E4E158B0-8402-4579-B62E-D7E4A8007B3D}] => (Allow) C:\Program Files\Tencent\QQMusic\QQMusic1224.18.56.8\QzoneMusic\QzoneMusic.exe
FirewallRules: [{D8CCACA5-0CEC-4E1C-ACA5-D15FCB38A6CA}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{A0662636-3F20-4CE7-8077-FFFDB7F2349E}] => (Allow) C:\Program Files\Tencent\QQ\Bin\maUpdat.exe
FirewallRules: [{2D6966A7-5367-450B-87DB-01A40B208E98}] => (Allow) C:\Program Files\Tencent\QQ\Bin\maLauncher.exe
FirewallRules: [{9E4410CF-ACF5-4768-BC34-4461E4ECB8BC}] => (Allow) C:\Program Files\Tencent\QQ\Bin\SetupEx\SetupEx.exe
FirewallRules: [{89DC0E69-9ABE-4372-AA09-D53545A20741}] => (Allow) C:\Program Files\Tencent\QQ\Bin\txupd.exe
FirewallRules: [{18F51F0F-331F-422E-8C1D-6A495F9B94E3}] => (Allow) C:\Program Files\Tencent\QQ\Bin\auclt.exe
FirewallRules: [{913543D5-6CF8-42B4-99C3-CF430DB25860}] => (Allow) C:\Program Files\Tencent\QQ\Bin\QQ.exe
FirewallRules: [{550E6127-C4E3-40B6-A67A-446C6A90096A}] => (Allow) C:\Users\Traveltek\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exe
FirewallRules: [{2F67562A-4FDD-4740-88BA-261F7FF20B98}] => (Allow) C:\QMDownload\SoftMgr\QQMusic_Setup_1224-12.24.3323.1216.exe
FirewallRules: [{D91A6018-8841-4B4E-93A8-6E4F6096CAF7}] => (Allow) C:\QMDownload\SoftMgr\QQMusic_Setup_1224-12.24.3323.1216.exe
FirewallRules: [{AB2D5D8B-ABCB-4D0A-A830-B6547DDD9066}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{ED8D82E0-6480-4301-98D0-98BB92681CFE}] => (Allow) C:\Users\Traveltek\Downloads\QQPCDownload1337.exe
FirewallRules: [{CE253DF1-FB3C-426A-BC35-5D5C5AEACB75}] => (Allow) C:\Users\Traveltek\Downloads\QQPCDownload1337.exe
FirewallRules: [{FD2E0175-621B-46D7-B979-3601701D68B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89A71B54-A2F4-41A3-AB85-BCE1717D4224}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{FEB2CB01-F86B-493F-B665-CF0B1D66051A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E045DE7A-1723-4B94-8CA5-F3D16AF99FB3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E899FC38-474F-473F-912B-86F6F020AC95}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7DE9F037-8D80-4730-90C5-4B204B454388}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A9A37077-9771-459A-9208-2E2F93414DDE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{DB717F76-7116-4E0F-BFF2-5A189A103553}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F0920BDE-E304-4608-984C-012B00A62F09}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [UDP Query User{A678750F-33AF-4A7B-89BF-0917F26C811A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{40B0F8AE-25D3-47D9-A2F3-8B25504064A3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{202B83C4-38A3-4908-9EE5-2C38D4A301B1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BB6A99EE-03CD-4DF9-8FC7-F1A5B0CB7390}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{92EC211D-6A9A-494D-A94A-01090663ED45}] => (Allow) C:\Program Files\Soluto\SolutoRemoteDirect.exe
FirewallRules: [{73CEBBEB-80E6-4C97-B312-1F3D595D1878}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{8C1A3FCA-37A4-4C22-A9F5-CA65E37FAA10}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{7E0D9167-F8BD-4FC2-92B2-91E935F1EFCE}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{6AD64576-3874-4EF3-AF62-0E0BEDA7344C}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{C76D2A53-CBE3-4FB5-8BE7-834AEB446D22}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{B5DD5F0A-0DEE-4D75-AEB7-7C9CF1F5D2CF}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{92443890-BDDF-4094-A99B-BFA5480A6A91}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{187F2B6D-7FE7-46E8-B47E-13F10DF94E4E}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{E945441B-B64A-45F1-91EB-287B1F57773B}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{919F3105-A623-429A-8DFB-54D4F6B6B4D4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B6BCD5CC-B69F-418B-8977-896D5B7B8345}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FD77983A-F776-4AF3-8340-DF76A9F17416}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{413872B7-2CF4-45B0-A8E1-F7E699BA782B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{6AC80250-B0FF-4135-A387-9413EF766836}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{A80A3FDF-1521-4E87-8AC0-A408D52F09F6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{45353605-ADC5-44A0-ADFD-5F584CB6E962}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{6F8B92B9-D1F6-4C91-AE8A-88F2425B9727}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{4324479B-A637-419B-B9B0-6EFE0513DC41}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{DBDA31E0-7380-42FC-B2A8-2A6253CADF68}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{0A26319C-228E-42E4-BF48-B40AC83F03CE}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{866978F2-A410-4CBD-BF17-93B407205195}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{0813E82A-EA0B-40AE-8AF0-F1F938178745}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{A0E889F3-1A42-4F1A-BD00-CEB9EAAA1812}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{18AAD59D-8D9B-45C8-95D6-C9A91462AF33}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{DAB0EFA1-6D0A-477A-8160-DA11E3532190}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{76D75136-9BA7-4B93-8B26-6BCA82618BF1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{0C9AE6A9-4177-4B52-8684-9E90A0D3A380}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{53A81148-6226-437D-BCE9-0BD639EB73B3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{1A88B4C3-5908-4F99-81AC-4FEEC78B4D58}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{6CCAEF78-251F-43E2-BB9E-C244E77F9B33}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{133F1A2B-0AEC-46FC-BD8D-DAFC7B25E53E}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{75FAF9C4-A8BC-47CD-BE36-6702172973E4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{B4ABE35B-B3F5-40CD-8FBF-1D31E1C5063F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{21F797D1-B40C-4BEB-803B-4ACBC3FE05D7}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{B604923A-F1A4-4E95-B806-819E858600CE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{42B0556D-C62C-4C7D-A1F5-F5D4F256DCA4}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{6796B155-EF06-48EF-A84E-CBE9756CF837}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{EFC20C37-75B0-4C32-A005-A3CEBEEA7C6D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{76CA7435-A04A-47E3-B2C1-7659A0720A8C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{2B7AF979-D7D5-4485-91FF-F14F9347662E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{27AEEA71-95E5-487F-A776-0FFFC6163822}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{1056FB8C-EF17-4840-B6F2-33C6250551B1}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [TCP Query User{155E36B8-5C23-4EAC-AC79-D3E18DCB550D}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => (Block) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41713.exe
FirewallRules: [UDP Query User{850B0AC9-41D3-4047-B3E7-B472CF558DE7}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => (Block) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41713.exe
FirewallRules: [{7FDD40EE-DA5A-4E3A-95D2-D93308BFADB2}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{AAC12F0B-6B1B-4FE2-AC60-6D2C1800180A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [TCP Query User{9727D276-9F89-4E2C-9EBA-F2B61F76D206}C:\program files (x86)\kingsoft\kingsoft antivirus\xlmodule\download\minithunderplatform.exe] => (Allow) C:\program files (x86)\kingsoft\kingsoft antivirus\xlmodule\download\minithunderplatform.exe
FirewallRules: [UDP Query User{0C2F89CD-5F08-4E7C-8DE2-B869AA945955}C:\program files (x86)\kingsoft\kingsoft antivirus\xlmodule\download\minithunderplatform.exe] => (Allow) C:\program files (x86)\kingsoft\kingsoft antivirus\xlmodule\download\minithunderplatform.exe
FirewallRules: [TCP Query User{E28E2BED-126B-47AA-A9F0-A54D84648A2C}C:\program files (x86)\youku\tudouclient\ikuacc.exe] => (Allow) C:\program files (x86)\youku\tudouclient\ikuacc.exe
FirewallRules: [UDP Query User{4E66AE60-2073-4654-A6FC-47A57D29E429}C:\program files (x86)\youku\tudouclient\ikuacc.exe] => (Allow) C:\program files (x86)\youku\tudouclient\ikuacc.exe
FirewallRules: [TCP Query User{0438E01A-2CA5-4B77-B138-10897D584D3D}C:\users\traveltek\appdata\roaming\ytmediacenter\ikuacc.exe] => (Allow) C:\users\traveltek\appdata\roaming\ytmediacenter\ikuacc.exe
FirewallRules: [UDP Query User{3EBB89F1-61FA-4EB5-A8BB-BB81E4CF410E}C:\users\traveltek\appdata\roaming\ytmediacenter\ikuacc.exe] => (Allow) C:\users\traveltek\appdata\roaming\ytmediacenter\ikuacc.exe
FirewallRules: [{D9D0650A-74DC-4BB9-BF4A-BA98C506CA20}] => (Allow) C:\Users\Traveltek\Desktop\QQPCDownload1377.exe
FirewallRules: [{BE9C18ED-E09F-46E8-970A-68EEE7E3A588}] => (Allow) C:\Users\Traveltek\Desktop\QQPCDownload1377.exe
FirewallRules: [TCP Query User{86A90555-C762-47B8-9CC5-C787C8FC40AF}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [UDP Query User{40B6E312-D4C6-4155-8287-5156C0490B39}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [{CE2B5804-B136-48B5-9269-E23EB7645BED}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7504\SGTool.exe
FirewallRules: [{23FF0E77-0196-4C23-87B9-A79A73676421}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7504\SGTool.exe
FirewallRules: [{63E89878-0434-41C0-AB1E-608C869462FC}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7504\SGTool.exe
FirewallRules: [{2845CA70-74B8-459D-95F2-508AAB19AB40}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7504\SGTool.exe
FirewallRules: [{E8B7A427-ADB4-4482-9E44-D7B395E4ABF4}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7504\SogouCloud.exe
FirewallRules: [{A4B66C7E-A6A5-4FF4-A2B1-A55884F11F82}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7504\SogouCloud.exe
FirewallRules: [{24B1A769-DAF4-476C-AA35-C2E3C4DD9F0E}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7504\SogouCloud.exe
FirewallRules: [{17B60BC5-89B9-42F3-B482-64493F7A2794}] => (Allow) C:\Program Files (x86)\SogouInput\7.9.0.7504\SogouCloud.exe
FirewallRules: [{5814CCE7-3520-490C-81E0-FA8B589951B5}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{B9232B6F-32AE-4015-B1CE-2CC0663B6ECF}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{ADA96323-E181-4FF4-84BD-9442A80C47C3}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{1EB73870-4147-4A47-B92B-504A1E8408D1}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{FFCE0548-7BA3-4723-B862-20B0E2937B1A}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{DBC914B4-D439-4C47-A8DA-F5DFA23FEC31}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{02F9AD8E-9713-4E2D-BE40-8651C8D59105}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{95525F8E-8F56-4180-BB1A-79CDA4482E18}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{CCF3B735-83E7-4ADE-97D8-6C372801BF08}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{FF1AD262-F4CF-418C-8E4D-65A477B79FBC}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{B4829C6E-E740-43BD-9F12-2C2D7C557F8C}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{1DFFC57D-3608-4D4B-8DEA-C36EF18502B0}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{D824B0AD-2F10-43A2-B30D-E41278825F0A}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{CC9069DC-1C72-4C00-96BF-D2D5AE55AAC8}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{E28A94D9-9CCC-414C-BFB3-6497156F2F0E}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{9F0770AC-E9CF-49E1-AC18-5D0A1079F558}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{1CA01809-54BA-4670-841D-12E40E22A6E6}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{DAFB5A72-66BE-49DC-AA1F-1D6CD2BB4C96}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{D6DC181F-E5EF-4A33-8B86-04011AE912DC}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{F7600C63-4B88-4B60-96C9-3B77BB693784}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{20B9E3C2-B416-45B2-B6EF-4EDDFF734C7F}] => (Allow) C:\Program Files (x86)\iFly Info Tek\iFlyIME\2.1.1395\iFlyInput.exe
FirewallRules: [{6B8C4AB0-521E-4B66-96F5-5C1D8E40862E}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{BC0C4500-9809-494B-8280-173FA7BB2F18}] => (Allow) C:\Program Files (x86)\Tencent\QQmusic\QQMusic1253.10.45.26\QzoneMusic\QzoneMusic.exe
FirewallRules: [{D08C2131-286B-4CB4-9608-15DBBCBC9E97}] => (Allow) C:\Program Files (x86)\Tencent\QQmusic\QQMusic1253.10.45.26\QzoneMusic\QzoneMusic.exe
FirewallRules: [{CD236B73-7B71-4EE0-9297-8BC1DCA311BD}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{8FF1F712-02BC-48E5-88D4-1296BB00FB7A}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{43F2762E-97F5-4F9B-B014-81E49D4E833D}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{07281EE9-E525-4489-BD06-F47A1C61BCC9}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
FirewallRules: [{39C63CCF-14BD-4BA5-A9C7-A3AEF7AACD54}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe
FirewallRules: [{4ECD86DC-EAE6-41D8-A706-2914E868459A}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\BugReport.exe
FirewallRules: [{843A4A16-11C4-4F03-A0E3-41D7C9BA5549}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\BugReport.exe
FirewallRules: [{DB1B9D75-15DE-4637-AE60-6069C6D8CF87}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.3.7175.400\qqbrowser.exe
FirewallRules: [{B0B904C6-92FA-4379-BA1A-69F9FA81F37D}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.3.7175.400\qqbrowser.exe
FirewallRules: [{AC6CA476-C811-4B39-8D4E-AB10E8C3C9B7}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{D35716FF-18F7-48AF-96C6-237842046651}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{F25220D2-AD58-4362-B60A-8821D58CC3AE}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{F9D9FA8D-85B2-48DB-A427-4A59A3A8C66E}] => (Allow) C:\Program Files (x86)\Tencent\QQPhoneManager\QQPhoneManager.exe
FirewallRules: [{E45D36E5-160B-4D9C-AE7E-B2C872947857}] => (Allow) C:\Program Files (x86)\Tencent\QQPhoneManager\QQPhoneManager.exe
FirewallRules: [{08523407-634E-4F37-A233-28F1FA6940C5}] => (Allow) C:\Users\Traveltek\AppData\Local\liebao\5.3.100.10349\Module\thunder\download\MiniThunderPlatform.exe
FirewallRules: [{7C31FBFA-2AEC-4717-AFA2-051101DCB104}] => (Allow) C:\Users\Traveltek\AppData\Local\liebao\5.3.100.10349\Module\thunder\download\MiniThunderPlatform.exe
FirewallRules: [{F87F4046-3819-489A-9D77-A3A90DF1A9AD}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.0.1\QQMicroGameBoxService.exe
FirewallRules: [{75CF3B4F-F784-426C-922F-3B2B22149565}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.0.1\QQMicroGameBoxService.exe
FirewallRules: [{88462094-DBC9-4A72-9FEC-5A3E1BFE43B5}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.0.1\QQMicroGameBoxServiceUpdate.exe
FirewallRules: [{94BAD046-A2ED-4A41-A607-7099E8CE0C44}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.0.1\QQMicroGameBoxServiceUpdate.exe
FirewallRules: [{D9ED044C-2BA3-4CF0-9260-4AC1132EE86F}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.0.1\QQMGBWebserver.exe
FirewallRules: [{2359DF45-A2BD-4B0F-B32C-2980A014C1C3}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.0.1\QQMGBWebserver.exe
FirewallRules: [{168B0BE0-92D6-4335-ADDA-C8BF587B7370}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.7\QQMicroGameBoxService.exe
FirewallRules: [{1BA5CC79-25DB-4AF6-BA1F-B1BA4AF2845E}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.7\QQMicroGameBoxService.exe
FirewallRules: [{9877D126-7D0E-4721-859E-0C50FB6FA8E0}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.7\QQMicroGameBoxServiceUpdate.exe
FirewallRules: [{3A83AC79-8C01-4F5F-B60F-AAEF6B5D2267}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.7\QQMicroGameBoxServiceUpdate.exe
FirewallRules: [{0DD9C7B0-99CB-47FE-A659-283B644D676B}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.7\QQMGBWebserver.exe
FirewallRules: [{4ED48218-FE82-4ED3-B635-E11C44156A88}] => (Allow) C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.7\QQMGBWebserver.exe
FirewallRules: [{9DC53FB2-B3E0-4885-8B3F-E462C6DD76E4}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{2A5A17CA-AF2A-4F55-BEE4-5ED19D94F2F3}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{0895BA7D-3A46-4142-8CE3-B86021488F59}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{C34BD4F5-B5F0-4450-81B2-B90B50721277}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{5DEE43F0-A006-455A-9435-395F56A4F465}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{76B7462D-4A3F-42FF-BB8D-5A3FB47ACF63}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{7330F781-A739-4E7B-81C1-BFCA9B3B685C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{795D490A-CA3D-4469-8832-13AD68745760}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{E7D19FA0-731F-407A-AB47-0FDDB67D5A80}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{F4C5E4C6-1518-42DC-AE40-56AFEC333F9A}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{E864C26E-10B0-49C7-9644-2A3CB0543FE5}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{2A2417CF-C0D3-4234-B274-DC3306171796}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [TCP Query User{63229AE4-5B23-455F-97A6-41BD4101C2E2}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.6_42095.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.6_42095.exe
FirewallRules: [UDP Query User{C7892111-7CF3-49FA-B7E0-A70359FF8259}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.6_42095.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.6_42095.exe
FirewallRules: [{7783A3F4-4C40-45EF-B87C-B3DD7F9530CE}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.4.7658.400\qqbrowser.exe
FirewallRules: [{D4857B7B-0145-415F-B1B8-1CAA0DF2142D}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.4.7658.400\qqbrowser.exe
FirewallRules: [{80856B6D-EC4F-4BBB-8FC3-F7E0B3A380C1}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{3833E3FC-1443-47AC-B5F9-2E3A60566F14}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{B0879765-F2F7-467C-93B6-1CC62975D90A}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{D9B906B6-EE85-4A05-93F9-2748EDF3E41C}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{D136F975-254A-4EB0-8278-070D2EAED123}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{ADD01D76-8465-475D-B1AA-2A1E19A0CFCD}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{2FDC1325-A792-48D3-9846-3C6D7164A623}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{86E56600-08DF-4A36-B282-9A2AD652F0DD}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{19E3E94E-F7B8-4D11-B078-D1C5BF0D1B80}C:\users\traveltek\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe] => (Allow) C:\users\traveltek\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe
FirewallRules: [UDP Query User{096DFBCE-5164-44C0-9C3E-2F0BB3584F49}C:\users\traveltek\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe] => (Allow) C:\users\traveltek\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe
FirewallRules: [{D00CCB3A-A52A-40B0-8432-69E7EE2944B7}] => (Allow) C:\Program Files\PPStream\LStyle\QyMiniPlayer.exe
FirewallRules: [{BE79CCBC-AD09-49CD-81AB-EC77F544C292}] => (Allow) C:\Program Files\PPStream\LStyle\QyFragment.exe
FirewallRules: [{E1B65E5B-FB13-4B55-A5F0-24C0502CE627}] => (Allow) C:\Program Files\PPStream\LStyle\QyClient.exe
FirewallRules: [{26ABFEBF-6D72-46B5-892D-142DCD655756}] => (Allow) C:\Program Files\PPStream\LStyle\QyKernel.exe
FirewallRules: [{656C003B-1484-4D0B-85C0-527FABD04EEA}] => (Allow) C:\Users\Traveltek\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{18A1FF2C-F6B8-4D9B-99DC-87A2472106CF}] => (Allow) C:\Program Files\PPStream\LStyle\QyPlayer.exe
FirewallRules: [{1C6C61AA-4A8D-410D-A8C5-41BD88539AE5}] => (Allow) C:\Program Files (x86)\AliWangWang\AliIM.exe
FirewallRules: [{D0598928-CF99-4CB2-96E3-96D18771383D}] => (Allow) C:\Program Files (x86)\AliWangWang\AliIM.exe
FirewallRules: [{57F1871A-E745-46CA-ADD9-C73EDDB01B90}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{9C0589AD-8B8D-4394-85FB-CD1089238177}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{BB79BFFE-7D10-4E88-918E-E3FAE2A915DB}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{B41289E5-FD7A-4326-AAE8-0F3212DB2AD3}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\131\bugreport_xf.exe
FirewallRules: [{D2C3F057-59F9-4124-AB48-8437FDEF59D3}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe
FirewallRules: [{E6783DCA-346C-4B09-BDF1-0AE12A8ECB8B}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe
FirewallRules: [{8F83262B-6B86-4B17-B9A7-5BF6E4236064}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusicInstall\QQMusicMMInstaller.exe
FirewallRules: [{7BBC4DB0-4D8E-42E4-8B2A-8AC5AFDD80D6}] => (Allow) C:\Program Files (x86)\Tencent\QQMusicHelper\QQMusicHelper1257.12.7.37\QQMusicDownloader.exe
FirewallRules: [{3C58BC74-F5D2-4B3E-92FD-9CCC25C24932}] => (Allow) LPort=20111
FirewallRules: [{4E712838-04AD-4767-8851-771D9CEF8ABE}] => (Allow) LPort=20111
FirewallRules: [TCP Query User{E790D788-D442-4BF1-B2C1-65993F5A0493}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.7_42331.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.7_42331.exe
FirewallRules: [UDP Query User{FCD57BDD-D672-405E-B64D-44A6B949DDB8}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.7_42331.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.7_42331.exe
FirewallRules: [{8EF71274-7C38-48CC-8693-059830582590}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\sjk_daemon.exe
FirewallRules: [{F275326F-7A73-4471-B77A-0FCCD20583B6}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\sjk_daemon.exe
FirewallRules: [{689C37AA-FCC8-4B25-BE8B-D63E2C79865B}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\sjk_daemon.exe
FirewallRules: [{66B7DEF1-D8DF-46D7-84DC-31661A36BE7D}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\sjk_daemon.exe
FirewallRules: [{FE8B05F8-B04E-4ABF-913D-46609D668537}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\shoujizhushou.exe
FirewallRules: [{972054D9-9FCF-46B6-8090-8C022FBD1793}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\shoujizhushou.exe
FirewallRules: [{432880E1-63DF-4247-879D-EBB2AE5281CA}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\shoujizhushou.exe
FirewallRules: [{00C08271-5C56-43C1-B8B8-EC4FD78906CC}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\shoujizhushou.exe
FirewallRules: [{6373DBDA-A254-4F41-BBE0-1639D9ACA0E2}] => (Allow) C:\Users\Traveltek\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{423016B0-113A-4CEE-A6D7-5C5DE9177F56}] => (Allow) C:\Users\Traveltek\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe
FirewallRules: [{4D1DE791-72B7-4C3D-9E02-3194FA9ADA45}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.3.7510.400\qqbrowser.exe
FirewallRules: [{D055A71D-7C81-4319-B242-3173DDEDAAFD}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.3.7510.400\qqbrowser.exe
FirewallRules: [{07E13BA2-E083-4866-81BB-221089EED08B}] => (Allow) C:\Users\Traveltek\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe
FirewallRules: [{2EF5FAE7-7A43-4AD4-9A4E-600B216B0C70}] => (Allow) C:\Users\Traveltek\AppData\Roaming\baidu\BaiduYunGuanjia\BaiduYunGuanjia.exe
FirewallRules: [{FC1300D5-7292-421A-8D28-B0E4EC0568BE}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe
FirewallRules: [{5894E126-C9F8-49B5-8EEE-1C16C588E8E3}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe
FirewallRules: [{9351239E-8AB8-4DA4-B4DC-52CB3B3647A1}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.8\StatReport.exe
FirewallRules: [{070F4CF7-6B4B-4FFB-8566-EF7BB97CB50D}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.8\StatReport.exe
FirewallRules: [{2B9DAEF8-E037-4653-A636-5B6562F7DFB9}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.8\BaiduPlayer.exe
FirewallRules: [{84C57A0B-761E-4AB7-82F3-629EE4D39E6C}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.8\BaiduPlayer.exe
FirewallRules: [{8647482C-B5A5-4AD5-9DFC-93395907FE4D}] => (Allow) C:\Users\Traveltek\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{384218D1-CB4B-4B5A-9EE4-E22F6AE9156F}] => (Allow) C:\ProgramData\Baidu\BaiduPlayer\bdupdate4.1.6.8.exe
FirewallRules: [{2D44383F-43F8-4C33-9CFE-DCE4E1DCA69E}] => (Allow) C:\ProgramData\Baidu\BaiduPlayer\bdupdate4.1.6.8.exe
FirewallRules: [{5DE6E615-30DA-430D-A092-E3C856AC8A3C}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{2FC8791F-9520-4AD7-BBFE-C7495BF2D1F2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.8\BaiduSetupAx_0.exe
FirewallRules: [{244D2AAB-71A6-49AE-85BD-CCA4118FFB9C}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.8\BaiduSetupAx_0.exe
FirewallRules: [{DA0249BD-09CA-4458-AEE9-EB737DC2D967}] => (Allow) C:\Users\Traveltek\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{B8C5F106-A7F3-4DD2-B2D9-17F1AB470176}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{F08362CA-88BA-4257-AA73-A0EC9C4FF359}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{8F91EEDA-BAFB-4A20-9981-945DF3613AFD}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{DBC783A1-B6A8-4069-9D68-B0E72D731580}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{DA47B85C-8026-4972-A79C-571BBB6CE81C}] => (Allow) C:\Users\Traveltek\AppData\Local\Temp\BaiduPlayerContentUI.exe
FirewallRules: [{E5A5FA4F-2DB8-487E-BAC3-893B707A0D5B}] => (Allow) C:\Users\Traveltek\AppData\Local\Temp\BaiduPlayerContentUI.exe
FirewallRules: [{CB6602CB-AE5D-43F2-AD4A-A393CC392383}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.45\StatReport.exe
FirewallRules: [{37D5A43B-D9CB-4AD2-8769-6C42846FDA06}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.45\StatReport.exe
FirewallRules: [{3A80DDCE-8691-422C-AAA2-C2FA1398BC88}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.45\BaiduPlayer.exe
FirewallRules: [{BE9B1795-0DC5-48CC-AE2E-71AD2F25A698}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.45\BaiduPlayer.exe
FirewallRules: [{A92F07C7-E6CD-4BFA-9894-1D3D53F24FA2}] => (Allow) C:\ProgramData\Baidu\BaiduPlayer\bdupdate4.1.6.45.exe
FirewallRules: [{CDD5F316-0475-4AF8-9ECC-9C2434FCAB1A}] => (Allow) C:\ProgramData\Baidu\BaiduPlayer\bdupdate4.1.6.45.exe
FirewallRules: [{805EA920-444B-4F74-BAAB-3FEB19E9E6C3}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.45\BaiduSetupAx_0.exe
FirewallRules: [{39D54FD5-56A8-42BE-820C-E3EAF1B5ECBE}] => (Allow) C:\Program Files (x86)\Baidu\BaiduPlayer\4.1.6.45\BaiduSetupAx_0.exe
FirewallRules: [{DAF0711A-8607-44A8-BA03-5401C509355D}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{41F59193-08E2-4D8C-822F-E2C9E23C2505}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{D22D816D-368D-4EC7-B12B-D4F07892D8E8}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{9144813D-5F98-476C-B57A-1D81B68482ED}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{92301EB2-CDC4-4FDA-9429-29271399897E}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{92C1617E-52A4-4835-A482-38D38503C9D8}] => (Allow) C:\Program Files (x86)\kingsoft\shoujizhushou\kphonetray.exe
FirewallRules: [{B6AD61B3-94F3-4DED-81CD-F88F9FDC6CA8}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.4.8142.400\qqbrowser.exe
FirewallRules: [{31ABF556-30F7-485B-888E-B6FEF920E5E1}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.4.8142.400\qqbrowser.exe
FirewallRules: [{D7E79695-C0E1-4FD5-B7BE-B66654D2FE8C}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\2.3.25.2401\GeePlayer.exe
FirewallRules: [{6A53477D-6329-48E3-B526-B38EB35E568B}] => (Allow) C:\Users\Traveltek\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exe
FirewallRules: [{00CEC297-733C-49AD-AF24-0464E541A6E5}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{4198915B-A314-4111-8A3D-A43AEC406694}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{300C10F3-EC1F-4065-BAD7-DBD567126019}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{367493C4-A2C0-48E1-9360-B13C2C235404}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{B7AC3D26-E5B0-447F-8E7E-E16D6AE22577}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.4.8309.400\qqbrowser.exe
FirewallRules: [{8AB8F5CE-D010-4A88-8896-CF8C286E11F7}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.4.8309.400\qqbrowser.exe
FirewallRules: [{63745CFB-3AB3-4E88-8761-263797276E57}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.4.8699.400\qqbrowser.exe
FirewallRules: [{6024F3D3-FFA6-462C-912D-872BCFC4C89B}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.4.8699.400\qqbrowser.exe
FirewallRules: [{B4BFA7F0-503C-4000-A51B-AAD00C29C42A}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{30995DB6-F403-4C33-8458-1111A21F9FBC}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{005B6AEA-09D4-4883-89B7-D8C9BFDA3464}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{AEC77074-4C3F-4456-BE08-1307980CC526}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{C3F02C71-8245-42B5-9632-47FB9A3F4CB5}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{52F785F0-2B8B-445A-A33F-60C9ECD7B0F7}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{319E8054-282F-4274-A808-D9BBEC46F3AA}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{1B85CD50-A5FF-4989-B6BB-8A5E659E4610}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{479206BC-3151-4357-A476-916C5BDBB441}] => (Allow) C:\Users\Traveltek\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5D7B0165-E732-4771-9DE1-7912B272CDE4}] => (Allow) C:\Users\Traveltek\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{07FC51F7-9A71-4617-85B5-7C10D670287C}] => (Allow) C:\Users\Traveltek\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B1C0244C-C95D-47F6-8358-DF408E50CF9A}] => (Allow) C:\Users\Traveltek\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{695CDF5B-1B4B-4B38-A623-E8061E11A401}] => (Allow) C:\Users\Traveltek\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E3D16C4C-691C-4CC5-A86C-5AFD2215D631}] => (Allow) C:\Users\Traveltek\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0A11C541-01F9-42A6-A288-CD256F320C42}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe
FirewallRules: [{62C1EEC0-E541-41AE-BD5B-27FE516EA9AD}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe
FirewallRules: [{2E89E8CF-C200-436E-BE28-85B5D466525C}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{80C247EF-B9A8-47C0-A736-79ABF34FD82F}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{5AE08D97-40DB-4F12-A773-B47B9EFA6532}] => (Allow) C:\Users\Traveltek\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{2C2A3FD3-93AA-4CAF-A8ED-A7CE519EA510}] => (Allow) C:\Users\Traveltek\AppData\Local\liebao\5.3.108.11949\Module\thunder\download\MiniThunderPlatform.exe
FirewallRules: [{47B4C65F-CD2D-4402-A20E-9E1AE56738FC}] => (Allow) C:\Users\Traveltek\AppData\Local\liebao\5.3.108.11949\Module\thunder\download\MiniThunderPlatform.exe
FirewallRules: [TCP Query User{B44DFA73-ABE5-47F9-9FE6-F0D4D4907042}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.8_42577.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.8_42577.exe
FirewallRules: [UDP Query User{E04C20D6-FE3A-4D1C-BC80-B3D718AB2AF6}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.8_42577.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.8_42577.exe
FirewallRules: [{FD869999-C9AE-4A02-A282-BFCE1CD051A6}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.4.9095.400\qqbrowser.exe
FirewallRules: [{D696C2EE-F696-4D8A-9BB6-3970C5E89FF6}] => (Allow) C:\Program Files (x86)\Tencent\QQBrowser\9.4.9095.400\qqbrowser.exe
FirewallRules: [{713A294F-8847-46AE-8C69-3E03185663C4}] => (Allow) C:\Users\Traveltek\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exe
FirewallRules: [{C08FF263-1722-450F-B4D0-56C6D46010E4}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\2.3.28.2725\GeePlayer.exe
FirewallRules: [{8F6B006C-969B-43D7-ACFD-0C128ADAFC0E}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe
FirewallRules: [TCP Query User{1C8FD836-1061-4CF1-B3E6-5D1E58477FFC}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42607.exe] => (Block) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42607.exe
FirewallRules: [UDP Query User{3C2CCCB7-9B62-4C41-AB4B-1207897838AB}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42607.exe] => (Block) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42607.exe
FirewallRules: [TCP Query User{579BA9AB-A861-4B70-8AE1-F897B4041A26}C:\program files (x86)\tencent\qqbrowser\9.4.9095.400\qqbrowser.exe] => (Allow) C:\program files (x86)\tencent\qqbrowser\9.4.9095.400\qqbrowser.exe
FirewallRules: [UDP Query User{F7795FAA-2775-4706-91BB-75063E974804}C:\program files (x86)\tencent\qqbrowser\9.4.9095.400\qqbrowser.exe] => (Allow) C:\program files (x86)\tencent\qqbrowser\9.4.9095.400\qqbrowser.exe
FirewallRules: [TCP Query User{80DD5743-3442-4061-B5A4-BD753B9B196D}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42607.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42607.exe
FirewallRules: [UDP Query User{1BDCCDC4-4095-4225-8BFD-A73924B928F4}C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42607.exe] => (Allow) C:\users\traveltek\appdata\roaming\bittorrent\updates\7.9.9_42607.exe
FirewallRules: [{38E3BAD5-B5EF-45D8-AB45-66F6D1F8DDF3}] => (Allow) C:\Program Files (x86)\Tencent\WeChat\WeChat.exe
FirewallRules: [{A215DE3C-6522-46ED-9B84-247D7DF7CE56}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCTray.exe
FirewallRules: [{807B9145-9DFC-4A81-86E3-97F5FF76ADDE}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCMgr.exe
FirewallRules: [{ED29AEDD-FF97-4BEB-9F72-C98B94365269}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCRTP.exe
FirewallRules: [{2206F57E-DDB3-43E6-BCC2-8979E0DFEE5D}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMDL.exe
FirewallRules: [{DDBD32AE-A576-410E-BD75-4D85D7E9A0FC}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\bugreport.exe
FirewallRules: [{86AAB615-EC97-4960-BB19-9A65F19307AB}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCFileOpen.exe
FirewallRules: [{991A5F16-1558-4CF1-9F8B-1D4C97264475}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCLeakScan.exe
FirewallRules: [{4EEBF24A-044C-4A33-A420-CBE7D0DB9F8F}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPConfig.exe
FirewallRules: [{06A07365-90F3-49CA-8888-9B5739A17522}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCSoftMgr.exe
FirewallRules: [{9E1E550E-13F6-4B59-944B-FB5AA23CB275}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{89970A68-12B4-4E8D-AD86-3FD118613FBD}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCBTU.exe
FirewallRules: [{F1D0C8AC-CADB-4FAB-97CC-DB5402C6335D}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCClinic.exe
FirewallRules: [{023CDAFE-9163-43EA-9AB9-CFAD7A4B6481}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCLaunch.exe
FirewallRules: [{5645C43B-F77A-44E2-B058-B056D955F83F}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{74CF51B4-0FBD-40E0-B786-9B4F37A23E50}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCSoftGame.exe
FirewallRules: [{BB142D45-8CE7-4259-A13F-E56AE668F5D2}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCSysOptimize.exe
FirewallRules: [{720DB963-FF18-4259-9C17-BAA5A40FFC04}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCUpdateAVLib.exe
FirewallRules: [{9F32B128-617C-4649-9B51-A78F506BEFE7}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQRepair.exe
FirewallRules: [{E397FAB6-65AF-48AE-BBB0-D37DF4ACA506}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\Uninst.exe
FirewallRules: [{DA0B105C-A71E-449C-A6AE-E3015F95D040}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QQPCPatch.exe
FirewallRules: [{FA89745A-A759-41DE-968B-D156AC56C953}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\TpkUpdate.exe
FirewallRules: [{9D4697B0-82B7-4420-A83B-A1CFD5FA53C2}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMAccountProtection.exe
FirewallRules: [{A6F228FD-8283-4345-97E2-86746BFBF37A}] => (Allow) C:\Program Files\Tencent\QQPCMgr\12.9.19160.223\QMAdBlock.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Meitu\TaoTao\TaoTao.exe] => Enabled:TaoTao
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Meitu\KanKan\KanKan.exe] => Enabled:KanKan
 
==================== Restore Points =========================
 
24-10-2017 12:18:06 Scheduled Checkpoint
02-11-2017 17:57:21 Scheduled Checkpoint
11-11-2017 15:23:06 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/13/2017 01:10:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TRAVELTEK)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/12/2017 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (11/11/2017 09:59:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TRAVELTEK)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/10/2017 01:01:50 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F174E6600}' could not be installed. Error code 1646. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/10/2017 01:01:50 PM) (Source: MsiInstaller) (EventID: 1021) (User: NT AUTHORITY)
Description: Product: Adobe Acrobat Reader DC - Update 'Adobe Acrobat Reader DC
 (15.009.20079)' could not be removed. Error code 1646. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/10/2017 01:01:41 PM) (Source: MsiInstaller) (EventID: 1024) (User: TRAVELTEK)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F174E6600}' could not be installed. Error code 1646. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/10/2017 01:01:41 PM) (Source: MsiInstaller) (EventID: 1021) (User: TRAVELTEK)
Description: Product: Adobe Acrobat Reader DC - Update 'Adobe Acrobat Reader DC
 (15.009.20079)' could not be removed. Error code 1646. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/06/2017 07:25:20 PM) (Source: ESENT) (EventID: 104) (User: )
Description: qmgr.dll (5328) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090).
 
 
 
Internal Timing Sequence: 
[1] 0.000006 +J(0)
[2] 0.000032 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000002 +J(0)
[4] 0.000008 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[5] 0.0 +J(0)
[6] 0.020031 +J(0) +M(C:0K, Fs:4, WS:-64K # 0K, PF:-80K # 0K, P:-80K)
[7] -
[8] 0.000034 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
[9] 0.024570 +J(0) +M(C:0K, Fs:12, WS:16K # 0K, PF:-44K # 0K, P:-44K)
[10] -
[11] 0.000011 +J(0) +M(C:0K, Fs:2, WS:8K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000052 +J(0) +M(C:0K, Fs:18, WS:68K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.000582 +J(0) +M(C:0K, Fs:1, WS:0K # 0K, PF:-8K # 0K, P:-8K)
[15] 0.000015 +J(0) +M(C:0K, Fs:0, WS:-12K # 0K, PF:-32K # 0K, P:-32K)
[16] 0.000003 +J(0).
 
Error: (11/06/2017 07:25:19 PM) (Source: ESENT) (EventID: 471) (User: )
Description: qmgr.dll (5328) QmgrDatabaseInstance: Unable to rollback operation #2545 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected.
 
Error: (11/06/2017 07:25:19 PM) (Source: ESENT) (EventID: 492) (User: )
Description: qmgr.dll (5328) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.
 
 
System errors:
=============
Error: (11/13/2017 11:53:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (11/13/2017 11:53:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (11/13/2017 11:50:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (11/13/2017 11:50:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (11/13/2017 11:50:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (11/13/2017 11:20:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (11/13/2017 11:20:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Antivirus Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (11/13/2017 11:16:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQPCMgr RTP Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (11/13/2017 11:16:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQPCMgr RTP Service service failed to start due to the following error: 
The requested resource is in use.
 
Error: (11/13/2017 11:16:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QQPCMgr RTP Service service failed to start due to the following error: 
The requested resource is in use.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 8092.22 MB
Available physical RAM: 4848.57 MB
Total Virtual: 28964.18 MB
Available Virtual: 23447.76 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:911.62 GB) (Free:193.67 GB) NTFS
Drive d: (HP DJ1110) (CDROM) (Total:0.42 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 341829C1)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 AM

Posted 14 November 2017 - 11:41 AM

Hi lucyq :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 lucyq

lucyq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 14 November 2017 - 12:16 PM

Hi Aura
 
Thank you very much for your reply.  I just downloaded the instructions and
software you suggested but I am not going to be at my computer until later
tonight.  I will then follow the instruction and then report back to you.
 
Again, I thank you for your assistance.
 
Regards


#4 lucyq

lucyq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 15 November 2017 - 09:10 PM

Hi Aura

I was able to follow the step in the link you sent and started Malwarebytes with no problem; however when I hit "SCAN"and the software started to scan, it never finish.  It stayed  for over an hour with the blue turning circle, it said

Scan Progress:

...a672\Local

Malware 3344

Infected: C: \Users\Traveltek\AppData\Local\IIsoft\winv...

Warning: Malware found!

 

So I stopped it and posting the result here for you.  I do have a screenshot but do not know how to attach it here on the post.

 

Thank you.

 

Regards



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 AM

Posted 15 November 2017 - 09:13 PM

The MBAR scan can take a while to complete. My suggestion is to leave it overnight and see if it's done in the morning.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 lucyq

lucyq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 15 November 2017 - 09:25 PM

Noted with thanks.  I guess I was too impatient.  I will try again tonight.  Thanks.



#7 lucyq

lucyq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 16 November 2017 - 05:25 PM

So I tried a total of 4 times.
1st time - like I reported before, it stopped at the blue circle.
2nd time - started the same way as the first time, then computer shut off and restart while I was not in front of it.
3rd time - started the same way as the first time, stopped at blue circle again, this time only at Malware count 165
4th time - I just realized there is an update step before the scan,which I followed wveey time automatically without thinking.  So this time I did not do the update.  Everything is the same and mbae stopped again ar Malware count just ovee 6000.
 
So I only have the system log text n the mbar folder, but I gave tried 10 times and I just can not paste it here.  What to do?


#8 lucyq

lucyq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 16 November 2017 - 05:28 PM

Everytime I tried to paste the system log text, this post will freeze.  Thats why I cannot paste it.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 AM

Posted 16 November 2017 - 08:04 PM

You can attach the log here instead, if it won't copy/paste.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 lucyq

lucyq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 17 November 2017 - 02:24 AM

The file is 20mb that's why it would not copy/paste, nor could I attach it here.



#11 lucyq

lucyq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 17 November 2017 - 02:26 AM

can I send it by email to you direct?



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 AM

Posted 17 November 2017 - 07:59 AM

You can upload it to SendSpace.com and post the download link for it here.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 lucyq

lucyq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 17 November 2017 - 01:52 PM

https://www.sendspace.com/file/bxxebm



#14 lucyq

lucyq
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 17 November 2017 - 01:53 PM

please see above for the systemlog text file location. Thank you!



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 AM

Posted 17 November 2017 - 03:32 PM

Alright. Run a new scan with MBAR but this time, before starting it, uncheck Sectors and System and leave only Drivers checked. The scan should complete way faster.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users